Press Office Feature : Understanding Dictionary Attacks
|Company:||Camargue Underwriting Managers|
|Posted:||03 Feb 2016|
In the moments that follow you try to beat a retreat but not before she lands a blow to your forehead. Your final moments of consciousness are spent trying to make sense of her hysteria around some spelling error.
Fortunately, waking up is a great cure for nightmares. Unfortunately, another nightmare is busy unfolding in cyber-space, one which will eventually see you being ripped off unless you “catch a wake up”.
Most people protect their sensitive data by using passwords. The next few paragraphs will hopefully give you a sense of how easily those passwords are cracked and how you can better protect yourself.
Et tu, Brute?
A dictionary attack is a method of breaking into a password-protected computer or document by systematically entering every word in a dictionary as a password.
Mostly these words will also include derivatives where letters have been replaced with special characters.
In addition to a basic word, such as sanctimonious, the attack will include various other combinations such as Sanctimonious, [email protected]!m0n!0#s, [email protected]!m0n!0#s, sanctim0n!0#s and so on. As you can see, a fifty thousand word dictionary can very quickly become a million word dictionary.
Instead of [email protected]!m0n!0#s, a more diligent user would try a password like 67([email protected]$%ism).
It is unlikely that an ordinary dictionary attack would be able to crack a password like that. For that kind of password a hacker would have to resort to what is known as brute-force attack.
A brute-force attack is one in which every possible combination of letters, numbers, special characters and spaces are tried up to a certain maximum length. The problem with these attacks is that they are very time-consuming.
In order to reduce the attack time from years down to minutes, it would be necessary to somehow reduce trillions of combinations down to less than a million.
To achieve this, several academics have studied the psychology around how people choose their passwords.
Their work has been turned into optimised dictionaries which are available for purchase on the internet. But these are not the only tools available to hackers.
With a minimal amount of skill a hacker could use freely available tools such as Brutus, Ophcrack and John the Ripper to perform brute force and dictionary attacks.
Some good news
There are a number of simple things that you can do which will change the odds of becoming a victim. The first thing to remember is that hacking tools generally don’t do well with passwords longer than 16 characters.
Your password could even be a phrase with two parts. You don’t need to remember the first part. You could even write it on your computer.
For example: “My adorable new puppy’s name is…” Although you need to commit the second part to memory, it can be an easier word like “guitar”, “voetsek” or “table”. So your password would be “My adorable new puppy’s name is guitar”.
Never use the same password in more than one place. A hacker might not attack your bank account directly because he would be kicked out after three tries.
His strategy would be to attack a less secure target, such as your logon to your local choir club’s website, and to use that password to attack your bank account.
Change all your passwords frequently and avoid reusing old passwords. Having harvested many people’s personal details, hackers often wholesale this information to specialist fraudsters.
This means you may have a few weeks grace from the time you are hacked to the time you become a statistic.
Even the most secure networks can be compromised. It would be wise to come to terms with the fact that, no matter how good your IT guys are, sooner or later you are going to suffer a breach.
To that end, I recommend prayer and cyber insurance.
Camargue Director: General Liability – John Stebbing
Camargue is an underwriter of niche insurance products and a provider of risk management solutions to a broad spectrum of industries in Southern Africa.
Camargue’s unique M3 approach focuses on managing, mitigating and migrating critical business risks.
For further information on Camargue, contact [email protected], visit www.camargueum.co.za or find us on Facebook.
|There are no comments at this stage. Be the first to comment!|
|Please Login To Comment On an Article - Click here To Login|
Car Insurance Quotes
Household Insurance Quotes
Business Insurance Quotes
Funeral Insurance Quotes
Life Insurance Quotes
Read the InsuranceQuotes Blog