Mobile phones (or cell phones or hand phones, depending where you are in the world) can be used to track the location of people. This has always been possible, because of how the cellular network works. But now it’s easier for hackers.
The GSM system (used by most phone companies) has a test mode built in. A recent demonstration by a university showed that anyone can access this test mode and request the location of any phone, if they have the right skills and equipment. The equipment doesn’t cost very much, and the skills can be shared on the internet.
Mobile phones use base towers to handle the communication. The phone network needs to keep track of which towers are closest to you. And by using triangulation, an approximate position can be calculated.
Nothing. Law enforcement organisations have always had access to your phone’s location. Hackers now have it as well. If you need to keep your location private then don’t carry a mobile phone. You could also keep it turned off until you need it, but as soon as you turn it on the cell network will know your location.
If you run a website sooner or later you’ll see spam in the comments. Here are some tips for recognising them:
Spam comments are very vague. Instead of discussing your content, it says something very generic, such as “your website is great”. E.g.
naturally like your web-site however you need to take a look at the spelling on several of your posts. A number of them are rife with spelling problems and I to find it very bothersome to inform the reality nevertheless I will surely come again again.
There is nothing useful in this comment, and it could apply to anyone’s website. So obviously it was sent to every website they could find hoping someone clicks on their link.
Another place to look is the sender’s URL. Some website software such as WordPress allow commenters to include their URL (their web page). Look at it closely, if it says something like paydayloansonlinecash.com then it’s spam – they’re trying to make money off your site.
Have a look at the following screenshot and try to guess what’s wrong with it?
This screenshot was captured from the US National Archives’ signup page (click here then click on New User). It asks for a challenge question and challenge answer, in case you forget your password. The problem here is one of the questions, “What is your preferred internet password?“.
Why would you give someone this information?
Challenge questions and answers are a way to recover lost passwords. Unfortunately this information is often not encrypted – it’s less secure. So whatever you set for your challenge question and answer is sometimes vulnerable to hacking. Also, the questions are often things that other people can easily find out about you, like your pet’s name. This is why I don’t like them.
Facebook’s security and privacy have never been perfect but they’re now starting to take it more seriously. Maybe some strong competition from Google+ has something to do with it.
Facebook have published a security guide and it’s quite good. It covers topics like recognising scams, recognising hacked accounts and how to use SSL connections. All good stuff! For example,
The common scams offer prizes like free virtual objects. Other lures claim that your account has been suspended and provide a link for you to remedy the problem.
If you use Facebook at all I recommend reading through the guide. I also strongly suggest you print it out and lend it to your friends and family – people who might not be able to do their own research on security.
Security companies sometimes get to analyse real people’s passwords and create interesting reports. Imperva has just done that, analysing 32 million passwords used on the Rockyou.com site (which was recently hacked).
Below is a summary of their findings. Why is this important to you? Because it means that statistically, you probably have a weak password that can be guessed.
41% of passwords only use lower case letters (weak)
15% of passwords only user numerals (even weaker)
Nearly 50% of people used names, slang words, dictionary words or trivial words as their passwords. These can be guessed in seconds by a “brute force” program.
The ten most common passwords were:
If you use any of these as your password then change it now, it’s too easy to guess, especially now that everyone can see this list.
McAfee, a large anti-virus company, has published a report called “Inside the Password Stealing Business: the Who and How of Identity Theft”. It goes into the details of password stealing programs and explains the “industry” driving it.
It’s quite detailed and at 17 pages it won’t take too long to read – it’s not very technical.
Password stealing is when a program gets installed on your PC that catches every stroke of your keyboard and sends it back to a criminal. The idea is that it’ll record all your passwords as you type them, no matter how strong they are. It’s a sophisticated piece of technology and a very large problem worldwide. If you’re not constantly upgrading your anti-virus software, web browser and OS then you’re at high risk.
These passwords are then sold off and used to steal money from your bank account or to commit other crimes. Even if you don’t use online banking you still have something to lose – someone can apply for a credit card under your name and use it to make expensive purchases, then you’re left to deal with the credit card company and convince them it wasn’t you (this happens every day).
So click on this link and have a read of the report.