How to beat 22 Web security threats
- — 06 May, 2009 13:37
2. Internet privacy II: history
You may have nothing to hide, but that doesn't mean your browsing history won't get you in trouble. Out of context, entries in a list of sites you've visited recently could easily be misconstrued.
Once again, your browser's private-browsing feature is a useful option here - but don't depend on it. Private browsing lets you surf the web without leaving a trail of website addresses behind.
This feature has long been a part of Apple's Safari browser, and add-ons for Firefox offer Windows users the same benefits. Distrust gives Firefox 2.x and 3.x users a way to manage their browsing history, although some files that Firefox temporarily writes to disk don't get erased until the browsing session ends.
In recent testing by a security firm to discover which browsers' tools do the best job of protecting against tracking by websites, Safari's private-browsing capabilities came in last place; Firefox, Google Chrome and IE 8.0 beta also fared poorly.
3. Crackable passwords
As Alaska governor and US vice-presidential candidate Sarah Palin discovered when someone broke into her Yahoo mail account last summer, having a strong password isn't enough. If the answers you provide in the ‘secret questions' section of your online profile are easy to find, a hacker may be able to convince the webmail service's password-recovery mechanism to hand over the password on a platter.
These days, many of us have a LinkedIn account, a Facebook profile and a Twitter feed, each of which is studded with answers to commonly used security questions such as your secondary school or your dog's name.
Conveniently, the general chit-chat you engage in at some of these sites, along with your contacts lists, can supply fraudsters with the gems of information they need to crack your passwords and security questions.
Once you've created a random and unguessable password, generate a second password with the password-management utility to use as the answer to the inevitable ‘mother's maiden name' question. Mum may not appreciate being identified in some password bank as Miss 7#BrE_r, but no one will guess that that's how you listed her in your ‘secret questions'.