Make sure your online accounts are not compromised.
Posted on 10/08/2009 4:21:31 AM PDT by myknowledge
An internet security expert is calling for better security on web-based email accounts after a recent surge in hack attacks.
Hotmail, Google and Yahoo! have joined a growing number of email service providers whose users have been duped by hackers into giving over their passwords in phishing attacks.
Phishing involves using fake websites to lure people into betraying personal details such as bank accounts or login names and other private data.
Dr Mark Gregory, a senior lecturer in network engineering at RMIT, says internet security must improve as it is too easy for criminals to set up fake sites to use in such attacks.
"Most of the means of security we're using at the moment can easily be broken by hackers," he said.
"There's no reason organisations can't be offering second-level security devices if they are serious about protecting their customers' privacy.
"It's up to the users of the system to demand better security. It's an important thing."
Dr Gregory believes second-level security devices, like tokens, are the best way to drastically improve email account security.
Tokens, used by some banks for internet banking, are devices that generate a one-time random number which is used as a temporary password.
"If the banks are providing, some other service providers should make it available. Why aren't they making it available?" Dr Gregory said.
He also says putting greater emphasis on security in the digital network would also help to solve the growing problem.
Two-way street
But Dr Gregory says it is important people recognise they also have a responsibility to keep their personal information safe.
"You wouldn't stand in the middle of a supermarket with a sign with all your personal details on it, would you? So you shouldn't do that on a social network website," he said.
"At some point there has to be a balance of security - the responsibility of those organising the service and the responsibility of the people using the service not to do things that are untoward."
He says people get too sloppy with internet security and must remember the importance of unique passwords.
A researcher analysed the more than 10,000 passwords gained in the Hotmail attack earlier this week.
Acunetix's Bogdan Calin found that "123456" was the most commonly used password, appearing 64 times.
"A password should be alphanumeric with capital letters and lower case letters and a mix of numbers and at least 10 characters," Dr Gregory said.
He says people must also keep an eye on the address bar when entering personal information into a website.
"It's very important that we actually make sure that the URL is the correct website we're going to," he said.
"These phishing sites will often have an incorrect URL."
Moreover, he says people must keep up with changing security needs in the internet era.
"It's the nature of the technology that we're using," he said.
"The internet makes a criminal in one country have access to people all over the world. The internet's provided a way for global crime to occur."
Make sure your online accounts are not compromised.
I got a message from Yahoo wanting my password. My response was - how do I know you are really Yahoo? I never heard another word.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.