|
The
monthly e-zine from Net Technical Solutions |
Return to main e-zine |
|
 |
|
|
|
Plenty more Phish in the sea |
|
|
|
Just as some IT commentators
were suggesting a decline in
email phishing scams, a high
profile attack has served as
a timely reminder of the
need to keep web passwords
safe.
|
|
|
|
|
| |
|
|
|
In the first week of October, hackers
employed a classic phishing technique to
hijack tens of thousands of Hotmail, Gmail
and Yahoo accounts before posting the secure
login details on the Internet for all to
see.
|
|
This followed a report in September from
brand reputation firm MarkMonitor confirming
that, despite suggestions of a decline in
this practice, phishing attacks had actually
reached a record high in the second quarter
of 2009, with 151,000 unique attacks.
Phishing is a form of email scam typically
associated with spoof messages from banks,
credit card companies and other financial
organisations. These emails are designed to
trick recipients into revealing sensitive
password information by asking for a
confirmation of login details. The October
incident also used infected accounts to send
personalised emails to contacts recommending
fake shopping sites. |
|
"People should write down
their web-based passwords.
That's one way of making
sure that you can remember a
"strong" password. This
tends to go against the
conventional wisdom but it
just makes more sense.
People use weak passwords
because they cannot remember
the strong ones."
Sean Sullivan
Security advisor at F-Secure |
 |
| |
 |
|
|
|
|
|
Microsoft denies breach of security
It was the sheer scale of this attack and
the scammers’ decision to go public with
lists of compromised accounts that ensured
widespread coverage by the BBC and other
news channels. However, Microsoft was at
pains to point out that any password
exposure had not come as a result of a
breach of its servers.
A spokesman from the American software giant
was reported as saying: "We are aware that
some Windows Live Hotmail customers'
credentials were acquired illegally by a
phishing scheme and exposed on a website.”
The organisation went on to confirm it had
taken action to remove user login
credentials immediately upon learning of
their exposure.
Debate over managing web passwords
This incident is estimated by some to have
affected as many as 100,000 users and has
reopened the debate about how multiple
passwords should be managed.
In particular, concerns have been raised
over the OpenID standard for authenticating
users. This technology seeks to eliminate
the need for multiple user names and
passwords for different Internet sites and
is supported by the likes of Microsoft,
Yahoo!, Google, Facebook and Paypal. However
many now wonder whether OpenID could
actually make identity theft easier for
scammers since a single breach of an
end-user ’s login details could effectively
provide access to multiple web sites and
online accounts.
Meanwhile, Sean Sullivan, security advisor
at F-Secure, suggested we should reconsider
some more traditional methods.
On the BBC web site, Sullivan was reported
as saying: "People should write down their
web-based passwords. That's one way of
making sure that you can remember a "strong"
password. This tends to go against the
conventional wisdom but it just makes more
sense. People use weak passwords because
they cannot remember the strong ones." |
|
|
|
|
|
Visit
our website |
Return to main e-zine |
|
|
|
 |
Net Technical Solutions Ltd.
Wesley Chambers,
Queens Road,
Aldershot,
Hants, GU11 3JD |
Tel: 0845 0034567
Fax: 0845 0034543
E-mail:
sales@ntsols.com
Website:
www.ntsols.com |
|
 |
|
|
