32 |MAMAMAXIMXIMXIMXIMUUUUMMPPPCC|JAN 2011|www.maximumpc.com
Webmail
Safety
How to keep your webmail
account safe from prying eyesIn today’s connected landscape where we enjoy
Internet access not only from our desktops and
notebooks, but also from our smartphones,
tablets, and even our portable media players, it’s
easy to see why free-to-use webmail has become
so popular. Most webmail accounts now off er
several gigabytes of storage space, eff ectively
turning us into digital pack rats.
Everything you choose to save—from sensitive
email exchanges to confi dential attachments—
is not only accessible to you, but anyone who
manages to fi gure out your password, whether
by brute force dictionary attacks or by answer-
ing a series of weak security questions. And it’s
not just your email history that’s in danger; anunsecure webmail account opens the door to
other security breaches, like using your email
account to send spam and spread viruses. Here
are some ways you can avoid becoming just
another statistic.Create a Burly Password
Your webmail account is only as secure as
your password, so use a strong one. The best
way to do this is to use a combination of
letters, numbers, and even symbols if your
webmail provider allows. Avoid using real
words at all costs, as these are easily cracked
by any teenage hacker using a brute force
dictionary script. For particularly sensitive
accounts, use a random password generator
(http://bit.ly/bf9oB2).Use Multiple Passwords
The key to your house doesn’t unlock your car
door, nor does it work with your safety deposit
box. If it did, you’d be three feet deep in dung
if it ever fell into the wrong hands, and the
same concept applies to your digital accounts.
In practice, most people tend to use the same
password for various accounts, and that’s a
rookie mistake. Use a diff erent password foryour email than you do your bank account,
forum login, and whatever else you do online.
If you have trouble keeping track of them all,
store your passwords in a virtual safe, like
KeePass (free, http://keepass.info).Log Out/Leave No Trace
It might be slightly inconvenient to log out of
your webmail and clear your browser cache,
but if your notebook ends up lost or stolen,
you’ll be glad you did. And if there are others
around, log out and close your browser before
heading off for a bathroom break.About Security Questions
Answering security questions can save your
bacon if you forget your login credentials, but
keep in mind that anyone who knows you well
can probably guess the correct answer(s). Only
rely on these if the questions are particularly
personal in nature, or if you’re allowed to create
your own that are not easily guessable. And,
for God’s sake, don’t publish that information
in your Facebook profi le. There’s no point in
having a security question of what city where
you born in, or what your pet’s name is if your
public profi le gives the answer away.SMARTPHONE ATTACKS Smartphones such as BlackBerrys,
iPhones, and Droids have become the go-to devices for email, text
messaging, shopping, and online banking, and the attackers have taken
notice. There have been some limited, narrowly focused attacks already,
but this will increase signifi cantly in the near future.MALICIOUS APPS We’ve already seen a few malicious apps
that have made their way into the various smartphone app stores,
including iTunes and the Android Market. This is incredibly fertile
ground for the bad guys, who are interested in compromising as
many devices as possible and being as quiet about it as they can.
A trojan disguised as a game or an online banking app is a quick
way to do just that.PRE-INFECTED HARDWARE DEVICES There have been a
number of examples of USB keys, mobile phones, and even digital
photo frames being infected with malware before they leave the
factory. Expect to see more of this, including malware pre-installed
on laptop hard drives, in the years ahead, because a small paymentfor every device infected is an easy way for a low-paid factory worker
to make a lot of money quickly.MAC ATTACKS As the Mac platform’s popularity continues to grow,
attackers will focus more and more of their attention on it. Expect to see
more malware specifi cally designed to compromise Macs and iPhones
as attackers begin to fi gure out useful attack vectors.HIGHLY TARGETED PHISHING Mass phishing attacks are
ineffi cient and attackers have turned their attention to highly targeted
attacks, perhaps against a handful of key employees in a given orga-
nization who have access to valuable data. Emails that appear to come
from a trusted customer, partner, or colleague and contain malicious
PDFs or Excel spreadsheets have been a very successful vector and will
continue to spread, especially among sophisticated attack crews with
time and resources for reconnaissance.TOMORROW'S TORMENTORSThe 5 Biggest Future Threats
BY ENNIS FISCHER
KAPERSKY LABSDennis Fisher is a security evangelist for Kaspersky Lab Americas.SECURITY