Follow us:
  1. Home
  2. News
  3. Tech News
  4. Cybersecurity News

Cybersecurity News

Recent Articles

Sort by:

Windows 10 takes on new malware threat

Personal computers are less likely to be hit than business computers, but taking steps to protect yourself is still recommended

Microsoft Windows 10 has been a hot topic around ConsumerAffairs, lately. The operating system has faced rebukes from tech pundits when it was first releas...

Report says hackers have potential ability to shut down a power grid

A group known as Dragonfly has increased its attacks this year

Cybersecurity is a growing concern for both consumers and industry, but a new report from Symantec, a cybersecurity firm, is raising the alarm to a whole new level.

The firm, which produces the Norton consumer security products, says a group of hackers now has the potential ability to take control of electric power grids in the U.S. and Europe.

Symantec has identified the group as Dragonfly, saying it has been active in the last two years in attacks on electric power companies. Most recently it said the group was successful in taking down a power grid in Ukraine, resulting in widespread and prolonged power outages.

Symantec said its power company clients are protected against the attacks, but that some grids lacking sophisticated protection could be vulnerable.

Old school weapons

Dragonfly operatives have used a number of different ways to plant malware in power company systems, including some that have been used against individual consumers. Symantec says the earliest campaign used emails disguised as invitations to a New Year's Eve party. When power company employees clicked on a link in the email to RSVP, they unleashed the malware that ultimately infected the company's network.

Symantec said it also has evidence to suggest that files masquerading as Flash updates may be used to install malicious backdoors onto target networks. An email tries to convince the target to download an update for their Flash player.

Symantec calls Dragonfly "an accomplished attack group." So far, it appears to be able to compromise organizations through a variety of methods, including stealing credentials to explore and even control systems and networks.

Increased activity in 2017

The group has been targeting energy networks since 2011 and, in an ominous sign, has stepped up its attacks this year.

In April, the Council on Foreign Relations (CFR) issued a report taking a different view of the threat. The report said carrying out a cyberattack that successfully brought down grid operations would be very difficult, but conceded it would not be impossible.

The CFR report concluded that the difficulty involved in taking control of a major power grid would likely mean the only players capable of doing it are national governments.

Cybersecurity is a growing concern for both consumers and industry, but a new report from Symantec, a cybersecurity firm, is raising the alarm to a whole n...

LinkedIn hack from 2012 resurfaces

Thieves offering to sell 117 million LinkedIn passwords on cybercrime forum

Back in 2012, LinkedIn said a data breach had exposed about 6.5 million users' passwords. Now it says the number is more like 117 million and it's advising users to change their passwords.

The latest discovery came about when cybersecurity types noticed a posting on a cybercrime forum offering to sell account information on 117 million LinkedIn users, according to the Krebs on Security blog. 

Shortly after the 2012 breach, LinkedIn forced password resets on 6.5 million accounts, but this time around it's just advising users of the situation and suggesting they change their passwords to ensure they have "the best experience possible."

Users around the world found emails like this in their in boxes the last few days: 

The predicament may not be all that dire for most users. LinkedIn is primarily a business-oriented network and users don't generally reveal too much actionable information. There's also the little matter of how many signed-up users ever bother to log in to their accounts.

LinkedIn claims it has more than 400 million users, but analysts say only about 25 percent of them sign in on a monthly basis.

Back in 2012, LinkedIn said a data breach had exposed about 6.5 million users' passwords. Now it says the number is more like 117 million and it's advising...

Change your password for LastPass! Hackers breached their security last week

Company says stored passwords weren't compromised, but master passwords should be changed anyway

If you use the LastPass password manager to store your online passwords, be warned: yesterday, in a “Security Notice” posted on the LastPass corporate blog, company CEO Joe Siegrist admitted that hackers managed to breach security, compromising the email addresses and certain security features attached to customers' accounts.

Siegrist said that the actual passwords stored in the LastPass database were not accessed by the hackers, but customers should change their LastPass master password just in case.

We want to notify our community that on Friday, our team discovered and blocked suspicious activity on our network. In our investigation, we have found no evidence that encrypted user vault data was taken, nor that LastPass user accounts were accessed. The investigation has shown, however, that LastPass account email addresses, password reminders, server per user salts, and authentication hashes were compromised. … we are taking additional measures to ensure that your data remains secure. We are requiring that all users who are logging in from a new device or IP address first verify their account by email, unless you have multifactor authentication enabled. As an added precaution, we will also be prompting users to update their master password.

LastPass went on to say it will be sending emails to all of its users about the incident.

Anytime such a mass security breach is announced, you can safely bet that scammers will try taking advantage of it, so be warned: if you do receive an email, apparently from LastPass, urging you to change your master password or anything else involving your LastPass account, do not click on any links, or open or download any file attachments, in that email. (This anti-malware rule applies not only to LastPass, but also pretty much any email from any business or organization you can think of: never click a link or download a file in an unsolicited message.)

Instead, when you change your LastPass master password, go directly to the LastPass website, and log in. On the left side of the page, you should see a sidebar offering various menu options. Choose “Account Settings,” then “Login Credentials,” and finally “Change Master Password.”

You should get a Password Reset form, where you'll have to type your current master password. Then type in your new password, and type it again for confirmation. You'll also be asked to type a password reminder, in case you forget your new one.

Siegrist's security notice ended by asking and answering the frequently asked question:

Do I need to change my master password right now? LastPass user accounts are locked down. You can only access your account from a trusted IP address or device – otherwise, verification is requested. We are confident that you are safe on your LastPass account regardless. If you’ve used a weak, dictionary-based master password (eg: robert1, mustang, 123456799, password1!), or if you used your master password as the password for other websites you need to update it.

Again, that bit of advice applies not just to LastPass, but any important password-protected account: never use the same password across multiple accounts, to minimize the damage a hacker can do after stealing the password to one.

If you use the LastPass password manager to store your online passwords, be warned: yesterday, in a “Security Notice” posted on the LastPass corporate blog...

Uber customers report hacked accounts

Was Uber security breached, or only those individual accounts?

American Uber users beware: Customers from all over the country are complaining that their Uber accounts were charged for trips they never took – in many instances, charged for trips they couldn't possibly have taken – which strongly suggests that those Uber accounts were hacked.

On the other hand, representatives for Uber say they investigated and found no signs indicating a security breach – and added, “This is a good opportunity to remind people to use strong and unique usernames and passwords and to avoid reusing the same credentials across multiple sites and services.”

Here's what we know: Back in March, Vice magazine's Motherboard tech blog discovered that stolen Uber accounts – primarily accounts belonging to users in the U.K. – were being sold for as little as $1 apiece on a cybercriminals' “dark web” forum.

At the time, Uber said it had not found any evidence of a security breach — and even Motherboard admitted that “It’s unclear where the data came from or the scale of the breach. These logins may indicate that Uber’s security was hacked or compromised somehow, although the company says it has found no evidence of a breach. It also might mean that these customers were breached individually by other means, and their Uber credentials harvested and put up for sale.”

One of the British victims of the March hacking suggested a third possibility: “Bloody hell …. Either someone at Uber has passed these details on for money, or they have very lax security.”

London calling

Then, late last week, Motherboard reported a fresh spate of recent Uber false-charge complaints, this time from American customers. One of them, a North Carolina resident named Stephanie Crisco, told Motherboard: “I used Uber for the first time Thursday night. On Friday morning I received a notification on my phone that my driver was en route. I didn’t request a driver. I clicked on the notification and it said that the ride was cancelled but the pickup was in London.”

Crisco also tweeted a screenshot of her account activity showing various rides in London.

Other Uber users on Twitter posted similar complaints.

@Uber I have $70 with of charges on my card that I did not authorize!!! I need someone to contact m[e] asap before I sue!

@Uber wish there was a way to contact you guys.... No phone number and no one responds to my email. Very frustrating.

@Uber account has been hacked and charged almost $200. Uber has no sense of urgency when fraud has been committed. Still no email!!

3 possibilities

Clearly something's going on, with at least some Uber accounts, though so far it's too early to know exactly what. But there are three main possibilities (assuming all sides are telling the truth to the best of their knowledge):

  • hackers did manage to breach Uber security, though Uber hasn't yet discovered it;
  • someone breached Uber security from the inside; and
  • hackers managed to steal people's passwords from various other sites, and some of those people used the same passwords for their Uber accounts.

Possibility three is the justification behind the all-purpose online security rule “Never use the same password across multiple accounts.” Last October, for example, after millions of Dropbox users claimed their accounts were hacked, a brief investigation showed that Dropbox itself was never hacked -- though many individual Dropbox user accounts were, after hackers stole people's credentials from other sites and then discovered that some of their victims used the same password for Dropbox.

The same thing happened with the “Stubhub hacking” in July 2014, and the “Gmail hacking” that September -- turned out neither Stubhub nor Gmail were actually hacked, but hackers were able to fraudulently gain access to various individual accounts after using passwords stolen from other sources.

So if you use the same password for more than one account you need to change the “duplicate” passwords at one, whether you use Uber or not. But if you are on Uber, keep an extra-sharp eye on your account activity — and if you see any fake ride charges, contact Uber to dispute them right away.

American Uber users beware: Customers from all over the country are complaining that their Uber accounts were charged for trips they never took – in many i...

Dropbox wasn't hacked, but millions of its customers were

Another example of why you should never use the same password for multiple accounts

The good news is that, despite initial reports claiming otherwise, Dropbox was not hacked.

The bad news is that apparently, up to 7 million individual Dropbox customers were. Why? Because those 7 million Dropbox users ignored (or simply didn't know) the important online safety rule “Never use the same password across multiple accounts.”

Yesterday, Anton Mityagin writing on the official Dropbox Blog announced that:

Recent news articles claiming that Dropbox was hacked aren’t true. Your stuff is safe. The usernames and passwords referenced in these articles were stolen from unrelated services, not Dropbox. Attackers then used these stolen credentials to try to log in to sites across the internet, including Dropbox.

StubHub redux

It's basically a much larger-scale version of the StubHub non-hacking from last July: over a thousand StubHub accounts were compromised and used to fraudulently buy tickets, though StubHub's own database was never breached. The hackers had broken into and stolen passwords from various other websites, discussion forums and password-protected online places, and discovered that at least some of those stolen passwords worked in the victims' StubHub accounts, too.

It does appear that when hackers successfully steal the password to one of your accounts, they'll try plugging that password into your other accounts on the off-chance it will work. Where over 1,000 StubHub customers last summer were concerned, it did. And it may have worked for up to 7 million Dropbox customers as well.

Something similar happened with Gmail last month: initial reports said that Russian hackers had stolen 5 million Gmail passwords, though it turned out that the passwords were stolen not from Gmail itself, but from various registration-required sites where people used a Gmail account to register.

So the Dropbox “hacking” appears similar to that earlier “hackings” of Gmail and StubHub: the only Dropbox users who need worry about it are those who still follow the dangerous habit of using the same password across multiple online accounts.

If you have two or more online accounts with the same password, even if none of those accounts are with Dropbox, you need to change the password for every such account you have.

The good news is that, despite initial reports claiming otherwise, Dropbox was not hacked. The bad news is that apparently, up to 7 million individual Dro...

76 million households compromised in Chase hacking

Customers' money is safe, the bank says, insisting hackers didn't get detailed information

No one has yet managed to get the goods on every living human but the hackers who made their way into JPMorgan Chase over the summer made a good start. The bank says about 76 million households -- two-thirds of the U.S. total -- could be affected.

The hackers got log-in information, names, emails and addresses but supposedly did not get such vital information as Social Security numbers, passwords and account numbers. 

The breach was first disclosed in August but the scope is just becoming clear as federal law enforcements agencies continue to investigate.

Chase says it hasn't seen an unusual amount of fraud and insists that customers' money is safe. In a statement, it noted that customers will not be liable for unauthorized transactions as long as they notify the bank when they're discovered. It's not necessary to change passwords, the bank said.

They're sorry

"We are very sorry that this happened and for any uncertainty this may cause you," the bank said in a statement to customers. "As always, we recommend you use care with your accounts and information," advice critics might say Chase should heed more rigorously.

Consumers rate Chase Bank
Chase provides simple answers to rudimentary questions in an FAQ about the attack.  

The biggest threat now is phishing attacks in which criminals may try to get Chase customers to turn over the information that wasn't stolen so it can be combined with the information that was -- especially passwords and account numbers.

JPMorgan has about 65 million customers but potential damage is not limited to the bank's customers. Non-customers who used ATM machines or conducted other transactions through Chase.com and JPMorgan.com could also be affected.

With mid-term elections looking, Congress is likely to react to the incursion. Sen. Ed Markey (D-Mass.) was among the first to issue a thundering denunciation.

“The data breach at JPMorgan Chase is yet another example of how Americans’ most sensitive personal information is in danger,” Markey said, calling for legislation that would protect against such attacks, which are already illegal under numerous federal, state and local laws.

No one has yet managed to get the goods on every living human but the hackers who made their way into JPMorgan Chase over the summer made a good start. The...

Russian hackers post 5 million stolen passwords connected to Gmail accounts

But the news isn't as bad as you think; most of those passwords are useless

The news that “5 million Gmail passwords were hacked” caused worldwide consternation when it first broke on Wednesday, but as more information comes to light, it appears the news isn't quite as bad as initially feared – although, by modern hacking standards, “Not as bad as initially feared” still leaves plenty of room for badness.

That said: if you have a Gmail account and worry the hacking might affect you, you probably have nothing to fear — provided your Gmail account has an exclusive password you don't use anywhere else. On the other hand, if you use the same password across multiple accounts, that's when you need to worry — and remind yourself of the well-known online safety rule “Never use the same password across multiple accounts.”

Here's a summary of the major points known so far: first of all, it appears that Gmail itself was not hacked — the hackers never actually gained access to the Gmail database and information therein.

Discussion forums

Instead, this appears more like the StubHub “hacking” discovered last July: identity thieves gained fraudulent access to over 1,000 StubHub accounts, without ever breaking into the StubHub database. The hackers had broken into and stolen passwords from various other websites, discussion forums and password-protected online places, and discovered that at least some of those stolen passwords worked in the victims' StubHub accounts, too.

It does appear that when hackers successfully steal the password to one of your accounts, they'll try plugging that password into your other accounts on the off-chance it will work. Where over 1,000 StubHub customers last summer were concerned, it did. And it might have worked for upwards of 5 million Gmail accounts, too.

Or maybe not. What actually happened? On Tuesday evening, someone in a Russian Bitcoin forum posted a list of 5 million stolen Gmail-connected passwords. The passwords apparently came not from Gmail itself, but from various registration-required sites where people used a Gmail account to register. The Western media discovered and reported that list late in the afternoon of Wednesday, Sept. 10.

Can't confirm

But there was something strange about those passwords: most of them were useless from an ID thief's perspective, because they were too old and out-of-date.

Mashable.com reported late Wednesday evening that “We can't confirm the authenticity of all the email addresses on the list, but a Mashable employee, Evan Engel, saw that his old Gmail password, which he hasn't used in years, is part of the leak.”

Engel and Mashable weren't the only ones to find outdated information on the list; plenty of people on Twitter did too. For example, Ben Ten @Ben0xA tweeted “That gmail dump looks very old folks. Can confirm a dummy account w/ password that was already changed twice. Dump has original pw.”

Here's how the hack apparently worked. Suppose that, many years ago, your Gmail password was 12345 (which, by the way, is a very weak password choice that you should never use in real life). Then you used that Gmail account to register with – well, any website requiring an email address to register: posting comments on your local newspaper's online stories, joining a discussion forum about your favorite hobby or musician, whatever.

And suppose further that when you used your Gmail address to register with that website, you ignored or did not know the “Never use the same password across multiple accounts” rule, so you used your Gmail address to register with DiscussionForum.com, using the password 12345 for both.

But over the years since then, you've had to change either your Gmail password, your DiscussionForum.com password, or maybe both.

Presumably, the hackers at some point managed to break into the DiscussionForum.com database and stole your name, Gmail address and your old 12345 forum password. They did not actually steal your Gmail password — unless you were foolish enough to use your DiscussionForum.com password as your Gmail password too.

So why did the hackers in that Russian Bitcoin forum bother stealing and posting these antique passwords anyway? Probably to show off and gain status among their fellow hackers. A senior advisor for the online security firm Sophos told Mashable that he doubted many of the posted accounts would still be valid: “There is no honor among thieves as they say, and often stunts like this are released as a sad attempt at gaining credibility among other criminals.”

The news that “5 million Gmail passwords were hacked” caused worldwide consternation when it first broke on Wednesday, but as more information comes to lig...

3 password tools that can make you more secure

Staying ahead of the hackers may require professional help

The news in early August that Russian hackers had stolen over 1 billion user names and passwords has created more anxiety around the security of log-in credentials consumers use for everything from online shopping to banking.

Security experts have long advised that every account should have a unique password. But who can remember all those different passwords – much less remember which accounts they are for?

One option for consumers who want to beef up their online security is to employ a “password manager” software. They all work in different ways but what they have in common is you don't have to remember all those passwords – the program does it for you.

LastPass

One of the most popular of these apps is LastPass, which promotes itself by saying you only have to remember one password – the one to get into the LastPass system. The software integrates with the major browsers – Explorer, Safari, Chrome and Firefox.

Since you are no longer required to remember your passwords, they can be as complicated as you want. Instead of using the name of your dog or youngest child, one of your passwords can look something like this: 8rZ!k4g9”3$.

To test the strength of your password, run the software's “Security Check.” It identifies any weak or duplicate passwords, tells you if any sites were affected by Heartbleed, and gives you an overall “security score” so you can understand how you’re progressing with your password security.

Multifactor authentication provides another layer of security by requiring that you confirm “something you have” – like a Google Authenticator code -- after submitting “something you know” --your LastPass email address and master password. LastPass supports 10 multifactor authentication options, giving you the flexibility to choose one that suits your work flow best.

LastPass is free, with ads, but also offers an ad-free premium version for $12.

1Password

1Password is another password manager that runs on Windows, Mac OS X, iOS and Android. It provides a place for consumers to store their various passwords, licenses for software and other vital information is what amounts to a virtual vault. It requires one master password to get in.

You only have to install 1Password on one device. It can sync to all your other devices using Dropbox. Once you complete the sync process, you'll be able to open the password vault on any device.

Like LastPass, 1Password also offers a password generator. It also provides a way to store a master password hint, in case you forget your master password.

iVault

iVault is a password manager for both mobile and desktop devices. The company says it protects all your private information in a secured online electronic vault.

The online web editor runs only on your browser so no unencrypted data goes through the Internet. It's designed for faster, smoother editing and updating. After a simple restore, your vault is updated directly on your smartphone.

Why do you need a password manager? Because almost all of us are using passwords that just aren't strong enough to stand up to the increasingly sophisticated methods even an average hacker employs. If you need convincing, try one of your passwords – or one similar to one of your real passwords – at the testing site, How Secure Is My Password?

Encryption experts say we all tend to be a bit predictable in the way we construct our passwords. Using a password generator probably won't make you bulletproof, but you'll be a lot more secure than you are now.

The news in early August that Russian hackers had stolen over 1 billion user names and passwords has created more anxiety around the security of log-in cre...

Hacker warning: change your passwords -- all of them

Over 40 percent of Internet users at risk worldwide

Bad news: if you're reading this, there's a very good chance you need to change your password because a 20-something computer hacker in Russia already knows it.

Of course, you've already read countless variations of that story: “Hackers break into database. If your information was on it, you must protect yourself.”

So when you hear about the hack attack du jour, you immediately want to know the specifics: which one of my passwords am I supposed to change this time? Which company or organization got its database hacked? What was the time frame?

And you expect an answer along these lines: “If you made any credit- or debit-card purchases at an XYZ store, or online at XYZstore.com, between January 13 and February 10, your information is at risk.” That also implies a comforting corollary: “If you've never shopped at XYZ, or at least didn't shop there between those two listed dates, you have nothing to worry about.”

Unfortunately, such information is not available for this latest hacking. Even if it were available, it would be too much to summarize here in a single news article, because it's not just one company or website that's been attacked; it's at least 420,000 different websites ranging from obscure little sites to major household-name companies.

Largest known collection

The New York Times reported yesterday that researchers from Hold Security discovered a Russian cyber-criminal gang had “the largest known collection of stolen Internet credentials, including 1.2 billion [unique] user name and password combinations and more than 500 million email addresses …. [and] confidential material gathered from 420,000 websites, including household names, and small Internet sites.”

Hold Security wouldn't release the names of any affected companies or sites, due to non-disclosure agreements and also a desire to avoid identifying companies whose sites remain vulnerable. Therefore, there's no way for ordinary computer-users like you to know which of your passwords were compromised, if any.

Thus far there's no evidence that the Russian hackers have been using stolen passwords to open false credit card accounts or commit other forms of identity theft; the hackers are primarily using this information to send spam to various social media accounts.

Whether you need to change your passwords or not, this latest hacker discovery serves as another reminder of this important online-security rule: don't use the same password across multiple sites.

Last month, for example, the online ticket-seller StubHub had over 1,000 customer accounts hacked into, yet the hackers never actually managed to breach the StubHub database.

Instead, they hacked into various other databases, or even installed malware on individual computers, in order to steal people's passwords from one account – email, online banking, social media sites, even small online discussion forums – and then test those stolen passwords to see if they'd work in customers' other accounts. And in the case of over 1,000 StubHub customers, it did.

Still: a thousand customers of a ticket-resale site is extremely small potatoes compared to 1.2 billion people. Consider: it's estimated that, as of 2014, there are 2.9 billion Internet users on the entire planet Earth. And of those 2.9 billion Earthling web-surfers, over 40% have their passwords in the hands of a small Russian hacker-ring.

If you're reading this, there's a very good chance you need to change your password because a 20-something computer hacker in Russia already knows it....

StubHub "hacked" -- over 1,000 customers affected

This is why you shouldn't use the same password for multiple accounts

News that over 1,000 accounts at online ticket-seller StubHub have been hacked should serve to remind you of this important online safety rule: don't use the same password across multiple accounts.

The Associated Press first reported on Tuesday that “cyber thieves” managed to fraudulently access more than 1,000 StubHub accounts, and buy themselves tickets in the legitimate accountholders' names.

As hacks go, a mere thousand compromised accounts in a company as large as StubHub sounds like pretty small potatoes. Why was the damage so limited?

According to StubHub spokesman Glenn Lehrman, the thieves never broke into the StubHub customer database. Instead, they got customers' login and password information from other sources, either hacking into different retail databases or even putting keylogging software or other forms of malware on user's computer.

The thieves presumably know how commonplace is it for people to use the same passwords (and sometimes even login names) across multiple accounts, so if thieves have, for example, the password you use for your email, bank account, favorite web-discussion forum or any other password-protected thing you do, they'll also try plugging that password into your other accounts on the off-chance it will work. Where over 1,000 StubHub customers are concerned, it did.

News that over 1,000 accounts at online ticket-seller StubHub have been hacked should serve to remind you of this important online safety rule: don't use t...

What to look for in mobile cloud-based storage

Robust encryption and remote wipe can help protect your data

Hackers and identity thieves are increasingly focused on mobile computing. With so many smartphones and tablets now in use, mobile is increasingly becoming how consumers use the web.

Criminals also like the fact that many mobile devices have little or no security protection – not on the device itself and not on the data that is stored in the cloud.

Mobile data can be stored both places and security experts say both need strong protection. Chris Rancourt, an editor at NextAdvisor.com, says consumers who use an online backup service to store and share their data in the cloud need to be especially careful.

“When you put your information on the cloud, you get this extra level of security with their encryption,” Rancourt said. “Most services now use encryption but some are stronger than others.”

Increasingly popular

Cloud storage and backup services have become increasingly popular. They store data off-site, protecting it from a catastrophic computer crash or other physical damage. They also make it accessible from other computers in other locations.

“Pretty much any information you can upload to the cloud – pictures, documents, videos. And all that information can be encrypted and stored safely inside your cloud or online back-up service,” Rancourt said. “The backup services that we use provide coverage for Apple, Android – pretty much the whole spectrum.”

Rancourt suggests picking a backup service with very robust encryption. One service that falls into that category, he says, is SpiderOak. There is one security feature, in particular, that he likes.

'Zero-knowledge' security

“They have this policy where no one in their company will know your password,” he said. “If you lose your password they can't go in and retrieve it for you. It's really up to you, which makes the security a lot stronger, but at the same time you have to be responsible for your own stuff.”

Absent-minded consumers can run the risk of losing everything if they forget or lose their password. Writing it down in several secure places, however, might be all the insurance policy you need.

Sugarsync is another secure backup service. With Sugarsync, you can safely store important files and then sync them across an unlimited number of computers. If the data is updated on one computer, it's also updated on the rest.

Mozy is a low-cost cloud storage service. The company's backup plans start with one computer per subscription, but it can sync up with other computers that aren't part of the plan.

First line of defense

The best feature of these companies' backup services may be the sophisticated encryption. Rancourt says it provides a great first line of defense.

“For companies like SpyderOak you actually have to have an encryption key in order to decode the information and read it as something legible,” he said. “Most services have something like that as well.”

But hackers are resourceful individuals. Suppose they get access to your cloud and your encrypted information by stealing or finding your lost device. It might look like gibberish at first, but given a few hours, it's just possible some hackers might be able to crack the encryption. That's why you need a second level of defense – remote wipe.

If your device is lost or stolen, remote wipe will still give you access to all your files and documents from another computer but allow you to block access on the missing device. You can even delete files.

“Let's say you keep all your bank information on your cloud,” Rancourt said. “Someone can actually hack in there and steal your identity.”

It should go without saying that you should have robust security features on your hardware as well. Getting a strong mobile security package for your smartphone or tablet will reduce the risks from lost or stolen devices.  

Hackers and identity thieves are increasingly focused on mobile computing. With so many smartphones and tablets now, mobile is increasingly becoming how co...

25 Worst Computer Passwords

Is yours on this list?

With each passing year your computer becomes less secure. Hackers become more sophisticated and your PC or mobile device becomes more vulnerable.

In the early days of the Internet consumers used simple, easy to remember passwords. Most us still do. SpashData, a provider of password management applications, issues an annual list of what it considers the worst, most insecure passwords that consumers use.

Newcomers

New entries on this year's list include "welcome," "jesus," "ninja," "mustang," and "password1," while the top three remain the same from last year's list -- the terribly unimaginative "password," "123456" and "12345678."

With Halloween now upon us, SpashData is urging consumers to beef up their password security.

"At this time of year, people enjoy focusing on scary costumes, movies and decorations, but those who have been through it can tell you how terrifying it is to have your identity stolen because of a hacked password,” said Morgan Slain, SplashData CEO. “We're hoping that with more publicity about how risky it is to use weak passwords, more people will start taking simple steps to protect themselves by using stronger passwords and using different passwords for different websites."

The list

According to SplashData, here are the Worst Passwords of 2012:

  1. password
  2. 123456
  3. 12345678
  4. abc123
  5. qwerty
  6. monkey
  7. letmein
  8. dragon
  9. 111111
  10. baseball
  11. iloveyou
  12. trustno1
  13. 1234567
  14. sunshine
  15. master
  16. 123123
  17. welcome
  18. shadow
  19. ashley
  20. football
  21. jesus
  22. michael
  23. ninja
  24. mustang
  25. password1

The list was compiled from files containing millions of stolen passwords posted online by hackers. The company advises consumers or businesses using any of the passwords on the list to change them immediately.

“Even though each year hacking tools get more sophisticated, thieves still tend to prefer easy targets,” Slain said. “Just a little bit more effort in choosing better passwords will go a long way toward making you safer online.”

What makes a password strong and secure? Use passwords of eight characters or more with mixed types of characters. One way to create longer, more secure passwords that are easy to remember is to use short words with spaces or other characters separating them. For example, “eat cake at 8!” or “car_park_city?”

You should also avoid using the same username/password combination for multiple websites. Especially risky is using the same password for entertainment sites that you do for online email, social networking, and financial services. Use different passwords for each new website or service you sign up for.

With each passing year your computer becomes less secure. Hackers become more sophisticated and your PC or mobile device becomes mor