Placeholder Content Image

Use these 10 passwords at your own peril

<p dir="ltr">With cyberattacks increasing by the month, it’s crucial to have a strong grasp or what is - or isn’t - a strong enough password to hopefully deter hackers.</p> <p dir="ltr">And with the cybercriminals capable of unveiling 921 passwords each second, people all over have become easy targets with their choices - whether that’s from including easy-to-guess terms like the word “password” itself or common sequences like “123456” and “qwerty” - as reported by <em>9News</em>.</p> <p dir="ltr">And as analysis by <em>CyberNews</em> has revealed, just 13 per cent of leaked passwords - from a review of almost 15 billion - were actually unique. </p> <p dir="ltr">According to them, two of the most popular names to appear in the selection were “Eva” and “Alex”, with a total of seven million respective uses. “Food” and “pie” were regulars, as well as the season “summer”.</p> <p dir="ltr">While these might be easy for users to remember, and appealing for that, My Business general manager Phil Parisis had a clear warning in store when he explained that “if it’s easy for you to remember, chances are it’s also easy for cybercriminals to guess.</p> <p dir="ltr">“That's not only putting you at risk but also exposing the businesses and corporations that you work for.</p> <p dir="ltr">"Another common inclusion is a year - often their birth year or another significant year in their life."</p> <p dir="ltr">Having the right information and advice at your disposal is crucial when it comes to protecting yourself, so with all of this in mind, the 10 passwords that you should avoid at all costs the next time you’re asked to come to up with one are the following: </p> <ul> <li dir="ltr" aria-level="1"> <p dir="ltr" role="presentation">123456</p> </li> <li dir="ltr" aria-level="1"> <p dir="ltr" role="presentation">123456789</p> </li> <li dir="ltr" aria-level="1"> <p dir="ltr" role="presentation">qwerty</p> </li> <li dir="ltr" aria-level="1"> <p dir="ltr" role="presentation">password</p> </li> <li dir="ltr" aria-level="1"> <p dir="ltr" role="presentation">12345</p> </li> <li dir="ltr" aria-level="1"> <p dir="ltr" role="presentation">qwerty123</p> </li> <li dir="ltr" aria-level="1"> <p dir="ltr" role="presentation">1q2w3e</p> </li> <li dir="ltr" aria-level="1"> <p dir="ltr" role="presentation">12345678</p> </li> <li dir="ltr" aria-level="1"> <p dir="ltr" role="presentation">111111</p> </li> <li dir="ltr" aria-level="1"> <p dir="ltr" role="presentation">1234567890</p> </li> </ul> <p dir="ltr">To further protect yourself, it can be of great benefit to mix your upper and lowercase letters in your passwords, as well as throwing in a range of symbols and numbers to further disguise your intended terms. </p> <p dir="ltr">For example, and as <em>9News</em> noted, the likes of “password123” is considered a weak password, while something like “MySecurePa$$word785!” is considered much stronger, and much more protected.</p> <p dir="ltr">And the Australian Cyber Security Centre have further suggested that internet users consider using passphrases - a number of random words put together in a string -, as they’re “harder to guess but easier to remember” than common passwords. But most of all, they recommend avoiding obvious, significant, and easy-to-guess words, like the names of children and beloved family pets. </p> <p dir="ltr"><em>Images: 9News </em></p>

Technology

Placeholder Content Image

How your grandkids can beat cybersecurity challenges head on

<p>How well are we preparing the typical primary school kid for life when they graduate in 2032?</p> <p>Current attitudes to education around cybersecurity and online safety skew towards caution at all costs. We often<span> </span><a href="https://www.education.vic.gov.au/about/programs/bullystoppers/Pages/princyber.aspx">focus on schools’ duty of care</a><span> </span>rather than fostering skills and<span> </span><a href="https://doi.org/10.14264/uql.2018.865">frameworks of digital ethics</a><span> </span>which empower students.</p> <p>There is a danger we are letting kids down with a fear-driven mentality instead of engaging their challenges head on. Both parents and teachers can help kids in this capacity: let’s take a look at how (tips below).</p> <p><strong>Fear can be a barrier</strong></p> <p>We educational technologists often have cybersecurity discussions with students, parents and teachers with digital fluency levels ranging from expert to little-to-no knowledge.</p> <p>As parents and teachers we can understandably be fearful of the role of technology in kids’ lives, however this can sometimes be a barrier to student learning.</p> <p>Around six years ago, Wooranna Park Primary School in Victoria, Australia introduced new technologies that had an immediate positive influence on student outcomes. Yet some drew negative feedback from parents, due mainly to misconceptions and fear of the unknown.</p> <p><strong>Communication is vital</strong></p> <p>Sandbox video game Minecraft  is a powerful tool for collaborative learning. It provides an infinite 3D space where students collaboratively learn just about anything you can think of: from numeracy and literacy, to 3D printing, coding, science, financial literacy and art.</p> <p>Many schools use Minecraft now. Yet it was met with a lot of trepidation from parents when first introduced as a learning tool at the school. One parent had specific fears about Minecraft (“isn’t it about murdering babies or something?”), taking these directly to the principal, who took the time to share the benefits and provide detailed information. This particular parent now plays Minecraft with their children.</p> <p>Likewise when YouTube was first allowed within the school, some parents and even staff were worried about it. However as a video sharing service where people can watch, like, share, comment and upload videos, it is now a core technology supporting self-directed learning. Today the school would feel like it was coming to a standstill without it.</p> <p>The pedagogic context is the key here — and it wasn’t until learning engagement data was communicated to the school community that overall negative opinion changed to a positive one. Now students aren’t just consuming content from YouTube, they are uploading their own work and sharing it with their parents.</p> <p><strong>Personal responsibility, healthy conversations</strong></p> <p>Minecraft and YouTube are examples of Web 2.0 technologies. We are now transitioning into the age of<span> </span><a href="https://www.techopedia.com/definition/4923/web-30">Web 3.0 </a><span> </span>– the decentralised web, where personal responsibility is paramount.</p> <p>We’re at the cusp of the widespread adoption of a whole range of disruptive technologies that work less like curated gardens and more like ecosystems. These are based on new core technologies like blockchain and the distributed web (also known as Interplanetary File System, or<span> </span><a href="https://ipfs.io/">IPFS</a>).</p> <p>These approaches effectively eschew the “platform”, and allow users to connect directly with each other to communicate, create and transact. These will benefit students in the long term, but will inevitably draw alarm due to misunderstanding in the short term.</p> <p>The way we can get ahead of this as a community is by introducing a culture of having healthy conversations at home and in school much more often.</p> <p><strong>Start them young</strong></p> <p>It is almost never too early to start teaching kids about cybersecurity.</p> <p>Students at Wooranna Park Primary School as young as five and six are learning about cutting edge technologies such as IPFS, cryptography, blockchain, virtual and augmented reality (VR/AR), robotics and artificial intelligence (AI).</p> <p>The kids learn these topics within the context of active inquiry, giving them choices about the software and devices they use in order to empower them as technology-enhanced learners.</p> <p>A<span> </span><a href="https://doi.org/10.14264/uql.2018.865">recent study</a><span> </span>of 1:1 classroom projects by researcher Theresa Ashford found a strongly regulatory culture in education focused on “filtering and monitoring”. This failed to instil a critically important framework of digital ethics, with students quickly finding ways to navigate around barriers.</p> <p>We can avoid this by not being fearful of technology use by children, but instead helping them navigate through the complexities.</p> <p><strong>Tips on how to talk to your children about cybersecurity</strong></p> <ul> <li> <p>talk to them about what they are doing online, what websites they visit, and what apps and online services they are using</p> </li> <li> <p>sit with them while they use technology and observe, then discuss what they think about and how they feel</p> </li> <li> <p>ask whether they think what they see online is always true, and how they would know if something wasn’t real</p> </li> <li> <p>encourage critical thinking and credibility evaluation skills (what Howard Rheingold calls “<a href="https://www.youtube.com/watch?v=AHVvGELuEqM&amp;feature=youtu.be">crap detection</a>”) as well as ethical engagement by talking through specific examples</p> </li> <li> <p>provide clear ways that kids can check primary sources, such as looking for credible primary sources (not just depending on the Wikipedia entries, but reading the primary sources linked by them)</p> </li> <li> <p>encourage kids to protect their personal data, and explain that when you put something online it will most likely be there forever</p> </li> <li> <p>brainstorm with them about possible online pitfalls, like bullying, scams, targeted advertising, child exploitation and identity theft</p> </li> <li> <p>commit to learning alongside your kids about the online worlds they inhabit.</p> </li> </ul> <p><strong>Terms to search and explore with your child</strong></p> <ul> <li><strong>password strength</strong><span> </span>– the measure of the effectiveness of a password against attackers</li> <li><strong>two-factor (or two-step) authentication (2FA)</strong><span> </span>is a method of confirming a user’s claimed identity by utilising something they know like a password, with a second verification like an SMS or verification app</li> <li><strong>encryption</strong><span> </span>– the translation of data into a secret code instead of “plain text”</li> <li><strong>blockchain</strong><span> </span>– a distributed ledger technology that records transactions using many computers</li> <li><strong>cyberbullying</strong><span> </span>– the use of services such as text messages or social media to bully a person</li> <li><strong>SSL</strong><span> </span>– the “s” at the end of https:// when you visit a website, which means you can generally trust the site to transport your personal information in an end-to-end encrypted format</li> <li><strong>virtual private network (VPN)</strong><span> </span>ensures a safe and encrypted connection over a less secure network</li> <li><strong>virus and malware</strong><span> </span>– software written expressly to infect and harm computer networks and devices</li> <li><strong>IPFS</strong><span> </span>– interplanetary file system, the decentralised web</li> <li><strong>peepeth</strong><span> </span>– blockchain-powered, decentralised social network</li> <li><strong>hardware wallets</strong><span> </span>– a device that stores the public and private keys which can be used to secure cryptocurrencies, and can also act as a means of two factor authentication.</li> </ul> <p><strong>Security tools to explore with your child</strong></p> <ul> <li><a href="https://haveibeenpwned.com/">haveibeenpwned.com</a><span> </span>– check if you have an account that has been compromised in a data breach</li> <li><a href="https://beinternetawesome.withgoogle.com/en_us/interland">interland</a><span> </span>– embark on a quest to become a confident explorer of the online world</li> <li><a href="https://myaccount.google.com/security-checkup">Google security check</a><span> </span>– evaluate your security within the Google ecosystem</li> <li><a href="https://authy.com/">authy.com</a><span> </span>– add two-factor authentication to common services</li> <li><a href="https://howsecureismypassword.net/">howsecureismypassword.net</a><span> </span>– work out how long it would take a computer to crack your password.</li> </ul> <div class="grid-ten large-grid-nine grid-last content-body content entry-content instapaper_body"> <p><em>This article was written with significant input from Kieran Nolan, a Melbourne-based educational technologist.</em></p> </div> <div class="grid-ten grid-prepend-two large-grid-nine grid-last content-topics topic-list"><em>Written by Matthew Riddle. Republished with permission of <a href="https://theconversation.com/skills-like-crap-detection-can-help-kids-meet-cybersecurity-challenges-head-on-113915">The Conversation.</a></em></div>

Technology

Placeholder Content Image

12 cybersecurity tips to keep your computer safe and secure

<p>So it looks as if the CIA could potentially break into most smartphone or computer networks, at least according to the stolen documents released by WikiLeaks last week.</p> <p>Whether you have anything to hide or not, it's a good reminder that in a digital age, keeping your life private requires some work.</p> <p>Here's a list of nine things everyone should be doing already to keep their information relatively confidential, plus four more for the truly paranoid.</p> <p><strong>1. Don't get phished</strong></p> <p>The most common way the CIA's cyber tools, and hackers for that matter, get into your devices are via phishing emails or texts. These are created to look like they're from a friend or trusted sender (say your bank or a software company) and contain a link they try to trick you into clicking on.</p> <p>Doing so loads software onto your computer, tablet or smartphone that allows the spies, or hackers, in. Once there, they can install any number of programs that allow them to spy on you and steal data. The CIA documents describe programs that can search through emails, contacts, texts and photos and send them from your device without your knowing it.</p> <p>All of this is why you want to be very careful about what emails you open and what links you click. Hackers, and presumably the CIA, are good at creating realistic-looking emails that entice you to click on dangerous links. Double and triple check before you click on links sent via email or texts. When in doubt, don't click on the link but instead go to the actual website it claims to be from.</p> <p><strong>2. Turn on two-factor authentication</strong></p> <p>This is that annoying step that comes after typing in your password. It sends a code to your smart phone or a landline or sometimes email. You input the code - the second factor in the authentication process - and you're good to go.</p> <p>While it seems like a hassle, it's actually an extremely powerful way to keep anyone but you from getting into your accounts. They'd have to not only have stolen your ID and login but also your phone.</p> <p>You should turn two-factor authentication on for every app, program and device for which it's available. It's a small hoop for you to jump through but an enormous wall for hackers, and would-be spies, to overcome.</p> <p><strong>3. Use only secure web browsers</strong></p> <p>Look for websites that use the secure version of the web protocol. You can tell by looking at the URL, which should start with HTTPS rather than simply HTTP. It stands for Hypertext Transfer Protocol Secure and keeps malicious third parties from inserting code onto the site.</p> <p><strong>4. Use strong passwords</strong></p> <p>There are weak passwords and then there are crazy weak passwords. According to a survey by Keeper, which makes password management software, 17 per cent of users have 123456 as their password, followed by 123456789 and qwerty. At least put up a fight! Choose strong passwords or sign up for a password management program that will create them for you.</p> <p><strong>5. Install a modern operating system</strong></p> <p>Many of the vulnerabilities detailed in the WikiLeaks documents are older and target dated systems. It's entirely possible that the CIA has newer tools for newer programs, but we don't know. What we do know is that the longer an operating system or program is around, the more vulnerabilities in it that are found and exploited. So use the most recent version of whatever operating system you prefer (Microsoft, Apple or Linux generally) and when a new one comes out, don't wait forever to switch.</p> <p><strong>6. Install security updates and patches</strong></p> <p>When you get a new phone or computer or install a new system, set it up to automatically update with security patches. If there's no automatic update available, check periodically to see if anything new is available.</p> <p><strong>7. Use a security program</strong></p> <p>There are many out there, from free to ones you pay for. While it's unlikely they'd keep the CIA out of your system, they'll do a good job of keeping run-of-the-mill hackers away, and might make it a little harder for spies to get to you.</p> <p><strong>8. Use encrypted messaging software</strong></p> <p>There's no evidence the CIA was using the tools described in the WikiLeaks documents to spy on Americans, which would be illegal under U.S. law as the CIA can't operate within the United States. That said, if you really want to keep your life confidential, here are a few more things you can do.</p> <p>Popular programs include Signal, Telegram and WhatsApp. The WikiLeaks documents claimed that the CIA had a program that allowed it to see what users were typing on certain phones running the Android operating system, but they hadn't been able to break the encryption of the programs themselves.</p> <p><strong>9. Install a camera cover</strong></p> <p>This keeps anyone from being able to surreptitiously turn on your camera and use it to record you. At hacker conferences it's common to see little bits of paper taped over computer cameras, or little plastic sliding covers that allow them to close off the lens when they're not using it. It's a low-tech fix for a high-tech problem.</p> <p><strong>10. Use a landline</strong></p> <p>Making a call on a land line is more secure than making a call on a cell phone. It also doesn't leave a digital trail as texts or email do.</p> <p><strong>11. Unplug and turn off your devices</strong></p> <p>For the truly paranoid, the best way to make sure the devices that surround you aren't spying on you is to unplug them or turn them off.</p> <p><strong>12. Finally, think about what you're giving away for free</strong></p> <p>All of this raises a simple question - how much information do you voluntarily turn over to websites, apps and online services every day? Remember that no is always an option, though it sometimes means foregoing convenience for privacy.</p> <p>Do you think you’ll follow any of these cyber-security tips?</p> <p><em>Written by Elizabeth Weise. First appeared on <a href="http://www.stuff.co.nz/" target="_blank"><strong><span style="text-decoration: underline;">Stuff.co.nz</span></strong></a>. </em></p>

Technology

Placeholder Content Image

The biggest cybersecurity threats of 2016

<p>Security service vendor Proofpoint have revealed their predictions for the biggest cybersecurity threats this year.</p> <p>According to Proofpoint, cybercriminals will move with the times, no longer using the widely-known format of malicious document attachments. Instead they’ll target the human factor, or in other words, mankind’s natural curiosity to click on the internet.</p> <p>“Our six 2016 predictions all have one theme in common — cybercriminals are targeting the people behind devices and are looking to capitalise on their willingness to click,” vice president of Threat Operations at Proofpoint Kevin Epstein told news.com.au.</p> <p>With a growing number of social media accounts distributing harmful software in 2015, Proofpoint expects the incidents of malware to increase in 2016 as hackers continue to try and steal personal customer data or an organisation’s financial data.</p> <p>Hackers are also expected to increase attacks on high-value financial infrastructure, like ATMs, point of sale terminals and payment portals.</p> <p>Proofpoint director of Threat Intelligence Patrick Wheeler said the biggest threats this year won’t be new or revolutionary but old methods taking on a different shape.</p> <p> “Truly new threats are quite rare and often expensive to threat actors. Known attacks deployed in new ways are actually a much greater threat because they are more likely to be both effective and cost-effective,” Wheeler said.</p> <p>“The big ‘new’ threats of 2016 will most likely be well-known techniques from email – and web-based attacks – applied to less well-defended areas such as social media and mobile apps.”</p> <p>So what’s the best way to protect yourself online?</p> <p>Wheeler advises, “For individuals, the best practices are pretty well-known: run good, up-to-date protection on your devices, don’t open emails and click attachments from people you don’t know, apply relevant OS and application patches when they become available and don’t provide your personal or financial information over social media.”</p> <p>While Wheeler warns all online users to be vigilant with the security of their data, he emphasised the incident of cyber-criminal activity is not actually increasing. Unfortunately, however, it is here to stay.</p> <p>“We could argue that the feeling that cybercrime is getting worse is actually rooted in an increasingly widespread grasp that cybercrime isn’t going away, which is a really important – and scary – thing to realise.</p> <p>“There will be cybercrime as long as there is a way to profit from stealing information online, and every individual and organisation are a potential target: understanding that, we can move on to using intelligence, education and solutions to focus on threats, risks, and response.”</p> <p><strong>Related links:</strong></p> <p><span style="text-decoration: underline;"><em><strong><a href="/entertainment/technology/2016/01/how-to-spot-fake-apple-products/">How to spot fake Apple products</a></strong></em></span></p> <p><span style="text-decoration: underline;"><em><strong><a href="/entertainment/technology/2015/12/top-tips-and-tricks-for-using-skype/">Top tips and tricks for using Skype</a></strong></em></span></p> <p> </p> <p><span style="text-decoration: underline;"><em><a href="http://www.oversixty.co.nz/entertainment/technology/2016/01/myths-about-facebook/"><strong>3 myths about Facebook busted</strong></a></em></span></p> <p> </p>

Technology

Our Partners