Posts Tagged ‘Hacking’

It makes my Heart Bleed!

The Heartbleed bug exploit and a series of high profile hacking attacks over the last year or so, have highlighted the fact that the more we make use of internet based storage for our personal information, the greater the risk we take.


Hackers are now making use of highly sophisticated techniques to bypass, steal or guess our passwords. Even without stealing passwords through exploits like Heartbleed, hackers can use powerful computers to launch brute force password attacks, which can break even strong passwords, in a relatively short space of time. These attacks throw millions of password combinations per second at the intended target, until they eventually guess the right one.

The fact is that we are now entering an age when passwords alone are not going to be sufficient to protect the increasing volumes of personal data we have stored in the cloud.

But what if we could make use of a device most of us carry with us everywhere to act as a secondary key? A key that could prevent someone from logging into your account with a stolen password, unless they also had physical access to this key? 

I refer to the humble mobile phone. 

Most of the main internet service providers – Google, Facebook, Dropbox, PayPal etc. all provide a little publicised, secondary key option, known as two-factor authentication. Using two-factor, a code number is sent by the service provider to a registered mobile phone number, or generated by an app, whenever a new device logs into a protected account. This way, even if a hacker had access to your password, they could not log into your account, without also being able to enter the code number displayed on your mobile phone.

There is some inconvenience trade off against security, of course. You won’t be able to access your account from a new device, unless you have your phone with you. If you lose your phone, you’ll only be able to access your account from a previously authorised device, before you can update the two-factor settings. However, for the extra security offered, I think the pros far outweigh the cons.

Although no system will ever be 100% secure, it’s a fact of life that we are all going to have to take additional precautions with our data security, if we are to avoid falling victim to the darker side of the internet.

See below for linked instructions to enable two-factor authentication on a number of popular cloud based services.


Now Dropbox are hacked

August 3, 2012 Leave a comment

Dropbox are the latest Cloud provider to suffer hacking of some of their users’ log-in details!

According to an article in ITPro, Dropbox have admitted that a number of their users had been spammed ‘following a breach of its infrastructure that led to a number of accounts being compromised’.

Dropbox blame the breach on usernames and passwords, that had recently been stolen from other websites, also being used to sign in to a ‘small’ number of Dropbox accounts. Though they also admit “A stolen password was used to access an employee Dropbox account containing a project document with user email addresses”!

However, reassurance comes from Neil Cook, chief technology officer of security company Cloudmark, who described the hacking as “unsophisticated”. He went on to say “The offending messages were hitting a handful of spammy fingerprints at once. If this were an exam, the spammer would receive an ‘ungraded’ mark for lack of message complexity or originality.”

Well, as long as Dropbox base their security measures on the likely incompetence of would-be hackers, then I for one, am suitably reassured!

However, my tip would be to be a little more cautious and use a third party encryption software, such as TrueCrypt or AxCrypt  to protect any sensitive files you might want to entrust to their safe keeping.

Categories: Cloud Security Tags: ,
%d bloggers like this: