La Piazza

Published by Javier Merchan, May 2nd 2010

Remember a film called Home Alone where a young boy called Kevin is left at home by mistake while his family goes on a Christmas vacation to Paris?

And what’s this got to do with support or IT?  Nothing really, it’s just that I keep on forgetting things, mostly my passwords. It must be because I’m getting old.

The number of passwords we use for specific applications is increasing: work computer, personal computer, Gmail mailbox, Twitter, Facebook… not to mention telephone and credit card PINs.  If I don’t even know my home number (as I never call home), how can I be expected to remember all the passwords I use? Being highly intelligent, I decided to use the same password for most of my applications to avoid forgetting it.

Is that really a smart move?  No it isn’t, it’s a very common error. We don’t consider passwords to be important. It’s like using a single key for your car, house, office, bank… Imagine you leave it at home by mistake or it falls out of your pocket.

Even if you have a strong password, someone could get hold of it (please tear up the post-it note next to your PC which includes your password and dispose of it in several bins) using Trojans, phishing and other malicious methods. However, I’ll leave it to my colleagues in PandaLabs to explain that in another post.

Most browsers store the passwords used so you don’t have to remember them every time you access an application like Facebook or Twitter. But, is this safe?  If you always use your computer this may not be that dangerous, but if you share the computer you could be in for a surprise.

A few days ago, a friend told me over Facebook that after being married to his wife for many years, he wanted to break up with her. He had fallen in love with a work colleague and was going to leave everything in order to be with her. You can imagine the reaction on Facebook: his family (mainly his in-laws) asking for explanations, work colleagues under suspicion for breaking up the family, lost friends… and all because he accessed Facebook from a computer at an IT trade fair and forgot to close the session. Someone had used the same computer, gone into Facebook with his profile and passed himself off as my friend. It wasn’t easy explaining the situation, especially to his wife!

Passwords are keys to access applications and their importance is grossly underestimated. Everyone has, at one time or another, created passwords using their name and birth date (john1974) or the name of their loved ones. This is a mistake, it’s like giving away your keys and asking people to enter your home or steal your car.

Here are a few tips to create and use strong passwords:

• Combine alphanumeric characters to create your passwords, and create different passwords for email, social networks, etc.  The more complex, the more difficult to copy.

• Size does matter: the longer the password, the stronger it will be.

• Do not use your name and phone number (john2124561234), easy passwords (123456) or your pet’s name, as this information could be (although it shouldn’t) on social networks such as Facebook.

• Use all sorts of characters: ‘@’ instead of ‘a’, ‘I’ instead of ‘i’…

• Use words or sentences that are easy to remember but difficult to guess.

• Do not reveal your passwords or send them via email.

• Change your passwords frequently. Passwords are like toothbrushes: no one should use yours, and you should change it regularly.

• Do not enter passwords on shared computers.

The best advice is to use common sense.  The theory is simple, but I hardly ever put it into practice. As the saying goes, do what I say, not what I do. This post will at least be useful to realize that what I usually do is not right.

==============================================================================

I have been working in Panda Security since 2001 and I am the PR Coordinator.  This may sound strange, but it consists of working with our offices worldwide to coordinate PR and Communication actions. I love sports (lately I prefer to watch rather than take part), reading and good movies… This is subjective, as some people may consider Rambo a good movie, and others may like French movies where the main characters look at each other through a window while the rain is pouring down it. You can contact me in http://twitter.com/javiermerchan or josejavier.merchan@pandasecurity.com

Posted by Leyre August 19, 2009

The first thing you must do in order to protect your computer and data is to create a safe password, especially in these days, with the prominence of social networks. People tend to use easy-to-remember passwords, but this is a risk, as hackers can then easily access your confidential information. It is common sense, or would you leave the door of your car unlocked just because it is easier to open it? You wouldn´t, right? Same happens with password safety. Here go a  few useful tips.

DONT´s when creating a password

1. Never use passwords that can be found in a dictionary. They can be cracked with clever – and even not-so-clever – password hacking programs.
2. Never use password containing less than 8-characters long. The shorter the password is, the easier it gets to guess it.
3. Never place numbers after the password if the password Word can be found in a dictionary. It is best to insert numbers and special characters in between a word or replace some of the letters by special characters, for example,  Charles – Ch@rlE$
   This is a little safer.
4. Your cat’s name is not unique. Leave it alone Ditto your name, your birthday, your mum’s maiden name or your birthday.

DO´s when creating  a strong password

1. If you want to have a password which is easy to remember but hard to guess, memorize a sentence. Then, use the initial of each of the words of the sentence as the password. Then add a final point or a special character  (!, @, #, $, %, ^, &, *) at the end, followed by two numbers and a capital letter.For example: April is the month of rain – ( Aitmor@05 )
2. Always use a password that is between 8-14 characters, minimum 8.
3. Combine capital and lower case letters in your password.
4. And if you do need to write it down, try not to do it on a piece of paper entitled “Internet Banking Passwords”
5. Change your password every 30 days.
6. Make sure the user name and password are different

For more information, check out PandaLab´s blog post on Social networking, Passwords and privacy and watch the following video to quickly review the most important tips!!

What do you think about this article? Do you want to share your experiences with us? We would love to hear from you!!

Posted by Blanca, 07 August, 2009

Internet is an exceptional tool, it makes several tasks easier. However, being used for business and communication increases the possibilities of fraud.

Occasionally, online fraud scams are reported. To carry out online scams, hackers send an email passing themselves off as a bank. The email is used as bait, and readers are told their accounts must be checked, their information must be updated or that they must restore their password or PIN.  On accessing the message, they are redirected to a fake website, and on entering their details the information is sent to hackers, who from then on have access to the accounts.

This type of crime is called Phishing. If hackers obtains the victim’s password they will have access to the victim’s account and can wipe it out. Worse still, they can steal the victim’s identity.

These e-mails appear to come from a legitimate company, usually a financial institution or credit card issuer (though many like to use eBay and PayPal), urging you to take immediate action so your account is not deactiviated.

To increase the chance that they can trick you, they’ll even use the company’s logo, colors, and standard disclosure text. The e-mail will usually contain a link that takes you to a fake site made to look like the company’s legitimate web site.

Obvious clues that an e-mail is a phishing scam include:

• Misspellings and poor grammar. 
• Web site does not have “https://” in the address bar at the top. Legitimate companies employ secure socket layers (SSL) technology to encrypt your personal data. 
• Urgent tone or call to action. Phishing e-mails will allude to dire consequences like, “your account will be deactivated if you do not respond within 24 hours…” in the text. 
• Requests for personal information like social security number, account numbers, credit card information.

Email phishing is the most common form of phishing used by hackers nowadays. However, they also carry out phone phishing by calling people at home or at work. We recommend you to be very careful on answering questions, especially when talking to people who claim to work in the bank you have your savings in.

Remember that no responsible bank or financial institution requests personal and/or sensitive customer data via email or phone.

How to prevent becoming a victim of Phishing.

1. Be wary of unsolicited phone calls, visits or emails requesting personal or confidential information. 
2. Do not send personal or financial information via the Internet, unless you know the recipient.
3. Download program applications and updates directly from the provider’s website.
4. Pay attention to the website’s address. Some malicious websites are identical to the legitimate one, but use different addresses (i.e. www.paypal.Inc.com), when the original address is www.paypal.com.
5. Install your Panda Security antivirus, firewall, browser and e-mail filters and keep them up-to-date to reduce phishing traffic and spam.
6. Frequently check your accounts to make sure there are no inexplicable transactions. 
7. If you think an account or credit card has been compromised, immediately contact your bank and close the corresponding account.

Remember that one of the ways of fighting against fraud is to not becoming a victim; if, as an Internet user you learn to prevent falling victim to hackers, they will have to find benefits elsewhere.

How about you? Have you ever known anybody who has experienced Phishing attacks? Any other useful tips to prevent it? We are all ears!!

Posteb by Ana, 05 August, 2009

Shopping Online provides a convenient way of making purchases at any time of day, 365 days a year, from a wide range of retailers offering more choice than ever before.

Analysts predict that each year more people than ever will use the Internet for shopping. But they also warn that fraud is on the rise and Internet users need to become better educated on how to protect themselves. Credit cards have helped fuel the Internet economy because they provide security, convenience and reliability for online purchases.

I am a great lover of e-shopping myself! I’ve bought almost anything you can imagine, from a Swiss watch to the tickets of the last Bruce Springsteen’s concert in Bilbao which, by the way, was absolutely great!!! But you must be careful and follow some easy rules.

Here you are some useful tips to take into account:

1. Know who you are dealing with. Conduct business with those companies that you know and that are reputable. Get the seller’s landline phone number and postal address. Remember, you will be sharing your credit card number, your name and possibly your address and phone number. 
2. Check security. Look for the picture of the unbroken key or closed lock in your browser window. Either one indicates that the security is operative. A broken key or any open lock indicates it is not. Look to see if the web address on the page that asks for your credit card information begins with “https:” instead of “http.” Some web sites use the words “Secure Sockets Layer (SSL)” or a pop up box that says you are entering a secure area. These security protections do not work in e-mail. So, make sure you send personal and payment information in a secure web transaction.
3. You should never be asked to tell anyone your card’s PIN number – even if they claim to be from your bank or the police and never use your Social Security Number or PIN as a password. Treat online marketers as you would telephone marketers or anyone else you don’t know. If the deal sounds too good to be true, it probably is, so pass it up. 
4. Only provide your payment card number when you are making a purchase and if you have initiated the negotiation and review your statement immediately and thoroughly. Whether you get your statement by postal mail or online, review each transaction carefully to make sure there are none that you did not make and keep records of what you order.

Now, why not sharing with me some of your e-shopping experiences? Go ahead, I’m really willing to listen to them!