Falcons Cyberwatch
11/3/2023
Falcons Cyberwatch
A newsletter by Mike Berding, Director of Educational Technology and Innovation
Thanks for reading Falcons Cyberwatch. Here we'll provide some technology updates and tips and tricks to use technology safely and effectively.
News in Tech
In this section, I'll share some interesting reads that I've come across in the world of technology.
Cybersecurity and Privacy
This section will be devoted to a few tips in the Cybersecurity and Data Privacy world.
Spread of a Breach
What does T-Mobile, Adobe, Canva, Tumblr, Comcast, Experian, and My Fitness Pal , all have in common?
If you said "They're all companies," you'd be right. If you said "They're things a lot of people use," you'd also be right. If you also said "They've all been a part of a data breach," you'd be the most right.
Companies that handle information, digital or not, can be a part of a data breach.
What's a data breach?
Simply put, a data breach is when unauthorized people gain access to private information.
We're not going to dive into how they happen, but really look at some of the options we have available to (kind of) protect ourselves.
The above image is my personal email address as it has been put into HaveIBeenPwned.com. This website scans to see if your email address has been included in any disclosed or leaked breaches. The amount of non-disclosed breachers could be much higher.
As you can see, my information was breached in the MyFitnessPal breach. This included my email address, IP address, my hashed password and any usernames I had.
An email and password combination is definitely not something we want breached together.
Hashing, in this case, is a way of encrypting a password so it cannot be easily figured out. However, I decrypted the hash below in less than half a second.
SHA-1's poor encryption aside, it's important to recognize a few things here:
- Password length - short passwords take less time to crack
- Common passwords - easy to crack (Note - there are some inappropriate/offensive words in this list)
- Words you'd find in the dictionary - really easy to crack
- No special characters (!@#$%^&*(){}?/><.,'";: ) - easy to figure out
- Substitutions - Substitutions are 34$y 70 f16ur3 0u7.
- Reused Passwords - any accounts are susceptible to attack now
What's the difference with my school account below?
If you said the account's relatively new, you'd be correct. I also use Single Sign On (SSO) more with the school account than I would creating accounts outside of school. This means that I sign in with Google rather than creating an account with the email (this limits the information that the service has on the account).
Most importantly, I don't use the email for signing up for things that aren't work related. This reduces the potential risks by maintaining a smaller attack area and avoiding inadvertently having (insert: losing, disclosing, damaging) work information on a non-work account.
There are plenty of resources out there for throwaway accounts to sign up for one-time services or using the tools readily available to support filtering to limit junk and keep the breachable surface smaller.
The goal here is to decrease the potential for information being breached by having less accounts, limiting Business Email Compromises, and using all available protections.
So, to wrap this up I recommend the following:
- Don't use business emails for personal stuff and vice versa
- If you have to create a password, consider passphrases as they have more characters and symbols
- Use a password manager to autogenerate and store secure passwords
- Use SSO when you can. You can have a secure password on one account and the services will not have access to it
- If you find that you've been a part of a breach, change that password and any others that are the same or similar using the recommendations above
- Always use MFA if it's available. I know it's annoying but dealing with Identity Theft is far more annoying
You can't prevent everything, but you can make yourself safer with these tips.
Thanks for reading.
Keep your (and our) accounts safe.
Pop Quiz Results - Robots win this one.
However, sometimes botnets are used for good such as Folding@Home which uses the large groups of computers as a supercomputer to perform protein folding simulations to search for cures for diseases.