Virtually everyone in Internet services and server technology – if not Yahoo users themselves – has heard that Yahoo servers got cracked not long ago. To add insult to injury, the crackers not only breached Yahoo’s server security but also published in excess of 450,000 user accounts and passwords. Although virtually every news story used the word, “hackers,” instead of “crackers,” there are differences between the two words.
What’s a Hacker?
Hackers, in the true, original sense, were the Bill Gates, Steve Jobs, et al, of the computer world. They pushed the boundaries and established new ones. They did not break into security systems. They did not delve into secret files and documents, and they did not violate privacy or security matters.
Hackers might be authorized agents hired to test computer security systems. Private investigation firms or specialty firms and private consultants are among possible candidates. The key word is “authorized.” Yes, the “invasion” might occur, but it is with the full knowledge and consent by the hiring entity, the business that owns the system, not an outside entity.
What’s a Cracker?
A cracker, on the other hand, is a person who deliberately sneaks into a computer’s system without that knowledge and permission of the system’s owner. A cracker seeks to crack a security system and invade its files with the intent to view or steal information.
It was a cracker corp that broke into Yahoo’s servers, gathered and published the Yahoo account information, thereby breaking federal law. Crackers who crack security systems without authorization are criminals, and rarely are their efforts anything but self-serving.
Whose Fault, the Yahoo Break-In?
Crackers might say it’s Yahoo’s fault for having such poor security, and they’re absolutely correct. However, crackers are as much at fault as well.
Hopefully, Yahoo has learned the lesson and encrypted their account files, displaying only hashes instead of clear-text user information and more effective firewall layers.
Crackers on the other hand are the dirge of the Internet. They had no legal right to invade Yahoo’s servers. They had no right to publish or use any information they illegally found. They do have a right to surf the Internet, but just because they “can,” that doesn’t mean they “should” or “have the right.”
Private or public, no company or entity, simply because they were careless, deserves the unlawful attack.
To prevent your own technology, whether it is a server, a local drive or even your mobile phone, follow some general guidelines for increased security.[box]
Passwords: Change your passwords regularly. The more often you surf the Internet or use your data plan, the more often you should change your password. Never write it down. Don’t use common phrases or numbers – birth dates, addresses, names or social security numbers, including mixes of them. Use letters or numbers only once each in a password, and blend upper-case, lower-case, numbers and special characters when allowed. Ensure each password is at least eight characters long.
Files: Who doesn’t store documents and files on a hard drive? When possible, also store them in a cloud storage area as well. When your local document or file is changed, change also your cloud version. Encrypt your files. Zipping them and securing them with a password unlike any other one is one way; using encryption software is another.
System Passwords: Even if you are the sole user of your system or smartphone, take that extra 10 seconds to require password entry to access your phone or files. User login information and passwords should not mirror others. If you are the sole user, create at least two user logins: One for major system maintenance and hard drive access, and one that you use every day. Both might be of Administrator status, but your everyday account should be of simple user level to help protect your files and personally identifiable information.
Mobile Phones: On smartphones, credit card information is easily stolen if there is a weakness in the app. Crackers found such weaknesses in Google Wallet some time ago, and millions of dollars in people’s credit cards and bank cards whose information was stored there was at risk. Resist storing that exploitable information in your mobile handset whenever possible. Also, if you do download or create and store documents on your smartphone, secure those as well. Lock your phone with a user password for enhanced security.[/box]
Crackers are targeting mobile technology as well as PCs and servers. Don’t become a victim of ID theft, credit theft or data invasion.
Lastly, if you are a Yahoo account holder, change your password immediately! Yours may not have been one of the 450,000+ accounts compromised and published, but it might be. Protect yourself as best you can: Create a very strong password by following the password recommendations, above.
Image Credit: InThePersonalCloud