Security

A single character: this is what it takes to crash your iPhone, and block access to messaging apps like WhatsApp, Facebook Messenger, Outlook for iOS, and Gmail. The new bug not only affects iPhones but other Apple devices like iPads, Mac or OS Watches that are running on the latest version of the operating system. This new text bomb bug can easily be exploited by anyone, as it only requires the user to send a character from the Telugu language.

Strong passwords, two-factor authentications, using different accounts: the basics of IT security might sound familiar to you. We have also been writing articles on the issues, but we have jet not covered a very important risk in IT security, namely social engineering. Let’s look into it, and discuss how we can fight it to protect ourselves.

When the topic of using open WIFI networks comes up, the majority of the people do not mind it, however, there is that small group of professionals who would never want to use the service, and would rather just rely on their mobile internet. But how bad is the situation really? There are rumors and facts out in the public about hacking free WIFI systems and monitoring users’ activities, but how common is that present? In today’s article, we will dig a little deeper in the topic to see if there is something to fear about them in our everyday lives.

From the word “hacker” lot of people think of dark, wicked men sitting in server rooms, surrounded by high capacity computers, doing bad. Many do not know that this definition is most likely to fit crackers, who are the ones that violate systems and break into networks with malicious intent. Hackers, on the other hand, are trying to enter systems to find dangerous holes in them and share their knowledge so that those threats can be eliminated. But as the terminology is mostly mixed up nowadays, we usually use “ethical hacker” for the good guys and hackers/crackers for the bad ones.

Cell phones, connected to e-mail and social media accounts are a sensitive area and have a major risk of being hacked. Our cell phones have access to our Dropbox, Gmail, Facebook, Twitter, Instagram accounts, and in most cases to our banking information. A hacked cell phone makes blackmailing, identity theft and losing money a great threat for the owner of the device. With some social engineering, a telephone number and some basic IT knowledge, it is an easy job to hack one’s phone. A trustworthy but otherwise fake site that is convincingly copying a service you use is enough to get the sensitive information they need for a successful hacking.

In our last article, we started summarising the most common and most dangerous insider threats for small and medium-sized enterprises (SMEs). We wrote about angry employees with privileged system access to the company networks, colleagues who surf on the internet and download unwanted spying programmes, viruses or other malware, and co-workers who break the law by doing illegal activity on company property.

Criminal attacks might happen to a company from outside sources, or from the inside. Most of the time employees pose a great risk and raise the likelihood of a cyber-attack by their daily routines. Small and medium-sized enterprises (SMEs) are especially vulnerable to these IT security breaches, as they may lack sophisticated methods and monitoring systems used by large corporates.  Also in some cases, they may lack the understanding of nature of incoming threats.

In connection with the previous article about the importance of strong passwords and 2-factor authentications we felt the need to dig a little deeper into the topic of OTP (One Time Passwords), and write about time based one-time password (TOTP) and HMAC based one-time password (HOTP) algorithms. As we explained earlier, during 2-factor authentications there are 2 tokens to be provided: one we are all familiar with is the username and the password, while the other one is a secret token that is not known to the public. When it comes to the 2nd factor of authentication mechanisms, usually OTP is used as a protective mechanism.

Communication carried out in online space can be dangerous. If it is not secured properly, or not secured at all, an unwanted 3rd party can listen in at any time, and it can gather otherwise sensitive information. To avoid this, most of the websites use a form of secure communication, which is mainly an HTTPS protocol. Secure communication includes methods by which people can share information with certainty that it will not get to unwanted parties.

12345, Password, Qwerty: is one of these words familiar to you? Perhaps you use them as real-life passwords in your everyday routine for your Facebook, Gmail, computer or cloud storage system? But is it worth having easy-to-remember phrases to guard all your personal information? Weaker passwords mean an easier way to enter your account not only for you but for hackers as well.