LinkedIn Passwords Hacked

How has this happened & how does it affect me?
Well, it has happened because somebody hacked the LinkedIn network and accessed details to over 6 million users details. LinkedIn has over 150million users, so the vast majority of users are unaffected. Those affected have been contacted by LinkedIn and asked to create a different password.

This will surely harm LinkedIn's reputation and concern the operators of social networking sites, such as Facebook across the world. With so many people using social networking and also sharing personal information on the social networking sites, how can this type of attack be protected against?

It can be difficult to protect against these types of attacks because as technology advances, so does the hackers ways of getting around the new advance. Every security measure needs to be relatively practical also. Most online banking already has password login and a device that generates a specific number before you can gain access to your account, but it is really not feasible to carry one of these around for every application you have to login for and most people wouldn't do it.

So the first step is for users not to use the same password for every site or login required. For example don't have the same password for Facebook as your online banking login. If you find yourself in a LinkedIn type of password breach in the future, then all your password and login details would be compromised.

Secondly, change you passwords often, maybe once a month for each account. Keep your passwords offline. Don't create a notepad list of all your passwords, or store them anywhere on you PC or laptop, this will enable hackers a free access to all your accounts by breaching your security. If you need to keep a list, have a simple pen and paper list. Just make sure you don't write you banking passwords down, similar to the way that you should memorise your card pin number and not write it down.

Don't fall victim to phishing scams. Predictably bogus emails have been sent to LinkedIn users claiming to be from their bank or credit card company asking for them to reset their password. If in doubt call your bank (not on a number given in the email) and double check what you need to do. Never give ANYONE your password details or email it to anyone who contacts you.

For all the latest news for host for a website go here. http://hostforawebsite.com/

View the original article here

Twitter Passwords And Logins Exposed And How Future Breaches Can Be Prevented

It was announced recently that Twitter was hacked, and over fifty-five thousand Twitter usernames and passwords were leaked and posted publicly on the web for anyone to ascertain. Information from users appeared on Pastebin, a service utilized by hackers to brag about their achievements, however the social network acknowledged that several of those profiles were spam bots and duplicates. If you're on Twitter, currently, it would be a sensible time to log-in and alter your password.

Twitter spokesman Robert Weeks explained, "We are currently looking into the situation. In the meantime, we have pushed out password resets to accounts that may have been affected." Twitter is investigating the security breach to seek out the source of the attack. Twitter is giving little weight to the incident stating that the accounts and passwords includes some twenty thousand duplicates, spam accounts that are suspended, and login credentials that don't be associated with one another (passwords and logins don't match).

The social network claims to possess over a hundred and forty million active users that the security breach would have affected regarding.02% of its user base. Still, this is a reality check for Twitter as a result of the security breach might have been far more widespread and will have tarnished the company's name. The question that Twitter should be asking themselves who would have leaked the confidential account info and why? The Pastebin poster still remains anonymous and no group is stepping forward to take credit for the attack, however that has yet to be concluded.

In 2009, Twitter was compromised twice and hackers had complete management over the social network. Two years ago, Twitter came to a settlement with the Federal Trade Commission (FTC) over the hacking due to client privacy and data being in danger. A part of the FTC settlement includes twice a year security audits, regular data security audits for ten years, avoiding creating any misleading statements regarding the effectiveness of their security or privacy practices for twenty years, and a passionate person for security to be on payroll at twitter to be in charge of and coordinate its data security and privacy issues. The FTC settlement details are often seen at http://www.ftc.gov/opa/2011/03/twitter.shtm. The group of social networks agreed to place "reasonable safeguards" to mitigate any data security risks it identifies and to store date securely.

Although Twitter had added the majority of the required security enhancements by the time the FTC settlement was announced in two years ago, they might have done a lot more to stop the present attack and future attacks. Even with employees dedicated to boost security and be in control of data security, they still got compromised. If the employees at the social website were to include new technology like 2 factor authentication, the security breach may not have occurred. For example, two-factor authentication employing a mobile device might have protected their users and therefore the website from being accessed by authenticating users via their mobile devices when logging in. This is technology that Google currently embraces and what several major banks use to authenticate their users logging in to their services. It's an efficient and value effective way to implement an out-of-band authentication technique whereas employing a device that almost all users invariably possess and own a mobile phone.

To implement two-factor authentication, Twitter would simply need users to opt-in to using their mobile phone as a security device and comply with receiving a one-time password (OTP) through SMS on their mobile devices. When a user logins their credentials on Twitter, an OTP is distributed through an out-of-band network (their mobile carrier) and enters the password onto the location that authenticates them. It's economical and effective by authenticating their users as a result of most of the general public have mobile phones on them in the least times, and it needs no further hardware or tokens to deploy on Twitter's finish. Two-factor authentication is a actually effective layered security answer that Twitter ought to be using to safeguard their users and perhaps this current attack can get them to rethink their security measures in place. The FTC has extended the social network's security once which wasn't enough, however perhaps if they implement a two-factor authentication solution they be less vulnerable to additional security breaches.

David is an information security specialist who believes remote access security is gained through strong authentication. That is why he provides info to healthcare professionals about two factor authentication and one time password.

View the original article here

5 Ways Strong Passwords Still Fail to Prevent Unauthorized Access

Although online safety through the use of strong passwords sounds like a viable safety measure for most sites and logins, strong passwords are still susceptible to hackers, malware, and phishing attacks. As more and more data breaches are reported, such as the recent incident of VeriSign being hacked, online users are constantly urged to change their login credentials. Many users and some so called internet security experts still rely on strong passwords to protect the online privacy and security of their information. As secure as they seem now, passwords continue to fail to protect against unauthorized access every day as more users rely on it.

Strong passwords can consist of a combination of letters, numbers and symbols. The higher number of characters in a password, the stronger the password is considered to be. These passwords are secure forms of protecting data, however internet technology is changing rapidly and security needs to also change and be more secure. Security such as out-of-band authentication can be used to add an additional layer of security to protect users and information stored online.

There are five things to consider when utilizing a strong password instead of a more secure solution such as out-of-band authentication.

Strong Passwords Are Still Susceptible to Data Breaches and Password Hashes
Some websites and organizations will sometimes store a password hash which is an encrypted format of a user's password. This means that even though you are utilizing a strong password it may be stored in an unsecure database somewhere. This was the case for one of the larger data breaches involving an E-commerce company where customer's emails and password hashes were stolen.

Strong Passwords Can Be Stored Passwords
Although they seem secure, there is always the chance for human error. Storing strong passwords in your web browser not only allows unauthorized access from within your browser, but leaves your password susceptible to hacking. By utilizing a simple root kit, anyone including non experienced hackers can access your data stored within your browser. All it takes is some perseverance and some reverse engineering and anyone could crack your strong password even under encryption.

Key Logging Software and Other Malware can Capture Strong Passwords
You may not store passwords in your browser, but just the very action of using one allows key logging software to siphon that data. Beyond key loggers there is plenty of malware out there which would steal your information through the same manner, possibly through allowing a hacker remote access into your system. Strong passwords may be recorded in a malware program and sent through the internet to a hacker's data base for your password to be used at a later time.

Social Engineering of Security Questions
Almost every time you sign up for an account you are required to state security questions which could be used to authenticate your identity later. These very "security" questions could be the downfall to cracking your super secret strong password which consists of 22 characters mixed between letters, numbers and symbols. By using social engineering and a bit of creativity, a savvy crook could figure out your security questions and gain unauthorized access. More and more users are seeing their passwords stolen through the use of these "challenge questions" that aren't always hard to guess if a hacker has some of your personal information.

Strong Passwords are Hard to Remember and User's Often Store Them in Places Easy to Access
Possibly the biggest part of failure in strong passwords is that they are much harder to remember than passwords that consist of only words or numbers. Imagine your login credentials always consisted of the passphrase flower1 but recently you have upgraded your password to make it stronger and to something more secure such as 5trG12oO. How are you ever going to remember such an outrageous password? It could be such a strong password that it actually prevents you from accessing your own account. Because strong passwords use more characters and symbols, most people write down their new secure pass code and leave it near their computer or stored on their computer. This is the most unsecure form of securing your account. An unauthorized user can simply find your password on or next to your computer and login to your accounts.

Now that we've reviewed the 5 pitfalls of strong passwords, it is plain to see that a more secure method is needed. A very secure and cost effective approach to securing against data breach or unauthorized access is through out-of-band authentication. This secures access to user accounts by transmitting a one-time password to the user through a separate network than the one where access is requested. By utilizing an out-of-band network such as a separate network to send an SMS text message, key logging and other malware is prevented from accessing your one-time password. Also, costs are kept low because almost everyone already owns and uses a mobile phone daily which doesn't require deployment of additional devices for users to carry.

As more incidents occur of strong passwords failing to protect against data breach and identity theft, users and organizations will look for a more secure solution. Out-of-band authentication is a strong form of authentication and will be adopted by many organizations and users in the future when it comes to protecting against unauthorized access. Out of band authentication is easy to implement, easy to use, cost efficient, and its effective in combat fraud.

Adam is a network security professional who believes out-of-band authentication is the most secure form of two factor authentication utilizing a one-time password. He writes to inform businesses about upcoming changes to government regulatory compliance and remote access security.

View the original article here