Heartbleed Virus

[C-2]

I follow umpteen security blogs and I am also studying computer security...the good news is, few researchers seem worried about it. In fact, one trusted source put up a great analogy:

After all, if you swiped your credit card in a payment machine that you later felt uneasy about, you'd probably consider cancelling the card and asking your bank for a new one, without waiting to see if fraudulent transactions appeared.

That being said, you should be using different passwords for each site anyways, right?

Also, Google offers 2-facotr authentication for Gmail - where you need a password, and a number code they text you, in order to gain access to your account from a new, different or untrusted computer or phone. That means an attacker would need your password - and your physical phone in order to access your account. I think Yahoo even offers it. And most banks also offer 2-factor authentication.

In fact, I see Bank of America offers a a "smart card" which generates a one-time passcode that is synced to their servers. It looks like a credit card, you press a button and it generates the code. Pretty bad ass.

[Eli]

I follow umpteen security blogs and I am also studying computer security...the good news is, few researchers seem worried about it. In fact, one trusted source put up a great analogy:

After all, if you swiped your credit card in a payment machine that you later felt uneasy about, you'd probably consider cancelling the card and asking your bank for a new one, without waiting to see if fraudulent transactions appeared.

That being said, you should be using different passwords for each site anyways, right?

Also, Google offers 2-facotr authentication for Gmail - where you need a password, and a number code they text you, in order to gain access to your account from a new, different or untrusted computer or phone. That means an attacker would need your password - and your physical phone in order to access your account. I think Yahoo even offers it. And most banks also offer 2-factor authentication.

In fact, I see Bank of America offers a a "smart card" which generates a one-time passcode that is synced to their servers. It looks like a credit card, you press a button and it generates the code. Pretty bad ass.

Great info! Thanks!


Sent from my Bat Cave

[C-2]

Great info! Thanks!


Sent from my Bat Cave

You're welcome.

As a result of this scare, I bet Mateo changed his super secret, SOX compliant password from "password" to "12345".

Eh Mateo?

[Eli]

You're welcome.

As a result of this scare, I bet Mateo changed his super secret, SOX compliant password from "password" to "12345".

Eh Mateo?

Lmao


Sent from my Bat Cave

[ChumpChange]

You're welcome.

As a result of this scare, I bet Mateo changed his super secret, SOX compliant password from "password" to "12345".

Eh Mateo?

I'm more sophisticated than that. drowssap and 54321 are my go to's!

[bubblegoose1]

I'm more sophisticated than that. drowssap and 54321 are my go to's!

Hahaha....

[ptc]

the sites that have been recently 'hacked' are the ones that are screwing around asking you to renew your passwords, pick security pictures, pick new security questions.... its all a bunch of BS. there has to be an easier way to operate securely!

that would be verizon and yahoo.... but craigslist is SAFE! lol

And these hackers -that do this just for fun sake - I think an Ethiopian prison cell for 20 to life would be great punishment. This is serious shit!

[C-2]

the sites that have been recently 'hacked' are the ones that are screwing around asking you to renew your passwords, pick security pictures, pick new security questions.... its all a bunch of BS. there has to be an easier way to operate securely!

that would be verizon and yahoo.... but craigslist is SAFE! lol

And these hackers -that do this just for fun sake - I think an Ethiopian prison cell for 20 to life would be great punishment. This is serious shit!

Security pics and questions are a good thing.

Computer and phone security is inconvenient, no doubt. But then again, so is home and car security. There was a point in time in the early 1970's where a campaign was launched to get people to...lock their car doors.

I go around with wifey all the time about this. It's 2014, not 1999. Learning about computers and phones, and their applications, is no longer an "option"; it is now a requirement. Most companies do a good job of trying to educate their users - it's just the users don't listen.

Overcoming physical computer, network and information security is somewhat manageable - it's the user education which is lacking. Again, mainly because everybody dismisses learning as too cumbersome, or they have the "that won't happen to me" syndrome. Until of course, it does, at which time they blame the company, product or service.

Hackers for fun - those are known as "script kiddies". They call them that because all they are really doing is using an application/program to do the hacking, without understanding the process/function behind it. They don't care about details, script kiddies are like trained monkeys - they push a button to see banana's fall. And since they lack in-depth computer knowledge, they only attack the low hanging fruit - people who use weak passwords and who do not change default passwords on home routers and even voice mail.

A lot of the traditional crime rate is falling. Why? Because it's easier and less risky to sit behind a computer to rob a person. Cyber criminals and gangs are getting pretty sophisticated and unlike users who refuse to learn about security, criminals embrace learning about advanced computing topics. Keeps them out of jail.

Then you have the true "hackers", who plot, conspire amongst each other, surveill, plan and then launch attacks that can reap huge rewards. We're talking about people who dedicate their entire days/weeks/months to find new ways to break into your stuff. It's their full-time profession. Hard to stop them, it's usually more about damage control and insurance claims.

So, take advantage of the free security tools like 2-factor authentication, security pictures and questions, password managers, UPDATES UPDATES UPDATES, and for fucs sake, make sure they have correct and current phone numbers and email addresses for you.