World’s Biggest Spambot Dump: New Zealanders urged to check and change passwords.
Recently it was reported that more than 700 million email addresses, and a number of passwords, have been leaked in what is already being referred to as one of the largest spambot dumps the world has ever seen.
Related: Facebook Figured Out My Family Secrets, And It Won't Tell Me How
At present, it is believed the data dump originated via a spambot called Onliner however this is yet to be verified. You can check if your email address has been affected at haveibeenpwned.com.
Security experts are advising those affected to change their passwords immediately to reduce the risk of further penetration.
This recommendation begs the question – what makes a secure password?
Aura Information Security’s general manager, Peter Bailey says, "While security experts have been talking to people about securing their passwords for years, it is still one of the easiest points of access for hackers to use. Too often passwords are written down, reused or too easy to hack."
Passwords are the gateway to you and your companies’ private materials, but the importance of password security is often overlooked – which can lead to increased cyber security risk for businesses.
Here are six top tips on how to maximise your business’ password security from Aura Information Security’s Peter Bailey:
1. Use a Password Manager
A good password manager, which is essentially a vault that stores all your passwords in one place and is protected by a master password, will help to make the task setting strong, different passwords for multiple accounts far easier.
These password managers rely on you setting a very strong master password, so Aura recommends using a “passphrase” as this master password – that is, a sequence of four or five words.
Related: Here’s How You Can See If Hackers Already Have Your Passwords
These days, it’s length, not complexity, that makes a good password, so try to choose longer words that aren’t predictable or easy to guess. Fortunately, it will be the last password you have to remember, as most password managers include password generators to create strong (long and complex) passwords for you, so you’ll never have to look at or type in another password again.
There are lots of options out there, ranging from online solutions such as 1Password or LastPass, to the more technical solutions such as KeePass. Most solutions provide mobile apps as well, so you can manage your passwords on your iOS or android devices too.
2. Use Two-Factor Authentication Where it is Available
Where two-factor authentication is offered (even Facebook offers it days), make use of it. Two-factor authentication combines username and password (factor one) with a second level of verification, like a TXT code to your mobile or a 2FA code generator such as Google Authenticator (factor two).
3. Don’t Reuse Passwords
If a hacker does manage to access your business password, having the same password for everything could spell disaster.
The same goes for employee passwords, sharing passwords between their personal and business accounts increases the chances that the password could be compromised. It’s best practise to have multiple passwords, to minimise the potential impact on your business should one password be discovered.
4. Never Disclose or Share Your Credentials
Cyber criminals are getting more and more sophisticated, but in our experience the same types of tricks that have been used for years by hackers are still the most effective – and that is social engineering.
Related: The U.S. Spy Hub in the Heart of Australia
In other words, tricking an employee into clicking on an infected link, revealing a user name and password or paying an invoice that looks like it has come from a legitimate source.
Perhaps our biggest piece of advice is that good security starts with staff education and effective security policies – and that includes never revealing your passwords to anyone, or including passwords in documentation (emails, work instructions, application user guide etc.).
5. Ensure your Employees Understand Cyber Security
Most security breaches can be attributed to employee error…or ignorance. Employees who use weak passwords or use the same password across personal and work accounts can prove to be the weak spot that hackers use to penetrate your business.
To ensure your business fosters a culture of cybersecurity awareness, regular training and education is key.
Related: Purge Of Conservative Sites and Platforms Has Begun
If you don’t have a CISO to help lead the charge, there are some great online tools and employee checklists available from sites such as ConnectSmart.govt.nz and cert.govt.nz. Aura also recently launched its e-learning tool, which is designed to provide businesses with the ability to train and educate staff whilst also identifying areas for improvement.
6. Make Your Password Complex, But Easy to Remember
Previous advice has recommended combining upper and lower case letters, using number and symbols when creating your password. The inability for people to remember these complex passwords ends up putting individuals at higher risk of cyber hacks – by writing down your password in order to actually remember it, you’re opening yourself up to more threat.
Instead, think of an easy to remember phrase or word combination. Lyrics of a song, a short quote from a movie or book, or even a dinner dish are good options to make your password complex enough to deter hackers, but still easy to remember.
Social Media Is A Tool Of The CIA: “Facebook, Google And Other Social Media Used To Spy On People”
A CBS news article published in 2011 entitled “Social Media Is a Tool of the CIA. Seriously” reveals the “unspoken truth” which the mainstream media including CBS have failed to address.
The CIA is “using Facebook, Twitter, Google (GOOG) and other social media to spy on people.”
Related: Facebook Introduces Overt Censorship, Beyond #GoogleGestapo
This article published by CBS refutes the lies of the MSM (and CBS). It confirms the insidious relationship between the CIA, the Search Engines, Social Media and major advertising conglomerates:
“You don’t need to wear a tinfoil hat to believe that the CIA is using Facebook, Twitter, Google (GOOG) and other social media to spy on people. That’s because the CIA publishes a helpful list of press releases [link inactive] on all the social media ventures it sponsors, via its technology investment arm In-Q-Tel. … “
The report acknowledges that “privacy” is threatened by the advertisers, yet at the same time these advertisers are “in bed with the CIA”, acting on behalf and in liaison with US intelligence.
The Privatization of Spying
Spying on individuals is a highly profitable undertaking for private companies on contract to the CIA, NSA, Homeland Security. The CBS report suggests in no uncertain terms that the personal information pertaining to millions of Americans collected by one of the World’s largest ad agencies is sold to the CIA.
"THE INVESTMENT ARMS of the CIA and Google are both backing a company that monitors the web in real time - and says it uses that information to predict the future.
The company is called Recorded Future, and it scours tens of thousands of websites, blogs and Twitter accounts to find the relationships between people, organizations, actions and incidents - both present and still-to-come.
Purge of Conservative Sites and Platforms Has Begun
The masters of social media are doing their best to stop the growth of the new conservative media.
Freedom of Expression
Social Media and Search engines are being used to Spy on Americans! But not only on Americans. The process of personal data collection is worldwide.
What is at stake, however, is not only the issue of “Privacy”. The online search engines also constitute an instrument of online media censorship.
Google has introduced algorithms intended to downgrade independent and alternative media. In this regard, the Guardian reported (December 2016) on “How Google’s search algorithm spreads false information with a righ...“
Independent online media is targeted. Freedom of Expression on internet based news outlets is being routinely shunted by Google:
“New data compiled by the World Socialist Web Site, with the assistance of other Internet-based news outlets and search technology experts, proves that a massive loss of readership observed by socialist, anti-war and progressive web sites over the past three months has been caused by a cumulative 45 percent decrease in traffic from Google
Below are excerpts of the CBS News 2011 article, to read the entire article click here:
The World’s Largest Database on Individuals
One of the main threats to privacy comes from advertisers, who want to track everything consumers do on the web and scrape their online accounts for personal information. It shouldn’t be surprising, therefore, to learn that the CIA and the worlds largest ad agency network, WPP (WPPGY), have been in bed together on a social media data-mining venture since at least January 2009.
Related: Twitter Caught Censoring Drudge Report Again
WPP currently claims to own the world’s largest database of unique individual profiles - including demographic, financial, purchase and geographic histories. WPP’s Visible Technologies unit took an investment from In-Q-Tel in fall of 2009. Visible Technologies develops tools that can scan social media networks such as Twitter and Facebook. …
Google and CIA: Old Friends
Are you seeing a trend yet? Google (GOOG) has been a partner with the CIA since 2004 when the company bought Keyhole, a mapping technology business that eventually became Google Earth. In 2010, Google and In-Q-Tel made a joint investment on a company called Recorded Future, which has the Minority Report-style goal of creating a “temporal analytics engine” that scours the web and creates curves that predict where events may head.
Google is already helping the government write, and rewrite, history. Here, from its transparency report, are some stats on the amount of information it has either given to the government or wiped from the web based on requests by U.S. agencies:
4,601 requests from U.S. government agencies for “user data“
Google complied with government requests for user data 94% of the time.
1,421 requests for “content removal“
Google complied with content removal requests 87% of the time.
15 requests were from “executive, police etc.”
1 was a national security request.