[CTSARA] eMail Hack Prevention
Andrew Siegel
andrew at siegel.org
Mon Aug 27 11:24:22 EDT 2012
I'd like to make a plug for Google Gmail 2-step verification. If you
use Gmail, you can set up your account so that, when you log in from a
new computer, you are prompted to enter a 6-digit code that is sent
to your cell phone. This means that, in order to break into your
Gmail account, a bad guy would have to have your username, your
password, and your cell phone. I use this.
On Mon, Aug 27, 2012 at 10:37 AM, Jon Perelstein
<jon.perelstein at gmail.com> wrote:
> As a reminder (I know this has been discussed on this reflector before),
> there are a couple of different things you need to do to guard your email
> accounts against hacking (i.e., to prevent bad guys from getting the
> password to your email accounts)
>
> 1. The single biggest cause of email account hacking is using the same
> password for your email account as you do for other online accounts --
> because if someone hacks the other online account, it means that they now
> have the password to your email account. For example, when Zappos (online
> shoe store) was hacked a few months ago, the hackers got the email
> addresses and Zappos passwords for about 24 million people. An estimated
> 10% (2.4 million people) had the same password for their Zappos account as
> they did for their email account, which means that when the hackers tried
> the Zappos passwords with the email addresses, it gave them access to 2.4
> million email accounts. Yes, hackers do run those tests because getting
> those email account passwords is one of their primary goals in hacking
> something like Zappos. Any credit card info they get is just gravy
> compared to the email account access.
>
> 2. Leaving yourself signed in at a public computer. You go to the library
> or someplace with a public computer (e.g., Stamford Govt Center) and forget
> to log out after checking your email. You walk away and the rest is
> history.
>
> 3. Using a public computer to access your email or other online accounts.
> You have no idea what kind of keystroke loggers have been installed on
> those public computers. If you do use a public computer to access an
> online account, immediately change the password(s) for that (those) online
> account(s) when you get home.
>
> 4. Malware (viruses, etc). Yes, this is only the 4th most common way that
> people get access to your accounts, even though it's the one that everyone
> worries about. Have a good anti-virus and a good firewall on your
> computers. There are all sorts of good ones out there, including Windows
> Firewall and Microsoft Security Essentials (I'm neither recommending nor
> not recommending those in particular, I'm just noting that for once
> Mickeysoft seems to have done something right). The anti-virus and
> firewalls that are NOT good are those things that pop up when you go to a
> website and offer you a free scan. Usually those are in fact viruses and
> by running the free scan you've just put a virus on your computer. For
> those of you in the Linux and Apple world -- no, you are not protected
> simply because you are running Linux or Apple. It's just that malware
> writers were writing for the environment that had the most users
> (Mickeysoft). Now that Linux and Apple are becoming more popular, the
> malware writers are writing for Linux and Apple also. Oh, and change your
> passwords regularly (at least monthly).
>
> 73s
> Jon, WB2RYV
More information about the CTSARA
mailing list