By David Gracey
Security Hole in Home Firewalls
Many of us install a router or firewall for our home. I don’t trust the pathetic level of security provided by a cable modem and neither should you. Having a router/firewall in addition to the cable modem goes a long way towards securing your home network.
The Wall Street Journal recently reported on a project where they hired a security expert to analyze routers used to protect home networks. They found an interesting hole in the security that is built into the appliances. Routers have software, similar to Windows, that allows them to function properly. The job of the software is, among other things, to keep the bad guys out and protect the contents of the home computers. What the study found, however, is that home computer users rarely, if ever, update the software that runs the routers. Instead, they “set-it-and-forget-it” once they have the units installed. Furthermore, some of the chips that are embedded in the routers have their own firmware, which needs to be updated periodically. And in the highly competitive world of chip makers, it is common practice to cut corners by not keeping up with the latest firmware. The manufacturers of these chips are using decades-old firmware in some cases, and even claim not to have known that a new version of the firmware had been released. Bug-ridden firmware is sometimes loaded on the chips and the routers then make their way into the consumer market with big security holes which are rarely, if ever, patched.
Top 10 Worst Passwords for 2015
Every year several computer security firms publish the most frequently used passwords for computers. This is one Top 10 list you don’t want to be on. Being on this list means these are the worst passwords to have because they are the easiest ones to guess if you are a hacker (a.k.a. bad guy). If you use one of these passwords, assume the contents of that account will be fully and openly available to the hackers. It’s a matter of when, not if, the bad guys will access your account. Here are several highlights of the most recent reports about terrible passwords:
The Song Remains the Same: As usual, many of the top spots (which means they are actually the worst of the worst) go to sequential numbers. This year seven of the twelve worst passwords are number series: 1234, 12345 and so on. It’s just sad if you can’t come up with a better password than that. Coming in at the #2 slot (yet again) is ‘password.’ At least use a LITTLE more effort and change some letters to numbers. Heck, even ‘passw0rd’ came in at #24.
The Force Awakens: Star Wars made its (re)debut in the Top 25 list with passwords “starwars,” “princess” (Leia) and (Han) “solo.” One does not need to be strong with the Force to crack these passwords. As the sage Yoda would say “Do or do not. There is no try.” These passwords definitely come under the heading of “do not.”
String Theory: Other common passwords are strings of keys like “qwerty,” “abc123” and “qwertyuiop,” which is the entire top row of the keyboard. Yes, it meets some length requirements but doesn’t prevent the bad guys from getting in for long.
As the story goes, two boys stumbled upon a tiger in the jungle. One boy immediately starts running and the other boy says, “You can’t outrun the tiger,” to which the first boy replies “I don’t have to outrun the tiger; I only have to outrun you.” The same is true with security: you don’t have to build Fort Knox around your computer. Merely build a wall that is a bit stronger than your neighbor’s. If hackers are going to hack into something, make sure it’s not your computer. (Click here for another Tuesday Tip regarding security tips.)
Choose a password that doesn’t make the hall of shame and make sure your home firewall is updated at least annually, and your digital world will be a bit safer.