By Kim Christiansen
Today, January 5, 2018, more than 1.4 billion usernames and passwords were posted to the Dark Web, a part of the internet that is not publicly available but frequented by hackers and criminals. These hackers then used thousands of computers to target hundreds of thousands WordPress servers, which is the most popular publishing platform, and the one used by RVtravel.com. This leak is combined of names and passwords from known breaches and new leaks. More than 196 million of the usernames/password combinations have never been seen before.
The security software RVtravel.com uses to block the attacks ended up further blocking some of the worst offending networks. This resulted in us inadvertently blocking some RVtravel.com readers from our websites and newsletters: they just so happened to be on the same network as computers attacking our site. We have since unblocked those readers and are monitoring the situation closely.
New Vulnerability in Hardware of Computers, Phones and Tablets
On January 3, Google’s Project Zero, or GPZ, released details of new vulnerabilities that exist in almost every single computer currently in use. There are actually two vulnerabilities, one called Meltdown and another called Spectre.
Meltdown allows a hacker to read information in a computer’s memory chips, the computer’s work space if you will. Normally, this area is off limits but with this new vulnerability hackers could access the memory of a computer directly and read the information.
Spectre is a new flaw found in the speculative speed enhancements in modern computer processors. Processors have programs that try to guess what you’re going to do next and then they hold that information close by to speed up any requests that need it. With this flaw, hackers could use code to read that data.
These are fairly serious problems in the underlying hardware that makes our modern world possible. There will have to be significant updates to both software and hardware in the coming weeks to plug these holes.
Watch for your computer or phone to warn you about available updates and apply those updates as soon as they arrive. As a general rule you should always keep your computer and mobile devices up to date. Security is an ever-moving target and the people who make these devices and software are working hard to make sure your device is safe to use.
Because the two above-mentioned vulnerabilities deal with speed enhancements in hardware, you may notice an impact in the performance of your computer or mobile device after it has been patched. For most users, the impact will be minimal, if even felt at all. For more high-end users, though, the impact could be as much as a 30% reduction in speed. We’ll just have to wait and see how the patches affect performance in day-to-day computer use.
Safe computing is a term for how I recommend people use the internet on their smart phones and PCs (Mac or Windows). This can be summed up in these easy steps:
1. Never use the same username and password combination.
Even though we all have done this and many of us still do, it’s the most insecure thing you can do. If hackers break into someone you have done business with and get that username and password, they get instant access to your entire digital life where you used that password.
2. Never use passwords that are easy to guess or very common.
Passwords like “password” or “1234” or your home address or phone number are easy to find or guess. Try to use a pass phrase or, better yet, obtain a password locker program such as 1password or LastPass (there are several more available). And yes, the most common password is still “password.”
3. Avoid online quiz or tests that ask for personal information.
Don’t answer any quizzes or tests on social media like Facebook that ask for personal info like what month you were born in, what your favorite color is, etc. While many of these are harmless, they have been used to compile data by hackers. Know who you are giving such information to. Online polls aren’t bad things, but they can be and are abused by hackers.
4. Always use an anti-virus program for your computer, tablet or phone.
It doesn’t matter if you have Mac or Windows, you need to run an anti-virus program and you need to pay for the yearly updates. Hackers aren’t sitting still – they are actively trying to steal your information and infect your computer in new ways. While the current Mac and Windows operating systems are way more secure than they used to be, they aren’t perfect, and this is an important part of owning a computer. If you have an Android phone, this is important for you as well, since the Android marketplace has had several instances of infected apps. iOS is more secure because Apple limits access to developers, but having another layer of protection is recommended.
5. Never, ever, ever use public Wi-Fi.
All of those coffee shops that offer free Wi-Fi are fertile ground for hackers. They don’t even need to be IN the coffee shop – they could be sitting nearby. Everything you send over public, shared Wi-Fi is readable to any hacker over the age of 8 with readily available tools they can download online. Think of it like this: Would you share a cup of coffee with someone you didn’t know? Imagine if a coffee shop had one big mug that everyone took a sip from. That’s disgusting, isn’t it? That’s the real-world equivalent of everyone in the shop using the same Wi-Fi password. Just don’t do it. Check with your mobile phone provider for tethering options, and if you must use your computer in a public space, connect to the internet through your phone or tablet’s Wi-Fi connection. If you’re on your phone or tablet, use your mobile provider’s data connection at all times unless you are on a Wi-Fi network that you know is secure, like your home network, a friend or family member’s network, or at work.
6. If you are on the road and need a reliable/secure internet connection.
Consider purchasing a virtual private network connection or VPN. A VPN is a service that you subscribe to that encrypts all of the information you send over the internet so even though a hacker might be able to intercept your data, it will be unintelligible to them. This keeps you and your data safe. Another method of remote access is to obtain a Wi-Fi Hot-Spot from your mobile provider. You connect your computer to the Hot-Spot over Wi-Fi and then it connects to the internet via your mobile provider’s network. They are secure and easy to use. Many RVers may already have these, as internet connections on the road can be spotty at best.
7. Don’t underestimate the value of your online information.
The damage identity thieves can do to you with even a minimal amount of information is daunting. They can use a few bits of information to get access to more. The holy grail is your mother’s maiden name, the last four digits of your social security number, or your entire social security number, and your date of birth. From the Equifax data breach alone they have access to all of that information readily available to them. Once an identity thief gets their hooks into you, the amount of time and money you will spend trying to clear your good name will far outstrip the time and money spent upfront practicing Safe Computing.