Jul 022012

Article by Giuseppe Sanna

Do you know what you should do to stay away from viruses, bruteforce and all these bad things? There are three possibilities. First, we could not buy a computer or, if you really want to buy it, do not turn it on! or as a last resort (but far less secure) does not ever connect it to any network and use only certified software from CD that you know.

In short, this shows that every operating system that we install has some bug and security flaw. Obviously there are those who have less. Our loved Linux distributions, for example, are among the more secure systems, but not impenetrable. Today, in this short article, we will see how the best of the worst hackers works to get our data, such as PIN and keyword, or just to discover our deepest secrets. And please remember that we’ll take a look at these techniques, as learning tool to be ready to “defend” ourself and our devices from these attacks.

When we speak about hacking we speak especially about bruteforce hacking. This is a technique that allows each of us, with the right tools, to find a password with a number of attempts. The software used, in fact, with a considerable number of attempts will try many combinations. To counteract this technique is useful to consider some measures that could be very useful. The first thing that you must keep in mind is that no system or password stressed enough is immune to such attacks. So our only goal is to find a word that requires so much time for decryption to deter the thieves. As base consider to never use existing unique words.

In short, avoid words like “kennel” or “order”. These words exist and thus, a bruteforce attack which take account of existing words in a given dictionary, where there are an average of 400000 words, would take very little time to get our passwords. In short, avoid real words. The same applies to the combination of numbers and letters of minimum length. In fact, a pass that might seem as complex as “fgrg4” is undoubtedly much easier to catch than a word with more characters but that at the same time is much easier to remember, such as “MyMailPasswordforGOOGLE”.

Right now we have talked about bruteforce, but this is just one of the many techniques that a hacker might use. Others are, for example, when the attacker can have a physical access to a PC. You could feel safe because your PC has a password! But a simple password in front of your Distro as login is really not enough to sleep on two pillows. A simple Live CD would be enough for access your HDD. The Live CD give in fact the ability to access to all the data on your HDD without any problem. So you could encrypt the partition. But this too would not be enough! There are very common scripts that can bypass these encryptions. For this reason my advice is to take into account multiple levels of password, a password for the BIOS, a password for Grub, one for the login into the system and also encrypt the home partition.

And don’t forget about Tresor to prevent cold boot attacks !

These are just some of the tips I can give you. To find all other, you’ll need a good amount of common sense and our beloved search engine. And remember, with viruses or obsolescence, your PC could always break! For this reason, consider also a cloud solution for your backups of important data!

Popular Posts:

Flattr this!

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>