Security Protection – Harry Waldron (WP) Rotating Header Image

July 20th, 2012:

Bogus Facebook Offer pages designed to capture email addresses

Facecrooks security provides an awareness of fake “Facebook Offer” pages designed to collect email and other senstive information.  These ressemble legitmate advertising offers and the article shares ways to better affirm whether they are valid or not.  

How Scammers Can Use a Bogus ‘Facebook Offer’ to Obtain Your Email Address http://facecrooks.com/Scam-Watch/how-scammers-can-use-a-bogus-facebook-offer-to-obtain-your-email-address.html

QUOTE: Recently, Facebook introduced ‘Facebook Offers’ for page owners. This allows businesses to create special offers and then post them to their Facebook page. All users have to do is click ‘Get Offer,’ and they will be emailed the details on how to claim it.  One thing you should be aware of is that as soon as you click the ‘Get Offer’ link, your name and email address is immediately shared with the Facebook page conducting the offer. Personally, I think it would be better if you received a notification that your information is going to be shared, and then given the option to proceed.

Password Analysis from recent security breaches

Recently hackers breached security in a number of websites and disclosed a number of passwords.  Users continue to pick weak and popular passwords that could compromise their online security.  Giving passwords more thought in creating complex ones, plus a good systematic way of remembering them can help improve security, (even as a friend does in writing them down and putting into his wallet).  Also, don’t use the same password on all websites.  Often folks use the same password for Facebook and their email account, and thus discovery of a password to one resource can lead to compromises of other resources.

Password Analysis from recent security breaches https://isc.sans.edu/diary.html?storyid=13720

QUOTE: Looking at the top 10 passwords and the top 10 base words, we note that some of the worst possible passwords are right there at the top of the list. 123456 and password are always among the first passwords that the bad guys guess because for some reason we haven’t trained our users well enough to get them to stop using them.

Top 10 passwords 123456 = 1667 (0.38%)
password = 780 (0.18%)
welcome = 437 (0.1%)
ninja = 333 (0.08%)
abc123 = 250 (0.06%)
123456789 = 222 (0.05%)
12345678 = 208 (0.05%)
sunshine = 205 (0.05%)
princess = 202 (0.05%)
qwerty = 172 (0.04%)

Top 10 base words password = 1374 (0.31%)
welcome = 535 (0.12%)
qwerty = 464 (0.1%)
monkey = 430 (0.1%)
jesus = 429 (0.1%)
love = 421 (0.1%)
money = 407 (0.09%)
freedom = 385 (0.09%)
ninja = 380 (0.09%)
sunshine = 367 (0.08%)

Password length (count ordered) 8 = 119135 (26.9%)
6 = 79629 (17.98%)
9 = 65964 (14.9%)
7 = 65611 (14.82%)
10 = 54760 (12.37%)
12 = 21730 (4.91%)
11 = 21220 (4.79%)
5 = 5325 (1.2%)
4 = 2749 (0.62%)
13 = 2658 (0.6%)