Tech – for Everyone

Tech Tips and Tricks & Advice – written in plain English.

Gmail vulnerable to password cracking

Best Prevention — A Muscular* Password

Vicente Aguilera Diaz posted a warning on Insecure.org that there currently is a weakness in Google’s extremely popular (free) Gmail that allows hackers to use automated scripts to guess passwords.

An existing abuse of functionality in the “Check for mail using POP3” capability permits automated attacks to the password data of the accounts of the Gmail users evading the security measures adopted by Google. The abuse of this functionality permits an attacker to do thousands of authentication requests during a day over one user account, so if the user is using a weak password is a matter of time to guess to have access to the mail account.

The solution is to use an un-guess-able password.

Gmail is Google’s free webmail service, and arguably it is the best such service out there. It comes with built-in Google search technology and over 7,300 megabytes of storage (and growing every day). You can keep all your important messages, files and pictures forever, use search to quickly and easily find anything you’re looking for, and make sense of it all with a new way of viewing messages as part of conversations. It is excellent at filtering spam.

Tip of the day: Please read A Word About Words — Passwords, That Is. It is a short article that describes what makes a good, strong password; why that’s important; and as a bonus, provides a link to a top-rated “password manager” tool.

Today’s free link: I learned of this recent alert on Windows Secrets.com

* strong

Copyright 2007-9 © Tech Paul. All rights reserved.jaanix post to jaanix

Share this post :

August 6, 2009 Posted by | advice, computers, cyber crime, e-mail, Google, Internet, passwords, security, tech | , , , , , , | 8 Comments

Some basic security pointers–#1

Is your computer a zombie? You can never be too secure, and neither can your PC. These few steps will go a long way in keeping your private information away from prying eyes, and prevent your machine from being used as a “zombie” by tech-savvy evil doers. (Most owners of zombie PCs are totally unaware that their computers are being used in this way.)

Tip of the day: The two basic steps I will discuss today–password protecting your User Accounts (and requiring logging in), and renaming your Administrator Account–should be prefaced with a quick description of what is, exactly, a strong password.

Strong passwords should be “complex”. That means that they should contain both upper and lower-case letters, special characters (!@#$%^&*(){}[]) and numbers, and be at least eight characters long, and–most definately–not be a word (or name) found in the dictionary. Your passwords (notice the plural. It is not wise to use the same password for everything.) will be easier to remember if you make them into a ‘passphrase’. A equestrian might use a passphrase of 1Lu^h0rsez, for example.

Now that you have a good password, it’s time to require authentication to use your machine. Start by clicking on Start>Control Panel>User Accounts (or Start>Settings>Control Panel>User Accounts. Depending on your version and preference setting). Then click on “Change an account,” and then click on “Create a password for your account.” Enter your password, twice, and if you’ld like, a password “hint” that will remind you (but not clue in the whole world) of your new password. Click “Create password.”

Now, since knowing your User Name is half the battle, click on “Change the way users log on or off.” Deselect (by unchecking the check in the checkbox) “Use the Welcome screen.”

Unbeknownst to most folks, Windows has a hidden Administrator account (this becomes vitally important when troubleshooting failing systems, or when User accounts get “locked out”) named “Administrator”. Hackers are well aware of this, and it is their favorite method of gaining access (and control over) your machine; since they know the User name, all they have to do is guess the password–which by default, and unless you set one, there isn’t one! Remedy this in XP Professional by going to Control Panel>Administrative Tools (you must use Classic View) and clicking on Local Security Policy. Then in the left column click on the plus sign next to Local Policies, and then click the Security Options folder (If you receive a warning about Group Policy, just ignore it) and a series of policies will appear in the right pane. The 4th or 5th one from the top should be “Accounts: Rename administrator account”. Double click on it and a dialogue box will open. Enter a new name, and click Apply, and OK.

In XP Home, the method is to click Start>Run. In the Run dialogue type in “Control userpasswords2” [no quotes] and click OK. From the User Accounts dialogue box, select the Administrator Account and click Properties. Enter the new name in the User Name text box, and click OK.

(For other versions of Windows the methodology is similar, but I recommend Searching Microsoft’s website for the specific steps.)

The last step is to congratulate yourself, because you have just made your computer much, much harder for a determined cracker to penetrate, and practically eliminated access to the casual browser.

Today’s free link: Steve Gibson’s ShieldsUp! This free scan, offered by a true giant in the computer field, analyzes your computer for vulnerabilities coming from the Internet, and tells you how your private data may be visible to outsiders. This link will appeal to the more tech-savvy, and be an eye openning experience for those of you who have not learned about firewalls yet.

Copyright © 2007 Tech Paul. All rights reserved.

Share this post :

June 9, 2007 Posted by | advice, anti-spyware, antivirus, computers, file system, how to, passwords, PC, privacy, rootkits, security, tech, User mode, Vista, Windows, XP | , , , , , , , , , , , , , , , , , , , , | 13 Comments