Pages Menu
TwitterRssFacebook
Categories Menu

Posted on Aug 8, 2014 in Security Update

The guide to password security (and why you should care)

The guide to password security (and why you should care)

Source: Cnet

Find out how your password security can be compromised, and how to create and manage secure passwords.

Reports of a massive security breach circulated this week. There are a lot of questions about the extent of this alleged breach, but if you’re concerned that your password and credentials have been taken, we recommend updating your passwords. Here’s our advice for creating a strong password you can actually remember.

How are passwords exposed?

Before we dive into the how-tos of creating secure passwords, it’s important to understand why you need a supersecure password to begin with. After all, you might be thinking, “Who would want to hack little old me?”

There are a few ways your account passwords can be compromised.

  1. Someone’s out to get you. Enemies you’ve created, exes from your past, a nosy mother, an intrusive spouse — there are many people who might want to take a peek into your personal life. If these people know you well, they might be able to guess your e-mail password and use password recovery options to access your other accounts. (Can you tell I’m speaking from experience?)
  2. You become the victim of a brute-force attack. Whether a hacker attempts to access a group of user accounts or just yours, brute-force attacks are the go-to strategy for cracking passwords. These attacks work by systematically checking all possible passphrases until the correct one is found. If the hacker already has an idea of the guidelines used to create the password, this process becomes easier to execute.
  3. There’s a data breach. Every few months it seems another huge company reports a hacking resulting in millions of people’s account information being compromised. And with the recentHeartbleed bug, many popular websites were affected directly.

What makes a good password?

Although data breaches are out of your control, it’s still imperative to create passwords that can withstand brute-force attacks and relentless frenemies. Avoiding both types of attacks is dependent on the complexity of your password.

Ideally, each of your passwords would be at least 16 characters, and contain a combination of numbers, symbols, uppercase letters, lowercase letters, and spaces. The password would be free of repetition, dictionary words, usernames, pronouns, IDs, and any other predefined number or letter sequences.

The geeky and security-savvy community evaluates password strength in terms of “bits,” where the higher the bits, the stronger the password. An 80-bit password is more secure than a 30-bit password, and has a complex combination of the aforementioned characters. As a result, an 80-bit password would take years longer to crack than a 30-bit password.

Ideal passwords, however, are a huge inconvenience. How can we be expected to remember 80-bit (12-character) passwords for each of our various Web accounts?

Creating secure passwords

In his guide to mastering the art of passwords , Dennis O’Reilly suggests creating a system that both allows you to create complex passwords and remember them.

For example, create a phrase like “I hope the Giants will win the World Series in 2013!” Then, take the initials of each word and all numbers and symbols to create your password. So, that phrase would result in this: IhtGwwtWSi2013!

The next option is to use a password generator, which come in the form of offline programs and Web sites. The best choice here would be to use an offline generator, like the appropriately named Random Password Generator, so that your created passwords can’t be intercepted.

While you experiment with different passwords, use a tool like How Secure is my Password? to find out if it can withstand any cracking attempts. This particular Web site rates your password’s strength based on how long it would take to crack. If it’s too easy, the meter will let you know what elements you can add (or remove) to strengthen it.

how-1.png
Check the strength of your passwords at the How Secure Is My Password site, which indicates how difficult your password is to crack, and whether it’s on the site’s common-password list.Screenshot by Eric Franklin/CNET

Microsoft offers its own online strength checker, and promises that the form is completely secure. Macusers can use the built-in Password Assistant to check their passwords’ security.

Enable two-step-verification
Any time a service like Facebook or Gmail offers “two-step verification,” use it. When enabled, signing in will require you to also enter in a code that’s sent as a text message to your phone. Meaning, a hacker who isn’t in posession of your phone won’t be able to sign in, even if they know your password.

You only have to do this once for “recognized” computers and devices. Here’s how to set up two-step verification for many popular websites.

Keeping track of secure passwords

If you follow one of the most important commandments of passwords, you know that you absolutelymust have a unique password for every service you use. The logic is simple: if you recycle the same password (or a variation of it), and a hacker cracks one account, he or she will be able to access the rest of your accounts.

Obviously, you can’t be expected to memorize dozens of crazy, 16-character-long passwords.

This guide thoroughly explores the different options for managing your passwords, including things like storing them on a USB drive, and even writing them down. Although it’s ultimately up to you, he presents a strong argument for using the ol’ sticky note method.

Using a password manager
Password managers store all of your passwords for you and fill out your log-in forms so that you don’t have to do any memorizing. One of the most secure and intuitive password managers is LastPass.

lastpass-vault.png
The LastPass password vault in Chrome.LastPass Inc.

LastPass is unique in that it is made of two parts, coupling an offline program with a browser plug-in. All encryption and decryption happens on your computer so that your data doesn’t travel over the Internet and is not stored on any servers.

As you create new accounts or change your passwords, LastPass will ask you if you’d like to create them using its password generator, which is designed to generate hard-to-crack passwords.

If you choose those routes, you’ll still have to remember at least one thing: your master LastPass password. Do be sure to make it extra-secure and composed of at least 12 characters to ensure that it’s not vulnerable to any brute-force attacks.

It’s worth noting, however, that just like any software, LastPass is vulnerable to security breaches. In 2011, LastPass experienced a security breach , but users with strong master passwords were not affected.

Read More

Posted on Aug 8, 2014 in Noticias / News

Apple registra patente para llevar Siri a la Mac​

Apple registra patente para llevar Siri a la Mac​

Fuente: Cnet

Después de varios años de rumores, una patente muestra pruebas de que Siri ya está en camino de llegar a OS X y a las computadoras de Apple.

Una patente descubierta por el sitio Business Insider deja ver pruebas de que Apple está trabajando para que en una próxima versión de su sistema operativo OS X la asistente virtual de iOS, Siri, haga su aparición.

La patente en cuestión está registrada con el nombre de “Asistente inteligente y virtual en un ambiente de escritorio” y se describe como un ayudante digital en la computadora que, mediante comandos de voz, podrá realizar acciones e incluso podrá cooperar con el usuario para que se complete una tarea que se comenzó a realizar en otro dispositivo. Esto último sea quizás un guiño a soporte de iCloud.

Por lo que se puede ver en la imagen de la patente, Siri para Mac sería una aplicación independiente y no una función del sistema (como por ahora lo hace la herramienta de Dictado por Voz), y por ello tendría su propio icono en el Dock. Siri para Mac no sólo aceptaría la voz del usuario como un comando para escritura, sino también para abrir aplicaciones o realizar búsquedas entre archivos del sistema o en Internet.

siri-para-mac.jpg
La imagen de la patente que muestra a Siri para Mac.Oficina de Patentes y Marcas de Estados Unidos

No sería la primera ocasión en que Apple utiliza aplicaciones de iOS para llevarlos a OS X y viceversa. Sin embargo, Siri es una de las funciones que más se ha tardado en dar el brinco. Por ahora existe la herramienta (en preferencias del sistema) para dictar con voz y que la computadora escriba en texto, pero sus funciones son muy básicas.

Apple lanzará OS X Yosemite, la próxima versión de su sistema operativo para Mac, en el otoño, pero es muy poco probable que en dicha versión aparezca Siri para Mac, pues la gigante de Cupertino ya anunció todas las novedades de esta versión. Quizá lo veremos en el próximo lanzamiento en 2015.

Read More

Posted on Aug 7, 2014 in Tips & Tutorials

11 apps that help you save money

11 apps that help you save money

Source: Cnet

Heading back to school this fall? These apps will help you save money now and throughout the year.

Ready to buy new clothes, dorm furnishings, gadgets, or just want to make sure you can afford to eat? The good news is that you won’t have to spend all of your time looking through the newspaper or local flyers to find the best deals. Here’s a collection of 11 apps that will help you locate coupons, hidden rebates, and tips for getting the best prices everywhere:

Coupon Apps

You usually bring your phone with you everywhere, right? Instead of adding to the forgotten pile of newspaper clippings on the kitchen counter, just add one of these apps to your phone. Digital coupons are eco-friendly (save trees!) and don’t require any email newsletters that clog up your inbox.

Coupon Sherpa (AndroidiOS)

Want to dive right into digital coupons? This app doesn’t require any account information and lets you browse coupons by category, or search for something specific. You can save your favorite places by tapping the star in the corner. It’s that easy.

The Coupons App (AndroidiOS)

As the name implies, you will find a wealth of coupons inside. And besides coupon browsing, you can scan items, share coupons with friends, or even check gas prices.

RetailMeNot (AndroidiOS)

Thanks to the latest update, this app is now delivering offers on food. You can save your favorite stores and also get a notification when a new offer is available from them, which is a missing feature from many of the discount apps out there.

Restaurant.com (AndroidiOS)

You have to eat, but maybe you want a break from cooking. This app will get you great deals on gift certificates for local restaurants — like $4 for a $10 certificate.

Checkout 51 (AndroidiOS)

More of a rebate redemption service than a coupon app, Checkout 51 will send you real money when you buy selected products. All you have to do is take a picture of your receipt and submit it to the app to verify your purchase. After $20, you can cash out.

Other discounts

KeyRing (AndroidiOS)

Having trouble getting your keyring into your pocket? Removing some of your discount cards means you’ll be missing the right one at the wrong time. Instead, add all of your discount cards to this app and the cashier will be able to scan your screen. Bonus: the app has a large selection of coupons, too.

Cartwheel by Target (AndroidiOS)

This app displays items that have special sale prices, with one catch: you can only pick as many spots as your list will hold. The more you use the app, the more spots you’ll earn for your list. After your list is built, the app will create a bar code that must be scanned at checkout to reap the savings.

ShopSavvy (AndroidiOS) / RedLaser (AndroidiOS)

Want to know if you’re getting the best deal? The easiest way to check is with a scanner app like ShopSavvy or RedLaser. These apps are extremely similar (which is why they are grouped together here), but ShopSavvy is definitely the veteran of the two — if that makes a difference to you.

Foursquare (AndroidiOS) and Swarm (AndroidiOS)

Believe it or not, you can score some sweet deals on food and other items with the Foursquare and Swarm apps. From discounts when dining out, to a percentage off your bill at major retailers. Just check-in and you’ll see which offer you’ve unlocked. (The code for redemption is in fine print along the bottom.)

GasBuddy (AndroidiOS)

If you’re using your own car to get yourself (and maybe some friends) to class, then you’ll want to know where to fill up. GasBuddy heavily relies on locals to report gas prices — and it works! You’re likely to save money each time you check the app before heading to the pump.

Setting a budget

Using coupons, collecting rebates, and getting discounts will definitely save you money, but you should still have a budget. In other words, don’t let savings one place encourage you to overspend somewhere else. Many banks are now offering the ability to see where you’re spending the majority of your income (if you use your bank cards) with their mobile app. However, if you’re looking for an alternative, try this one:

Check (AndroidiOS)

This app will help you manage your finances across multiple accounts. The bill reminders will help you avoid late fees, and you can make payments right through the app.

Mint.com gets an honorable mention, but does not work with two-step authentication, which is required by many banking websites.

Read More

Posted on Aug 7, 2014 in Noticias / News

Apple sets Sept. 9 for new iPhone debut, report says

Apple sets Sept. 9 for new iPhone debut, report says

Source: Cnet

Ready for an iPhone 6? Apple reserves September 9 for a media event where it’s widely expected to announce the newest incarnation of its flagship smartphone, Recode says.

Apple plans to hold a media event September 9, when it’s likely to launch the iPhone 6, according to a new report.

Recode, which often has accurate information about Apple launch dates and other news, pegged the event to that September date, but didn’t give any other information. Other reports have recently speculated that Apple wouldn’t introduce its newest smartphones until October, which would be later than its recent strategy.

Apple has added a new iPhone every year since former CEO Steve Jobs introduced the smartphone line in 2007. New iPhones have been unveiled in September since 2011.

Apple declined to comment.

Many market watchers expect Apple to introduce two new iPhone 6 models with display sizes of 4.7 and 5.5 inches, though some recent reports speculate one device could be released at a later date. Apple, has asked manufacturing partners to produce 70 million to 80 million units of its larger screen iPhones by December 30, The Wall Street Journal reported last month. That’s up from its initial order of 50 million to 60 million units of the iPhone 5S and 5C, the paper said.

Apple’s results have been fueled by the iPhone for the past several years, with the company generating about half of its revenue from the smartphone. But Apple is facing more competition than ever before. Samsung and others are pressuring the company at the high end, while Apple is largely missing out on the low end of the market. That’s a big concern as more and more mobile sales come from emerging markets like China, where inexpensive phones from companies such as Huawei and ZTE are popular.

So far, though, Apple’s customers have remained loyal, and it’s attracting buyers despite offering devices that are almost a year old. In April, Apple said it had nearly 800 million iTunes accounts, a number that CEO Tim Cook described at that time as “staggering.” About a year earlier, Apple announced it had 575 million accounts. And Apple last month said it sold 35.2 million iPhones in its fiscal third quarter ended in June, up from 31.2 million in the year-ago period. The continued strength of the iPhone represents an anomaly at a time when the smartphone business is maturing and there is a noticeable lack of excitement in the area.

Read More

Posted on Aug 7, 2014 in Noticias / News, Security Update

‘Hackers’ rusos roban miles de millones de cuentas

‘Hackers’ rusos roban miles de millones de cuentas

Source: Cnet

Una banda de ‘hackers’ rusos se hizo de más de 420,000 sitios web y FTPs, amasando millones de combinaciones de nombres de usuario y contraseñas.

¿Pensabas que el robo de datos de 110 millones de personas durante el hackeo de la minorista Target fue espantoso? Hold Security dice haber descubierto una brecha de seguridad hasta 10 veces más grande.

Durante los últimos siete meses, la empresa de seguridad ha estado trabajando para descubrir lo que dice ser posiblemente la mayor violación de datos conocida en la historia. Hold Security ha identificado un cybergang ruso que cree que robó 1,200 millones de combinaciones de nombre de usuario y contraseña y más de 500 millones de direcciones de correo electrónico.

“Ya seas un experto en tecnología o un tecnófobo, siempre y cuando tus datos están en algún lugar de la World Wide Web, puedes haber sido afectado por esta brecha,” Hold Security advirtió en un blog publicado el martes. “Tus datos no necesariamente han sido robado a ti directamente. Podrían haber sido robados a proveedores de servicios o bienes a quienes confías tu información personal, la de tus empleadores o incluso las de tus amigos y familiares.”

Los hackers no discriminaron en cuanto a qué tipos de sitios web fueron víctimas de esta infracción; aparentemente se fueron tras las empresas más conocidas, pero también contra sitios web de empresas pequeñas, según Hold Security. En total, se robaron información de más de 420,000 sitios web y FTPs.

La empresa aún no ha dado a conocer los nombres de estas empresas, porque dicen que dichos sitios pueden quedar vulnerables. “Ellos no sólo se dirigen a las grandes empresas, sino que se dirigen a cada sitio que visitaron sus víctimas,” Hold Security escribió en su blog.

“Con cientos de miles de sitios afectados, la lista incluye a muchos líderes en prácticamente todas las industrias en todo el mundo, así como una multitud de sitios web de pequeñas empresas o incluso personales.” Hold Security es conocido por revelar violaciones de datos masivos. Esta firma identificó, por ejemplo, un hackeo de octubre de 2013 en Adobe Systems que resultó en millones de IDs de clientes expuesto.

Pero esos hackeos son de poca monta si se comparan con las noticias más recientes. El cybergang ruso detrás de la violación no tiene un nombre, pero la firma de seguridad lo apodó “CyberVor.” Vor significa “ladrón” en ruso.

Inicialmente, CyberVor acumuló más de 4,500 millones de registros, pero muchos de éstos eran duplicados, por lo que la firma de seguridad redujo el número estimado a 1,200 millones de credenciales robadas.

Con la población mundial estimada en 7,000 millones de personas, una violación de 1,200 millones de cuentas significa que casi todos los adultos con email se vieron afectados por este último hackeo. Sin embargo, Hold Secutiry le está pidiendo a la gente a no entrar en pánico y, en cambio, les pide que pongan en marcha un plan para protegerse. Entre otras cosas, recomienda que los usuarios se registren a un servicio de monitoreo de identidad o a uno de protección de identidad. Y, obviamente, Hold Security está promoviendo en suyo propio que tiene un costo de US$120 por mes.

Read More