MyCRA Specialist Credit Repair Lawyers

Tag: Daniel Smith

  • Google Chrome doesn’t secure stored passwords

    protect passwordStay Smart Online (SSO) has issued an urgent warning to Google Chrome users who save their passwords to their browser. Passwords are not secured properly – allowing other users to be able to view all saved passwords! We look at the vulnerabilities for this method on any browser, and look at what other methods of password retrieval computer users can to adopt to protect their important personal information and ultimately – their credit file.

    By Graham Doessel, Founder and CEO of MyCRA Credit Rating Repair and www.fixmybadcredit.com.au.

    Here is an excerpt from the SSO warning – issued on Friday:

    Chrome will typically prompt you to save your password for a site that you visit, and remember this for future logins. While other browsers offer the option of a “master password” that can be activated to protect your passwords, Chrome does not.

    On any Google Chrome browser, you can type chrome://settings/passwords into the URL bar. This will display a page listing all of the passwords held by that browser—for all users of that computer.

    This is particularly concerning for shared computers. You should never save your passwords when using shared computers, such as public computers at a library or airport.

    Do not rely on your browser to safely store passwords for you if someone else has physical access to that machine.

    Only allow people you trust to access to your computer, especially if that computer contains confidential information.

    Online expert Daniel Smith says saving passwords on your browser is something you should never do.

    “It may be a convenient way to store the many passwords you might have for different accounts, but if it’s convenient for you, it can be convenient for anyone looking to steal them as well,” he says.

    Daniel recommends people wanting to remember difficult passwords should use a secure and trusted third-party tool to protect and manage their passwords rather than save them to their browser.

    “Sites such as Passpack.com or Lastpass could be good secure options for password management. One thing to note is that passpack has never been hacked. Another thing to note is that all browsers not just chrome do this,” Daniel says.

    Daniel’s Key Tips To Protect Your Password

    1. Use secure passwords. Come up with a unique password scheme – for example every 3rd vowel is a number or symbol. Or you could use two unrelated words which are memorable to you, and use tools like the Shift key to create a password that can’t be easily deciphered.

    2. Use a different password for each account. It may be harder to remember, but it may just take a little bit of work to make your passwords unique and also easy to remember.

    3. Use a unique username – not the default setting. Don’t use ‘admin’ as a username. You should use a username with at least 8 characters and include characters you have to press Shift for.

    4. Minimise password login attempts. For sites you have control over access to – restrict the number of attempts allowed to access the site, before the user is ‘locked out’, which prevents multiple attempts to crack the password.

    5. Include a 2-step verification plug-in. You can download a plug-in which requires 2-step authentification similar to bank requirements when logging in to the site. These are harder to infiltrate by hackers, but Daniel says many don’t use them because they are inconvenient.

    6. Never store passwords in your browser. Take time to make passwords unique yet easy to remember or use a secure third-party password manager if necessary.

    Personal Information Security and Your Credit File

    Stealing passwords or personal information through these channels can lead to identity theft and potentially fraud. Hackers can on-sell your personal information to fraudsters who have identity theft as part of their repertoire.

    Information like passwords, dates of birth, account numbers, full names etc can be warehoused and used to steal your identity and take credit out in your name. Fraudsters have been known to go so far as to take out personal loans, credit cards and even mortgage homes in their victim’s name.

    Fraudsters are never so kind as to pay this credit back – which leads to defaults on your credit rating. Most victims are unaware of this until they apply for credit in their own right and are flat out refused.

    For between 5 and 7 years you can be locked out of credit while your credit rating shows up someone else’s defaults.

    Unfortunately in the past it has not been easy for identity theft victims to prove they did not initiate the credit, particularly if they have no idea how they were duped in the first place. Often this sophisticated type of fraud is instigated by overseas crime syndicates who don’t leave much of a trail, or even if they do, can’t be prosecuted easily.

    Prevention really is key to protecting your credit file from this fraud – so spend some time and make sure your passwords are as secure as possible as a first line of defence against identity theft.

    Image: foto76/ www.FreeDigitalPhotos.net

  • Bloggers and small business sites a target for cyber-criminals

    Press Release MyCRA

    blogBloggers and small business sites a target for cyber-criminals.

    23 May 2013

    There’s a gaping hole in cyber-security, and once again, the ‘little guy’ is at risk.

    Experts warn Australians using WordPress or similar sites about the risks of being hacked by cyber criminals unless they bump up their safety measures.

    “Small businesses and bloggers often don’t have the money to invest in online safety – and also believe their small site or blog is ineffectual, when in fact its resources make it a prime target for hackers,” Online expert Daniel Smith says.

    These warnings come as part of Cyber-security Awareness Week 2013, and follow the world’s biggest ever WordPress and Joomla attack last month.

    Mr Smith says the event demonstrates the ease with which small sites can be easily infiltrated and used to make a big impact as part of a systematic attack.

    WordPress currently powers over 60 million websites and is read by over a quarter of a billion users every month. WordPress and Joomla were recently attacked by a botnet of tens of thousands of individual computers. The botnet targeted users with the login “admin”, trying thousands of possible pass words.[fusion_builder_container hundred_percent=”yes” overflow=”visible”][fusion_builder_row][fusion_builder_column type=”1_1″ background_position=”left top” background_color=”” border_size=”” border_color=”” border_style=”solid” spacing=”yes” background_image=”” background_repeat=”no-repeat” padding=”” margin_top=”0px” margin_bottom=”0px” class=”” id=”” animation_type=”” animation_speed=”0.3″ animation_direction=”left” hide_on_mobile=”no” center_content=”no” min_height=”none”][i]

    Mr Smith says accessing sites can be easy if pass-phrase security is lax, particularly when the user ‘admin’ is used.

    “I liken it to a locksmith with a whole set of generic keys – he can turn the keys in many doors until he finds one that fits. Hackers have common pass word ‘keys’, and they roll trials of these words until one unlocks the computer, and enables them to use the resources that power the site which are far more than could be gained by a singular desktop computer,” he explains.

    He says the ramifications for individuals and businesses who become part of a botnet are loss of data, loss of secure personal information and break-down of the site.

    “I know victims of who have had to close their business down because they have lost so much information without having any backups,” he says.

    But he warns, hackers don’t always delete the information, but may leave it intact, putting in files in back doors so that they can go undetected – making use of these resources again and again.

    “Hackers can on-sell information to fraudsters, cyber-terrorists or spammers, and can also on-sell the entire botnet to be used in a distributed denial of service (DDOS) event,” he cautions.

    A national credit expert warns fraudsters can use the information to commit identity theft – the fastest growing crime in Australia.[ii]

    CEO of MyCRA Credit Rating Repair, Graham Doessel says information like dates of birth, account numbers, full names and other personal information can be used to steal your identity and take credit out in your name.

    “Fraudsters have been known to go so far as to take out personal loans, credit cards and even finance homes in their victim’s name,” Mr Doessel says.

    “Unfortunately fraudsters are never so kind as to pay this credit back – which leads to defaults on your credit rating. Most victims are unaware of this until they apply for credit in their own right and are flat out refused.”

    Defaults remain on the credit file of individuals for between 5 and 7 years.

    “In the past it has not been easy for identity theft victims to prove they didn’t initiate the credit, particularly if they have no idea how they were duped in the first place. Often not much of a trail is left and prosecutions don’t come easily,” he says.

    Both Smith and Doessel say prevention is key, and recommend you make some simple but important changes to the way you log in to your WordPress or other sites:

    1. Use secure pass phrases. Come up with a unique scheme that is a minimum of 8 characters long – for example every 3rd vowel could be a number or symbol and you should always add some uppercase letters, numbers and any character that requires the shift key to type. Use multiple words in a pass phrase. You could use two unrelated words which are memorable to you.

    2. Use a different pass phrase and user for each account.

    3. Use a unique user name – not the default setting. Never use ‘admin’ as a user name.

    4. Minimise login attempts. Restrict the number of attempts to access the site before the user is ‘locked out’.

    5. Include a 2-step verification plug-in. You can download a plug-in which requires 2-step authentification similar to bank requirements when logging in to the site. This is harder to infiltrate by hackers, but Mr Smith says many don’t use 2-step verifications because they seem inconvenient.

    “We may need to get a little inconvenienced to prevent what could be a personal or business disaster, or in worst case scenario, a future global disaster,” he says.

    MyCRA is a partner for Cyber Security Awareness Week 2013 – an Australian Government initiative through Stay Smart Online, to help Australians using the internet – whether at home, the workplace or school – understand the simple steps they can take to protect their personal and financial information online.[iii]

    To stay one step ahead of fraudsters, you can subscribe to Stay Smart Online Alerts at no charge – which lets you know about cyber issues as soon as they unfold http://www.staysmartonline.gov.au/alert_service.

    /ENDS.

    Please Contact:

    Graham Doessel – Founder and CEO MyCRA Ph 3124 7133

    Lisa Brewster – Media Relations MyCRA & for comment from Daniel Smith Web analyst  media@mycra.com.au

    http://www.mycra.com.au/ www.mycra.com.au/blog

    246 Stafford Rd, STAFFORD Qld

    MyCRA Credit Rating Repairs is Australia’s number one in credit rating repairs. We permanently remove defaults from credit files.

    Stuart Miles/ www.FreeDigitalPhotos.net[/fusion_builder_column][/fusion_builder_row][/fusion_builder_container]