Google
RSS Feeds RSS | Views on ITInews | contact | terms of use | privacy 
 


Editorial Categories:

FINANCIAL SERVICES
ADVISERS & BROKERS
BANKING & BONDS
BUSINESS MANAGEMENT
COLUMNISTS
CONSUMER AFFAIRS
CRIME & FRAUD
ECONOMY & GLOBAL
EDUCATION & TRAINING
ESTATES & WILLS
HEALTHCARE INSURANCE
INDUSTRY & LEGISLATION
INSURANCE
INVESTING
LEGAL AFFAIRS
LIABILITY INSURANCE
LIFE INSURANCE
MARKETING
PEOPLE & COMPANIES
POLITICS
PROPERTY
RETIREMENT PROVISION
REVIEWS
ROAD ACCIDENT FUND
SHARES & UNIT TRUSTS
SHORT-TERM INSURANCE
TAXATION
TECHNOLOGY
VIEWS & LETTERS


Forthcoming Events:

No Upcoming Events


Available Recruitment:

No Vacancies Listed...


Save by getting insurance quotes


Your Editor, Brent WilsonInforming Consumers and Financial Advisors since 1988 | Click Here to Advertise
Press Offices > Underwriters & Managers

Camargue Underwriting Managers
Press Office Feature : Understanding Dictionary Attacks

Company: Camargue Underwriting Managers
Author:John Stebbing
Email:[email protected]
Posted:03 Feb 2016

 Email this article Comment on this Article  Print this article

Prayer and cyber insurance

All is quiet in the library. As sleepy hours of research linger on, suddenly, out of nowhere, a rabid librarian appears. With a blood curdling scream, wielding a large dictionary, she bears down on you like a speeding bullet.

In the moments that follow you try to beat a retreat but not before she lands a blow to your forehead. Your final moments of consciousness are spent trying to make sense of her hysteria around some spelling error.

Fortunately, waking up is a great cure for nightmares. Unfortunately, another nightmare is busy unfolding in cyber-space, one which will eventually see you being ripped off unless you “catch a wake up”.

Most people protect their sensitive data by using passwords. The next few paragraphs will hopefully give you a sense of how easily those passwords are cracked and how you can better protect yourself.

Et tu, Brute?

A dictionary attack is a method of breaking into a password-protected computer or document by systematically entering every word in a dictionary as a password.

Mostly these words will also include derivatives where letters have been replaced with special characters.

In addition to a basic word, such as sanctimonious, the attack will include various other combinations such as Sanctimonious, [email protected]!m0n!0#s, [email protected]!m0n!0#s, sanctim0n!0#s and so on. As you can see, a fifty thousand word dictionary can very quickly become a million word dictionary.

Instead of [email protected]!m0n!0#s, a more diligent user would try a password like 67([email protected]$%ism).

It is unlikely that an ordinary dictionary attack would be able to crack a password like that. For that kind of password a hacker would have to resort to what is known as brute-force attack.

A brute-force attack is one in which every possible combination of letters, numbers, special characters and spaces are tried up to a certain maximum length. The problem with these attacks is that they are very time-consuming.

In order to reduce the attack time from years down to minutes, it would be necessary to somehow reduce trillions of combinations down to less than a million.

To achieve this, several academics have studied the psychology around how people choose their passwords.

Their work has been turned into optimised dictionaries which are available for purchase on the internet. But these are not the only tools available to hackers.

With a minimal amount of skill a hacker could use freely available tools such as Brutus, Ophcrack and John the Ripper to perform brute force and dictionary attacks.

Some good news

There are a number of simple things that you can do which will change the odds of becoming a victim. The first thing to remember is that hacking tools generally don’t do well with passwords longer than 16 characters.

Your password could even be a phrase with two parts. You don’t need to remember the first part. You could even write it on your computer.

For example: “My adorable new puppy’s name is…” Although you need to commit the second part to memory, it can be an easier word like “guitar”, “voetsek” or “table”. So your password would be “My adorable new puppy’s name is guitar”.

Never use the same password in more than one place. A hacker might not attack your bank account directly because he would be kicked out after three tries.

His strategy would be to attack a less secure target, such as your logon to your local choir club’s website, and to use that password to attack your bank account.

Change all your passwords frequently and avoid reusing old passwords. Having harvested many people’s personal details, hackers often wholesale this information to specialist fraudsters.

This means you may have a few weeks grace from the time you are hacked to the time you become a statistic.

And finally

Even the most secure networks can be compromised. It would be wise to come to terms with the fact that, no matter how good your IT guys are, sooner or later you are going to suffer a breach.

To that end, I recommend prayer and cyber insurance.

Camargue Director: General Liability – John Stebbing

Camargue is an underwriter of niche insurance products and a provider of risk management solutions to a broad spectrum of industries in Southern Africa.

Camargue’s unique M3 approach focuses on managing, mitigating and migrating critical business risks.

For further information on Camargue, contact [email protected], visit www.camargueum.co.za or find us on Facebook.

Comments:
There are no comments at this stage. Be the first to comment!
Please Login To Comment On an Article - Click here To Login

ITInews invites comments at the foot of each of its articles in which readers can respond freely - anonymously if they wish - to various topical issues and industry debates. However, comments submitted by readers that are defamatory or deemed, by the editors, to be racist or obscene will be deleted from the database. Furthermore, ITInews's editor would like to caution potential posters on its websites that while it welcomes robust debate, it will not hesitate to make the IP addresses of the authors of such defamatory statements available to the authorities, in the event of a court order compelling them to do so.



Get car, home, life and business insurance quotes in 3 easy steps


Camargue Underwriting Managers


Join us today

More from Camargue Underwriting Managers
Knowledge Is Power
Get Cyber Risks Savvy with Camargue’s NEW eLearning module - now LIVE!
SMEs Soft Targets for Commercial Crime
Commercial crime and employment practises liability cover should be purchased together
Camargue launches new employment practices liability module on elearning platform
Brokers have complete control over their own learning process
Camargue helps business & brokers navigate the provisions of POPI
With Launch of Free eHand-Book: Protection of Personal Information Made Easy!
Bowman Gilfillan joins Camargue’s Risk Management Panel
Free Pension Fund Adjudicator complaint advice now available
Camargue Acquires New UMA - Synergy XOL
Providing excess of loss cover insurance
Camargue launches new commercial & cyber crime division
South Africa has been ranked as the third leading cybercrime hotspot in the world
Camargue launches new commercial crime module on eLearning Platform
Brokers have complete control over their own learning process
Camargue’s new eLearning initiative an industry first
Free online training is IISA accredited
Shop smart this Silly Season with Madeasy.mobi as your guide!
Christmas shopping and your Consumer Protection Act rights


Archived Articles featuring this company ...


Insurance Quotes


Car Insurance Quotes
Household Insurance Quotes
Business Insurance Quotes
Funeral Insurance Quotes
Life Insurance Quotes

Read the InsuranceQuotes Blog
ITM Website Design Cape Town
Copyright © 2005 - 2015 ITInews Online Publications (Pty) Ltd. All rights reserved Insurance Times & Investments Online and ITInews. ..::ISSN 1995-1256::.. No part of the materials including graphics or logos, available in this Web site may be copied, photocopied, reproduced, translated or reduced to any electronic medium or machine-readable form, in whole or in part, without specific permission from ITInews Online Publications (Pty) Ltd. Distribution for commercial purposes is prohibited.