Tuesday, February 03, 2009

Amazon and Security

As some of you may know, I'm a bit of a security freak in the IT world. Not excessive like all the IT security professionals out there but aware and diligent I like to think. This link takes you to a blog post that I read today. It's concerning. I have many friends as well as myself that shop on Amazon. I wanted to take a moment to give you some pointers to shopping on line.

What is a dictionary attack?
A dictionary attack uses a brute-force technique of successively trying all the words in an exhaustive list (from a pre-arranged list of values). In contrast with a normal brute force attack, where a large proportion key space is searched systematically, a dictionary attack tries only those possibilities which are most likely to succeed, typically derived from a list of words in a dictionary. Generally, dictionary attacks succeed because many people have a tendency to choose passwords which are short (7 characters or fewer), single words found in dictionaries or simple, easily-predicted variations on words, such as appending a digit.

So, for example, your pet + the number 1 is not a good password (example: fido1). You kids name followed by their birth year is also not a good password. Come up with something more original. Mix it up a little bit. For example: my password for amazon could be Amm4z0n$$ where the a is a 4 and the o is a zero. I threw an extra m in there to make it not a regular word. Notice that one letter is capitalized. Now, true, capitalizing the first letter is pretty obvious but something is better than nothing. Passwords are case sensitive so adding a capital letter or 2 is always a good idea.

Here are some other fairly obvious online shopping best practices:

  1. Never give your password or login to anyone.
  2. Never cache or ask the website to remember your password and login.
  3. Try to never allow the website to save your credit card information.
  4. If you don't shop their frequently, use a guest account if offered instead of signing up.
  5. And the number one most important item: Make sure that the website is secure, that is, your URL in the browser address bar should say https://. The s is the important part s = secure. Also, there should be a little eyeball in the bottom bar of your Internet Explorer. An eyeball with a red circle and cross line in it means unsecure.

More in the next blog....

No comments: