Tuesday 21 June 2011

The insecure digital world

Lulzsec. Now there is a name we've all come to know and partially fear lately.
I'll talk about why we really should fear them and their "Bro's" in the hacking community, and why we shouldn't. We should fear them because they are making a mockery of the IT security infrastructure of many companies that should know better, simple exploits their lulzcannon can infiltrate. If these guys , who by the way do not claim to be uberhackers, can get in imagine where and what the uberhackers have got into. This notion should distil fear into your very soul. or not. I added that bit in about your soul to make it sound more dramatic.

I keep up to date with their latest shenanigans so I can do a quick search to see if my email / name appears anywhere in the lists, fortunately I've not been in any released info yet *phew*

Doing this will allow me to go and change my details if they are listed, hopefully before anyone else can get into the account. We've all heard the bragging lulzsec's peons aka leeches have been doing, for example sending condoms to an old lady, screwing with relationships on Facebook etc This is why we should fear them, because they are reckless in what they release.

Now I come to why we shouldn't fear them. First and foremost, we need to make sure we do as much as possible to secure on-line presence. It's not Twitter or Facebooks fault if we've used an easy to guess password, is it? It's not their fault if we've used the same passwords across multiple sites, is it? Use strong passwords!

Make sure your PC or Mac is fully patched. Use a secure browser, (IE9 and Chrome are the two most secure browsers around right now as of this writing) and disable or remove any add-ons you do not need, these increase the surface area for an attack
Do you really need Java? Probably not! Get rid of it until you find that you do need it, Java has bugs. Lots of bugs. As the adage goes 'Prevention is better than cure'. We need to make sure we're not an easy target for these guys so change your passwords regularly and for the love of your favourite deity do not use the same password on different sites, if one site gets hacked that about as good as them all getting hacked then.

Enable the features some websites give, Facebook recently gave us a feature that asks for the name of the computer you are logging in from and if you want to save it as a known system. I've enabled that and I'm glad I have, as soon as someone logs in from a system that Facebook is not familiar with I'll get an email within seconds notifying me, allowing me to go in and hopefully mitigate the amount of damage caused.

When I first heard about that 19year old lulzsec mastermind super hacker kid getting nabbed last night by the feds, I thought it was too good to be true. But the Twitter account was silent. For quite a while and I was beginning to believe it was true. I thought they had actually got Lulzsec. Then suddenly 'tweet tweet' the account was active again.

Moral of the story is to keep yourself protected, don't rely on anyone or any website's security.

No comments:

Post a Comment