Recently, a hacker group calling itself Lulz Security (or LulzSec) has ruffled quite a few feathers with their blatant, and frighteningly easy, hacks of major corporations, gaming networks, government sites, and government affiliated sites.
Their stated mission is to point out the insecurity that we all really have online. So far, they’ve done that with major success. I actually don’t mind their stated goal or what they’ve done to achieve it. I know many major companies have hired or put out bounties for hackers to crack their sites/products (Google did this with Chrome). I do mind any sort of publishing of personal data in a widespread and easily accessible fashion. Most people submit their data with the belief that it will be secure on the servers/networks they submit it to. Publishing it where enterprising thieves, scam artists, and spammers can easily access it in no way helps to achieve that end. I’d rather LulzSec forward their info to journalists, where the correspondence is to some degree protected by source laws, and let the journalists know that such and such a site/company/network is vulnerable. Different story and different topic though.
Many users (and apparently network ITs) are ignoring the basics of computer security while submitting their information online and creating risks to themselves unnecessarily. We’re going to do a quick review and hopefully provide some answers to ‘What can I do to be more secure when online’?
1. The most obvious first step is to make sure you have up to date software patches for your browser(s), your security software, and your operating system. Any software that requires an internet connection to operate, or works in conjunction with your browser falls into this category. Don’t dismiss updates as items of inconvenience.
2. Do not visit sites you are uncertain of. Never follow links from forwarded emails, odd comments on Facebook, etc. Viruses are often just around the corner. IF your browser pops up with a warning about continuing to the site or if you get any kind of pop up at all, make a quick exit.
3. Don’t click on pop ups. Many are just gateways to spam, virus, or other malicious software. Keep your pop up blocker on.
4. Most importantly: Use unique password combinations of alphanumeric characters (numbers and letters) and where possible, mix in various punctuation, symbols, etc. Do not reuse passwords. In the instance of many of these hacks by LulzSec, the data released is network specific, but because many lazy users don’t bother with changing passwords, having an email and one password means they’ve got access to lots of additional sites.
Best of luck out there. Don’t sign up for things online that you don’t need to, don’t reuse your password, don’t go home with strangers, and don’t ignore those software updates. This won’t keep the world bright and shiny and perfect all the time, but it will help a lot!
As of this morning, LulzSec is claiming to have taken down www.soca.gov.uk, the Serious Organized Crime Agency in Britain.