You have heard the news. Russian hackers have managed to collect a pile of no less than 1,2 billion stolen user IDs and passwords from approximately 420 000 different sites. That’s a lot of passwords and your own could very well be among them. But what’s really going on here? Why is this a risk for me and what should I do? Read on, let’s try to open this up a bit.
First of all. There are intrusions in web systems every day and passwords get stolen. Stolen passwords are traded on the underground market and misused for many different purposes. This is nothing new. The real news here is just the size of the issue. The Russian hacker gang has used powerful scripts to harvest the Internet for vulnerable systems and automatically hacked them, ending up with this exceptionally large number of stolen passwords. But it is still good that people write and talk about this, it’s an excellent reminder of why your personal passwords habits are important.
Let’s first walk you through how it can go wrong for an ordinary Internet user. Let’s call her Alice.
So what’s the moral of the story? Alice used a good password but it didn’t protect her in this case. Her error was to reuse the password on many sites. The big sites usually have at least a decent level of security. But if you use the same password on many sites, its level of protection is the same as the weakest site where it has been used. That’s why reusing your main mail password, especially on small shady sites, is a huge no-no.
But it is really inconvenient to use multiple strong passwords, you might be thinking right now. Well, that’s not really the case. You can have multiple passwords if you are systematic and use the right tools. Make up a system where there is a constant part in every password. This part should be strong and contain upper- and lowercase characters, digits and special characters. Then add a shorter variable part for every site. This will keep the passwords different and still be fairly easy to remember.
Still worried about your memory? Don’t worry, we have a handy tool for you. The password manager F-Secure Key.
But what about the initial question? Does this attack by the Russian hackers affect me? What should I do? We don’t know who’s affected as we don’t know (at the time of writing) which sites have been affected. But the number of stolen passwords is big so there is a real risk that you are among them. Anyway, if you recognize yourself in the story about Alice, then it is a good idea to start changing your passwords right away. You might not be among the victims of these Russian hackers, but you will for sure be a victim sooner or later. Secure your digital identities before it happens!
If you on the other hand already have a good system with different passwords on all your sites, then there’s no reason to panic. It’s probably not worth the effort to start changing them all before we know which systems were affected. But if the list of these 420 000 sites becomes public, and you are a user of any of these sites, then it’s important to change your password on that site.
F-Secure is back from CES -- where the tech world comes together in Las Vegas to preview some of the latest innovations – some which might change our lives in the coming years, others never to be seen or heard again. Inside the over 200,000 square meter exhibit space, Drones flew, and made a fashion statement; hearing aids got smartphone apps; and 3-D printers printed chocolate. We made a stir of our own with Freedome. Our David Perry reminded the industry professionals that the mobile devices nearly all of them were carrying can do more than connect us. "I want you to stop and think about this," he told RCR Wireless News as he held his smartphone up on the event floor. "This has two cameras on it. It has two microphones. It has GPS. It has my email. It has near-field detectors that can tell not only where I am but who I'm sitting close to. This is a tremendous amount of data. Every place I browse on the internet. What apps I'm running. What credit cards I have. And this phone doesn't take any steps to hide my privacy." In this post-Snowden world, where professionals are suddenly aware of how much their "meta-data" can reveal about them. Privacy also played a big role in the discussion of one the hottest topics of 2015 -- the Internet of Things (IoT). The world where nearly everything that can be plugged in -- from washing machines to light bulbs to toasters -- will be connected to the internet is coming faster than most predicted. Samsung promised every device they make will connect to the net by the end of the decade. If you think your smartphone holds a lot of private data, how about your smarthome? "If people are worried about Facebook and Google storing your data today, wait until you see what is coming with #IoT in next 2-5 years," our Ed Montgomery tweeted during the event's keynote speeches, which included a talk from US Federal Trade Commission Chairwoman Edith Ramirez that tackled privacy issues on the IoT. Newly detected attacks on home routers suggest that the data being collected in our connected appliances could end up as vulnerable to snoops and hackers as our PCs. Some fear that these privacy risks may prevent people from adopting technologies that could eventually save us time, effort and energy. At F-Secure we recognize the promise that IoT and smart homes hold and we’re excited about the coming years. But we also understand the potential threats, risks, and dangers. We feel that our job is to enable our customers to fully enjoy the benefits of IoT and that is why we’re working on new innovations that will help customers to adopt IoT and smart home solutions in a safe and controlled way. It will be an exciting journey and we invite you to learn more about our future IoT solutions in the coming months. We at F-Secure’s IoT team would like to hear from you! Are you ready to jump on the IoT? What would your dream connected home look like? Or have you perhaps already set up your smart home? What are you worried about? How could your smart home turn into a nightmare? Read the rules and post your thoughts below for your chance to win one of our favorite things -- an iPad Air 2 16 GB Wi-Fi. [Image by One Tech News | via Flickr]
You're searching online for a baby gift for a friend's newborn, and then for a while you're followed by diaper ads on practically every site you visit. Ever notice something like that happening to you? Yes, the web can be an eerie place. Intelligence agencies and criminals aren’t the only people who may be tracking your online behavior - there’s a lot more to your browsing session than meets the eye. Take, for example, this F-Secure Labs study that found that of the 100 most popular URLs in the world, only 15 percent are actually accessed by real people. The other 85 percent are third-party sites that are accessed behind the scenes of your browsing session, by the sites you visit. And over half of these third-party sites are tracking-related. They are helping build up an online profile of you and your browsing habits. Why? So marketers can better target you with ads that meet your interests and preferences - or at least try to, in the case of the diaper ads. How does it work? When you visit a site with ads, you'll be tracked by the marketing company behind the ads on that site. And one marketing company may be working with a huge network of other websites. So whenever you visit another site that also has a relationship with that marketer, the marketer captures more and more data about you and your online behavior. All this data goes into an extensive profile that is being built up about you. If that sounds a little creepy, rest assured that you can regain control of your digital privacy. There’s an easy way to block advertisers from tracking you everywhere you go. Last year we launched F-Secure Freedome to stop tracking on your mobile device (to date, Freedome has already blocked over 900 million tracking attempts globally). And now there's good news - today we're unveiling Freedome for your Windows PC! Freedome for Windows has the same privacy features as the mobile versions, protecting you from trackers and hackers. It's got the same VPN technology to protect your browsing session from snoops while using public Wi-Fi. In addition, it also includes a new Private Search feature that offers tools so you can get your search engine results without the tracking. Since the Snowden revelations, we as consumers have become more and more aware that we may be revealing the most intimate details of our lives through our connected devices. According to a recent study by the Pew Research Center Internet Project, 91% of adults in the survey agree that consumers have lost control over how personal information is collected and used by companies. If you're concerned too, download a free 14-day trial of Freedome for your Windows PC. And let us know what you think! Banner image courtesy of Filip Goc, flickr.com