Friday, April 29, 2005

A few Safe practices to follow

With due credits to the author it is reproduced 'as is' from http://securityawareness.blogspot.com/


Posted By Riff Raff: A Highly Respected Infowar.com Administrator.


Always use both Numbers, Letters and Characters in your password. A password comprised of only letters or only Numbers can be cracked/guessed fairly easily, there are applications that will try every possible word or numerical combination to guess your password.

Applications like John The Ripper (JTR) and Brutus are just two of the more popular password cracking software that is available to anyone who wishes to download them. But don't be fooled into thinking theses are the only way of getting your password, there are plenty of other ways. For example, a yahoo password isn't susceptible to Brutus or jtr. For someone to guess your password or even just change your password. All they need is some basic information that you would probably divulge in a normal chat with someone - like your user name , your Date of Birth, Postal code or even the country you live in.

Ok, now you are thinking it's not that easy to get all that info. IS IT? Yes it really is easy. Consider your last Instant Message with a new person. First thing you find out is their age, location and if they are male or female. Right? In just a few sentences you've told them a lot. Social interaction is normal. It's what draws us to the net. Communication is why we use Instant Messaging.

Social Engineering is a way of getting enough information from you to crack or change your password. Social Engineering is getting you to tell on yourself. Now they know your user name, date of birth, location and probably some other minor things, such as pet names or your nick names. The bad guys are half way there. Soon your new contact has stolen your yahoo identity and they have access to all of your contact lists and email addresses - all from a short chat that you didnt think you've told them anything they can use.

If you make it harder to guess, it's harder to crack. Always use an informal and apolitically combination. Never use a pets name in your secret question and answer. When you do fill out your secret answer to your secret question make them nonsense like pets name could be your mothers maiden name or combination of letters and numbers.

Safe practices will keep it your account. Rule of thumb - a 13 letter, number and character password is almost impossible to break ( it can be broken but it takes much more time and effort than most people want to spend).