https://a-ads.com?partner=234368
https://a-ads.com?partner=234368
https://a-ads.com?partner=234368
[ad_1]
This summer a huge number of passwords were stolen from different email and storage services. How does this happen and how can you protect yourself against data loss using public networks?
How leaks of email passwords occur
From the perspective of information security, password leakage can have three main causes:
1. Theft of a password database from the mail server.
2. Use of malicious software on the user"s computer, for example, viruses or keyloggers.
3. Use of a password recovery procedure for password theft.
The most popular stealing method
At first sight, the most obvious way passwords leak is when databases with passwords are stolen from the mail server, for example, by employees maintaining the company"s server, or through exploiting software vulnerabilities on the mail server. However, it"s often not that simple. The fact is, that if a company cares about data safety, passwords are not stored overtly. They are encrypted or, to be more specific, the database stores only a hash function of the passwords. In this case, the passwords are converted in a way that makes it impossible to recover. When a user enters a password for his/her mailbox, a hash function is re-calculated, and the result is compared with the value that is stored in the database. However, after stealing the database with "hashes", the attacker, can actually hack some accounts. To do this, he takes a list containing the most common passwords (something like "12345", "qwerty", or other sequences of symbols on the keyboard; about a few hundred thousand passwords) and calculates their hash value. By comparing the results obtained with the database, the attacker finds accounts with matching hash functions. As a result, he gets access to all accounts with passwords that were in the list. Although a number of protection methods were invented against such password guessing, it still remains relevant. Summarizing, we reach the following conclusions:
1. Stealing databases only allows attackers to hack accounts with simple passwords (i.e., those that an attacker is able to guess) or short passwords (i.e., those that can be guessed using raw computing power).
2. If a user has a long enough password, consisting of random characters, he doesn"t need to worry about database theft.
How can I understand that a server or a forum uses password encryption?
This is quite easy to check. You just need to request password recovery. If you receive your password in a return message, it means that it is overtly stored in the database. If the server asks you to change the password, then most likely, the database stores hash functions only.
That"s not all
The second method to steal passwords comes down to using a variety of malware - viruses, phishing sites, etc. to steal the users" passwords directly from their computer or when a password is entered on websites. The obvious ways to deal with this method of theft is to be cautious when working on the Internet and to use an anti-virus program. Another effective method is every 3 months reset the password: attackers usually steal passwords for future use, and do not use it immediately after the theft.
The third method of theft is associated with the procedure to recover a forgotten password. This is the easiest way to steal a password from a familiar person, for example, with the help of his mobile phone that he left unattended on his office desk. There is no simple way to protect you against such theft. However, you should remember that password theft is most often associated with password replacement, so if your password is suddenly changed without your request, most likely, it was stolen.
Hacked Apple iCloud and Google Gmail accounts
The representatives of these companies claimed the hackers had used the second method, so in essence, it happened due to carelessness and inexperience of users. However, on the Internet you can also find the point of view that there was database theft, suggesting that not all the passwords were hacked, but only the simple ones. Whatever happened in reality, it should be emphasized that the accounts of users who closely followed the security recommendations of their mail services (long passwords, regular changes, protection installed against viruses and phishing) remained unhacked.
[ad_2]
Source by Natalia Yashenkova
No hay comentarios:
Publicar un comentario