The always excellent naked security blog at Sophos has released a warning against a major security hole in Apple software, including MacOS and iOS. We recommend patching as soon as possible to avoid becoming a victim of this malware.
A note about password sharing and the law
News in the fight against ransomware
Here's some promising news in the fight against the onslaught of ransomware.
Help Your Family and Friends
I think many of my friends will find this very helpful! Sophos has created a new tool for those among us who are the go-to IT person for their own family and friends. Check it out!
Make Encryption Work For You
Device encryption is a hot topic lately. In the past, device encryption technology has been just out of reach of the average consumer, due to local or national laws, efficiency, cost, processing power, or some combination thereof. Now, pretty much all of those factors have been mitigated with modern devices and software capable of full disk encryption on the fly.
I recommend using encryption wherever possible - encryption protects you, your data, and it even protects your employer, your family and friends. Every once in a while I hear a story about someone who has lost a phone with no password and no way to remotely wipe the device. Their data, potentially their employer's data, or personal details of their family are all exposed to any person who happens to pick up their device; this is a huge risk.
I've also heard stories of people's laptops being stolen, this is a common concern in business. If your disk is not encrypted, then anyone can grab data off of it without needing your password. Encryption can help stop this.
All About Passwords
Passwords are a bit of a problem. Everyday I hear new horror stories about massive website breaches, and the theft of millions of username and password pairs. Some of the major sites that have been hit and have been in the news are LinkedIn, MySpace and Twitter.
Passwords are not the best / ultimate solution to security, but they are the best compromise we currently have in the debate of security vs. ease of use. I highly recommend my clients, family and friends use reliable password management software.
Here are the most basic, universal guidelines for password use in today's current climate of data security.
- Use a password manager! It will make the rest of the items on this list easier to accomplish. I need to track thousands of passwords and I also need to follow the very best practices as an IT expert. I have been using LastPass for 4 years and I highly recommend it. I used KeePass before that, it is also highly recommended and I still use it for certain things.
- Do not use the same password at multiple sites - in fact use a different password for each and every website / login you use. This is particularly true for email accounts, social media, and banking, the top targets for hackers. The reason behind this is that if you use the same username and/or password at multiple sites, if one becomes compromised, they are all compromisd.
- Length is more important than complexity! A 16 character password that is all lowercase numbers is several orders of magnitude more secure than a 10 character password that uses lowercase, uppercase, numbers and punctuation. This is due to the way passwords are cracked. The longer the password, the better. I recommend using the max allowable length at each site, where possible.
- Passwords should be hard to remember and impossible to guess. A long string of randomly generated characters is far safer than a short phrase and certainly more safe than your dog's name.
- Changing your password occasionally is a good practice, though not as important as it used to be.
- Use multi-factor authentication wherever possible and feasible, this is especially true for sensitive sites such as your password manager, email, banking and social media.