Faintest sunlights flee
©Sourendu Gupta

Contact me

Download a ppt file for a talk with the same content as this page. This is free for use. If you use it I would be happy to get feedback.

Hacking, Phishing, Passwords

Why computer security

You are liable for all crimes that you commit. You know this, and take care not to break laws. If a hacker gains access to your account then s/he can pretend to be you and break laws on your behalf, leaving you to face the consequences.

Hacker break-ins can damage you in several ways. Hackers can spam others from your account, and this includes phishing for private information from others. They can destroy data you or your machine has access to. They can launch attacks on much more sensitive installations from your account. All of these are crimes according to the Indian cyber law.

How you can protect yourself against hacking

It is the system administrator's job to make sure that you are safe against system level hacking. But s/he can do so only if you take common sense precautions. If your login status indicates your last login date, time and location, then make it a habit to check it every time you log in. You could notice signs of someone trying to break into your account this way. When you go away from work for extended times, say half an hour or so, then log out of whatever systems you are logged in to and close all open sessions. This helps in preventing others from getting access to these systems, either from your table or over the network.

If you administer your own desktop, laptop or server, read about basic security measures such as changing default passwords and keeping software up to date. Register with the computer center (CC), and they will send you relevant advise from organizations such as DAE (Department of Atomic Energy) and CERT (Computer Emergency Response Team).

Most importantly, be aware of the phenomenon of social hacking.

What is social hacking

Social hacking is the on-line version of confidence tricks. The purpose is the same: getting something of yours. Old-fashioned confidence tricksters were after your money. Their new on-line avatars are after your identity, ie, your passwords, your PINs or account details. These tricksters will usually come at you through emails or phones, and now even through social media.

The best way to deal with this is to identify what is sensitive information. Once you know this refuse to divulge it immediately on demand. Always check back face to face or using channels of communications that you know already. Often the tricksters will claim an emergency and a need to act immediately. Do not comply. Always check back.

Some threats are not honeyed voices trying to lull you into a false sense of trust. Sometimes, they are hidden inside goodies. Refuse free goodies unless people you know have used them for a while without a problem. This includes not only free downloads of various kinds, but also memory sticks found in public places.

How do you protect yourself

Your first line of protection are your passwords. They should be strong, unique, and secret. The bit about secrecy is important. There is no system administrator anywhere who needs your personal password. If someone asking for your password claims to be a system administrator, you can be sure s/he is up to no good.

A strong password is one which is hard to guess. Avoid silly passwords like "abcd1234" or the temptation to be too clever by half and use the password "password". Do not use personal information, social hackers can always find that out. Do not use simple combinations of dictionary words like "isstrong". At this time a password like "gH5(?/qP" is hardly likely to be broken. You can also string together dictionary words if you obfuscate, for example, ";y5OuC:an".

Unique passwords are important: use a different password for every application you have. How do you remember so many difficult passwords? There are high tech solutions; you can use your browser to remember your passwords or an ssh keyring, and then lock each of these with a strong password (which of course you have to remember). There are also low tech solutions like writing them down on a piece of paper (perhaps with some simple encryption) and then guarding it like your money in your wallet or a locked drawer.

© Sourendu Gupta. Last modified on 17 Oct, 2017 Code linked from this page is supplied without warranty under the GNU General Public License.