Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Saturday March 11 2017, @12:46PM   Printer-friendly
from the sudden-outbreak-of-common-sense dept.

Bruce Schneier has published an article on self-defense against doxing:

Doxing isn't new, but it has become more common. It's been perpetrated against corporations, law firms, individuals, the NSA and -- just this week -- the CIA. It's largely harassment and not whistleblowing, and it's not going to change anytime soon. The data in your computer and in the cloud are, and will continue to be, vulnerable to hacking and publishing online. Depending on your prominence and the details of this data, you may need some new strategies to secure your private life.

There are two basic ways hackers can get at your e-mail and private documents. One way is to guess your password. That's how hackers got their hands on personal photos of celebrities from iCloud in 2014.

How to protect yourself from this attack is pretty obvious. First, don't choose a guessable password. This is more than not using "password1" or "qwerty"; most easily memorizable passwords are guessable. My advice is to generate passwords you have to remember by using either the XKCD scheme or the Schneier scheme, and to use large random passwords stored in a password manager for everything else.

Second, turn on two-factor authentication where you can, like Google's 2-Step Verification. This adds another step besides just entering a password, such as having to type in a one-time code that's sent to your mobile phone. And third, don't reuse the same password on any sites you actually care about.

You're not done, though. Hackers have accessed accounts by exploiting the "secret question" feature and resetting the password. That was how Sarah Palin's e-mail account was hacked in 2008. The problem with secret questions is that they're not very secret and not very random. My advice is to refuse to use those features. Type randomness into your keyboard, or choose a really random answer and store it in your password manager.

Finally, you also have to stay alert to phishing attacks, where a hacker sends you an enticing e-mail with a link that sends you to a web page that looks almost like the expected page, but which actually isn't. This sort of thing can bypass two-factor authentication, and is almost certainly what tricked John Podesta and Colin Powell.

Most of it is old-hat or even second-nature for many Soylentils, but it's a readable article that could be shared with more non-technical friends and family members.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by Nerdfest on Saturday March 11 2017, @07:11PM (1 child)

    by Nerdfest (80) on Saturday March 11 2017, @07:11PM (#477827)

    This is not new, I've been using it for at least five years. They may also have SMS verification available, but not that I'm aware of. Alternatively, if a person has a phone number set up as a fallback, that can be used to send a voice code to (not SMS, but equivalent). Using this fallback is not required.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 2) by Nerdfest on Saturday March 11 2017, @07:17PM

    by Nerdfest (80) on Saturday March 11 2017, @07:17PM (#477830)

    ... also, in your quoute ita says "the attackers never got in the YouTube channels". This may mean that the other accounts had SMS based 2 factor, but YouTube didn't.