Cyber Security - Part 1
Last week you may have heard of a company claiming that a Russian hacking gang dubbed CyberVor had hacked various online sites and stole 1.2 billion passwords.
There is some concern that this report is legitimate, with the company which is called 'Hold Security' asking for $120.00 from you to check if your credentials have been stolen. I am airing on the side of caution & scepticism with this one, it doesn't feel right to announce such a big breach and then ask for money to be handed over just to see if you were affected in any way.
Whilst I’m being sceptic on this one, if you want to find out more about it and make up your own mind fire up your favourite browser and Google CyberVor.
With this kind of reporting out there, it does really hit home that regardless of if the CyberVor threat is true or not you have to remain vigilant in the online world and really take note of the best practises for safeguarding your privacy. It can get mundane and people often fire back I have heard this all before, that’s all well and fair but the message just isn't getting across to some people, to prove my point here are some staggering statics from Sophos warbiking exercises.
Before I jump in the stats, warbiking is the same as wardriving but just on a bike! James Lyne who is Global Head of Security Research at Sophos has equipped his push bike with network detection equipment to uncover how Wireless networks are protected.
In his ride through San Francisco he had detected 73,312 networks with the following broken into how they were secured
19.3% No Encryption
The following is a straight extract from Sophos the World of Warbiking to give you an understanding of what each of the acronyms are, if you want to read the report in full you can visit the report by clicking here
WEP, or Wired Equivalent Privacy, has been understood to be severely broken since as far back
as 2001. There are a number of faults that enable an attacker - equipped with readily available
software and tools (even available on Amazon for a low price) - to retrieve pretty much any
password combination in seconds.
Once the attacker has your password they can not only join your network and start attacking
connected devices, but they can also monitor (or change) all your network communications. Your
encryption becomes worthless.
Of the relatively large number of open networks, we discovered the majority looked to be open by
design – that is to say they were networks with captive portals that people had to authenticate to
before being able to access the network or the Internet.
A small number of networks were open and did not fit this profile (such as default named
Linksys routers). Many would assume that the open by design networks are OK (they have made
the decision to be open intentionally after all) but this does not necessarily follow. The lack of
security when joining the network means that any information subsequently sent on the wireless
network is unencrypted. Unfortunately most users do not take additional steps to encrypt their
traffic and therefore any of their activities online can be easily monitored or even modified by an
There are a variety of different security configurations that can be used with WPA (Wi-Fi
Protected Access) mode, though WPA+TKIP is the most common at 57.7% of networks detected.
TKIP (Temporal Key Integrity protocol) was implemented as a quick fix to the security problems
that WEP encountered