Creative Website Designs Creative for your online success! Tue, 28 Aug 2018 06:52:52 +0000 en-US hourly 1 Creative Website Designs 32 32 The terrible truth about Passwords Wed, 03 Jan 2018 00:29:20 +0000 Read more]]> Passwords can be a pain. You need a password for everything and we do tend to take them for granted, but consider these facts

Did you know that studies show more than 40 percent of all personally chosen passwords are easily guessed by someone who knows the person?

Generally speaking nearly a quarter of all passwords (across many languages) are easily crackable using relatively easily to obtain tools?

Many people use the same username and password for most, if not all, of their accounts (for example e-mail, banking, social sites, and so forth)

Does that worry you ? It should!

Passwords are our first line of defence against misuse but they are often the weakest link. If someone obtains your password, they may find a way to access your e-mail or IM messages, your bank accounts, your research, your contact lists, and whatever else you have on your computer. Your files may be altered or destroyed. Sometimes hackers even take over a computer and turn it into a zombie, using it to perform malicious tasks such as sending out large amounts of spam. They can sometimes even pretend to be you !

How Passwords are stolen

When you are creating a strong password, it can help to know the tactics hackers use to steal them. Here are some of the most frequently used techniques:

Guessing : Either manually trying to guess passwords or using a piece of software to automate the process. Often personal information which is found online such as names, birth dates, names of friends or significant others, pet names or license plate numbers is used as a starting point. Even spelling backwards or using common letter <-> number replacement tricks to not work as well as you might think.

TIP: It’s best to steer clear of any personally identifying information when creating a password.

Dictionary-based attacks: Programs exist that run every word in a dictionary or word list against a user name in hopes of finding a perfect match.

TIP: Staying away from actual words, even in a foreign language, is recommended.

“Brute Force” attacks: By trying every conceivable combination of key strokes in tandem with a user name, brute force attacks often discover the correct password. Programs can execute a brute force attack very quickly, especially against shorter passwords. With today’s technology, passwords over 8 characters are recommended, with 12 characters being a good target.

TIP: The best way to beat such an attack is with a long, complex password that uses upper and lower case letters, numbers, special characters and punctuation marks.

Phishing : Scams usually try to get your interest an urgent IM or e-mail designed to alarm or excite you into responding. Often these will appear to be from a legitimate source you are familiar with such as a friend or bank. They try to direct you to phoney Web site designed to trick you into giving them information such as your user name and password.

TIP: Best advice is don’t click a link in any suspicious e-mails, and don’t provide your information unless you trust the source. If you visit a bank, type in the address rather than clicking on a link.

“Shoulder surfing.” : Passwords are not always stolen online. Anyone lurking around in a lab, café, or library may be there for the express purpose of watching you enter your user name and password into a computer. A good place to see this in action is in the movie “Hackers” (one of our favourites)

TIP: Try to enter your passwords quickly, without looking at the keyboard, as a defence against this type of theft.

Social engineering: Sometimes as simple as physically grabbing the password off a Post-It from under someone’s keyboard, or through imitating an IT engineer and asking over the phone. Even stealing a phone and SMSing someone in the contact list for a PIN number !

TIP: Do not give anyone your password unless there is no other option, and even then only if you can 100% identify the person. Once they have finished what they had to do, change your password immediately.

So, now for the good oil.

How To Choose Good Passwords

To create a strong password, it helps to know what makes up a weak password.

No Dictionary Words, Proper Nouns, or Foreign Words

Cracking programs basically just hammer away using a large list of words. Spelling it backwards will not help.

No Personal Information (no, not even your nick-name)

Personal information is deceptively easy to come by and makes, as we have seen, great password fodder!

Length, Width and Depth

The longer a password is, the more types of characters you use, and the less obvious you make it, often the longer it will take to crack it.

While not every system will allow you to use all of them, you can often choose from all the following:

uppercase letters such as A, B, C;
lowercase letters such as a, b,c;
numerals such as 1, 2, 3;
special characters such as $, ?, &; and
alt characters such as µ, £, Æ. (Cliff)

Memorable (to you)

It’s no good having a strong password if you have to write it down. There are some good tips coming up on making a password memorable.

Tips for creating good, secure passwords

It is best to use “non-words” that are not made up of only numbers or only letters. For example, you can use the first letters from the words in a phrase, song or rhyme to help you remember:

I Love Paris In The Spring (ILPITS6)
My four children are wonderful when they’re sleeping (M4CAWWTS)
My anniversary is April 4 remember that date (MAIA4RTD)
Ali Baba had forty thieves (ABH40T)

Another trick is to substitute letters for numbers (or vice versa), such as : E equals 3, I equals 1, for equals 4, two equals 2, B equals 8, see or sea equals C, o equals (), etc. For example:

Use R3dJ3llo instead of RedJello (substitute the E’s with 3’s)
Use BCL1NT0N instead of BCLINTON (substitute I & L with 1’s and O with zero)
Use G()()dniGht instead of Goodnight (substitute o’s with () )

Try using keywords related to a theme, such as a significant event: a honeymoon, the birth of a child, a new car, a new job.

Example phrases associated with a birth might be blueeyes, hurry, onemorepush, crankyRN, coldbracelet, roomsix and icechips.
Ideas associated with a new car could be deepblue4, 6CDs, 5speed and TiresGrip7.

The idea here is that you use a variety of words associated with an event that other people would not readily guess.

Consistently capitalize the nth letter(s) of your password. Some systems require that at least one character be uppercase. Many people capitalize the first character, but this is too predictable. Instead, always capitalize the second, third or fourth letter, or perhaps always the last or next-to-last. Some examples:


For further interest, you can capitalize more than one letter, for instance the first and third, or the second and fourth. Avoid predictable week-to-week or month-to-month changes. One example of a predictable pattern to avoid:


If someone was lucky enough to discover your password long ago, you don’t want him to be able to predict what it will be in the future.

Use a “Pass Phrase” and not a “Pass Word”. Stop thinking in terms of passwords and start thinking in terms of phrases. The purpose of a mnemonic phrase is to allow the creation of a complex password that is easy to remember and does not need to be written down. Examples of a mnemonic phrase may include a phrase spelled phonetically, such as

‘ImuKat!’ (instead of ‘I’m a cat!’)
The first letters of a memorable phrase such as ‘qbfjold*’ = “quick brown fox jumped over lazy dog.”
An actual phrase such as “! Th1s 1s MY c()mputer !” combining mixed capitalisation, letter substitution, special characters and spaces

Some more useful tips

Change your password

Even a strong password will eventually be guessed or cracked. For this reason you should always regularly change your password. This not only minimizes the chance that someone could guess or crack your password, it also shortens the length of time that person would have control of your system.

Use a different password for each of your accounts.

Using one password for all your accounts could be compared to using one single key for your car, house, and office. If someone gets your key they have access to everything. Using different passwords means you have to remember more but it reduces the possibility that someone could gain access to all your accounts.

Don’t check “remember my password” boxes.

I know it’s tempting, but the “remembering” of passwords by applications is not generally a good idea. Many of them have no (or inadequate) built-in security to protect them. Some programs actually store the password in clear text in a file meaning anyone with access to the computer can read the password.

The summary – at last

Have policies in place that mean we need to change our passwords regularly and meet a certain minimum password strength. Unless you are using systems that do not accept the stronger password tips discussed earlier there is no reason why you cannot start putting some of these things into practice. But these tips do not only apply at work, they are equally applicable at home.

If you want some ideas about strong passwords you can go to “” (yes, you can trust this link ….). Please DO NOT type in your ACTUAL password, just use it as a guide.

If you think you might have received a Phishing scam, you can visit or and search for information on the e-mail received

The last words: Don’t be worried, be safe!

]]> 0
Huge Denial Of Service Attack Thu, 22 Dec 2016 04:51:24 +0000 Read more]]> As you may be aware, several large and popular Internet sites were made very difficult to access a few days ago. This was due to two separate Distributed Denial of Service (DDoS) attacks. These were not attacks against the web sites themselves, but against a popular DNS provider, Dyn. The services themselves were still operational, but the lack of DNS services (Dyn) did not visitors to find the IP addresses for those web services.

While it’s early days, the initial reports suggest that the attack was hosted from a class of devices known as The Internet Of Things (IoT). Think about webcams, DVR’s, routers, fridges, televisions, home automation, security systems, light bulbs, and so forth. These are connected to the Internet, and are often directly accessible from the Internet, with little or no protection making them easy prey. In this instance it would appear they were infected with the Mirai malware that turned them in to a huge army ready and willing to do whatever the malware told them to. This time it was a Distributed Denial of Service (DDoS).

This attack servers as a timely reminder that even the most seemingly innocuous device can be used to cause harm or participate in attacks. Producers of these devices are being reminded that good security is not an optional extra. But it’s not just the producers, when we buy and install these devices we should always remember to do the basics :

    • Protect them from unauthorized access by restricting who can get to them
    • Stop them going out to untrusted web sites where they can pick up malware (televisions are a good example of this)
    • Change the default passwords before they made generally accessible
    • Apply any updates or patches the vendor provides
    • Install antivirus if the device is capable or running it (for example, if the device is actually a full computer)We hope you continue to enjoy the rapidly increasing connectivity our everyday devices have, and do it safely to protect yourselves and the rest of the internet!
]]> 0
IT Security Awareness – Privacy and WEB Browsers Wed, 15 Jun 2016 04:21:24 +0000 Read more]]> OK, let’s take a look at WEB Browsers. It’s your window to the World Wide Web, but just like in a house a window can be used to break in as well as look out. We have limited my explanations to Firefox from Mozilla and Internet Explorer from Microsoft. The same sorts of tips apply to other browsers such as Chrome, Safari, and so forth.

#1 Keep it up to date (update the locks on the window)

It may seem obvious, but when your browser version is updated it often closes many “holes”. Internet Explorer is currently at version 9 and Firefox is at version 5. Both have minor updates regularly so keep an eye out for them. For Internet Explorer, make sure you have Windows Updates enabled on your computer. Firefox will generally let you know when an update is available but you can always go into Help, About Firefox to check.

Of course it’s not just the WEB browser. It’s also all the add-ins and other tools on the computer. It’s important to make sure they are kept up to date as well. It can be a daunting task but there are tools out there to help. Obviously with Microsoft products you can make sure Automatic Updates are enabled, but for other products, they these :

  • Secunia Consumer products ( : These tools will scan your
    computer and ensure that the latest versions are installed. If not they will assist you in getting updated.
  • Qualsys Browser Check ( : This tools will scan your Web Browser and
    ensure that it, and your plugins, are updated. If not they will assist you in getting updated.

If you don’t have time to keep up to date with all your plugins, at the very least keep on top of Adobe Flash and Adobe Reader.

#2 Change the security settings (add bars to the window)

Internet Explorer 8 and higher come with a number of features enabled by default. Earlier versions may need a tweak. There is a huge amount you can
configure with Internet Explorer ranging from DEP (Data Execution Protection/Prevention) all the way to blocking scripts and popups, disabling cookies, phishing filtering, controlling content and downloads, managing component behavior and cross domain security, and so forth. If any of that sounds like geek speak then you may want to get guidance before changing stuff as you can seriously impact your browsing pleasure ! If you are feeling brave then pretty much everything is configurable from the Tools / Internet Options menu.

Firefox also has a plethora of configuration updates that can help (or hinder) your time on the Web. These are mostly available under Tools / Options.
However, there are other options available for you in the guise of plugins. Firefox has a vibrant plugin market (not all of which are “good” or “safe”).

We have listed a couple here to get you started!

  • NoScript ( : Provides a level of protection against various forms of scripting attacks. It’s been around for a while now and has a good history.
  • HTTPS Everywhere ( : This plugin tries to connect to a WEB site
    securely (using HTTPS) if you forget. If the site does not offer a secure connection it reverts back to an insecure connection. It takes the guesswork away!

#3 Keep a good firewall and anti-virus program installed and updated (add a burglar alarm and a security guard)

Yes, we know, we keep saying it. Anti-virus software is a must these days, and it needs to be a good one (there are some very good free products too). It really pays for itself the first time you visit a compromised WEB site (do we all remember the Herald Sun incident a couple of weeks ago?). When combined with a firewall, be it on your computer or between your computer and the Internet, you really do get yourself off to a great start.

Now, we don’t want to start any arguments here, but both anti-virus and firewalls are really a very good idea regardless of what operating system you use. Enough said.

#4 Try out some WEB site warning or blocking services (employ an armed patrol at the gate)

What about the idea of knowing a Web site is potentially bad before you even get there ? Well, you can. There are a number of solutions out there already.

Later versions of Internet Explorer, for example, will let you know if a site is possibly worrisome. These two options are also very good and have been
around for a while

  • OpenDNS FamilyShield (http://www.opendns cheap cialis generic : OpenDNS provides a free service that allows you to change over and use THEM as your Internet DNS provider (rather than your Internet provider which is the norm). Due to the nature of how the Internet works they
    will let you know before you actually get to a site if it does not meet a set of criteria you lay out.
  • WEB Of Trust ( : This is a community effort that allows you to vote on the reputation of a Website and be alerted to the opinion of others on the Internet.

#5 Don’t be an administrator (keep the key somewhere else)

It’s almost never a good idea to be an administrator of your own computer when browsing the Internet. While operating systems in general have improved tremendously over the years it is still possible to configure a computer so that you are always an administrator. Whenever possible, don’t. The fewer permissions you have when you browse the Internet, the fewer permissions the malware has when it attacks !

Other technologies help to reduce the risk. Things such as UAC (in the Microsoft world, and it’s equivalents in the Apple and Linux worlds) go a long way towards helping. But heed point #6!

Other options include “sandboxing” and “virtualization”, but that is really another article all together.

#6 Use your own good judgement (… don’t live next door to anyone that scares you)

Yes, at the end of the day technology can only do so much. You need to be vigilant and wary. Always take note of waning messages that pop up rather than just clicking “Continue” or “Ok”, because in effect you are telling all that protection technology you have installed that “I really don’t care, just
install that virus and let it do what it wants”. Also, letting your Web Browser store you passwords for you is generally not a fantastic idea. There are a
plethora of applications that are easy to get hold of and whose sole purpose is to get your “forgotten” passwords out of your WEB browser, be it Internet Explorer, Firefox, Chrome, and so forth.

Well, that is about it for this edition. Check out the rest of our website for more IT blogs and feel free to pop us an e-mail with any questions or suggestions.

How smart is my phone? Fri, 03 Jun 2016 05:36:03 +0000 Read more]]> These days it’s really hard to buy a cellular phone that just makes phone calls. Go on. Give it a go. Instead, phones are becoming mobile computers that access our social network sites, our e-mail, our personal banking, our family photos, videos of those dance moves at the club, and a myriad of other things we hold dear.

So. What happens if someone takes your phone ? Exactly what can they do ? I’ll let you think about that for a moment.

Instant access always open
Setting a simple lock code on your phone, and setting it to activate automatically, is the simplest and most basic solution. This means that all your e-mail accounts, social network accounts, pictures, and everything else have a basic first line of defense. It’s simple, and effective as a deterrent to all but a determined thief.

Don’t let an SMS ruin a good day
SMS Phishing is a technique that tries to get you to give information out to someone who appears to be a friend. Say for example your partner has their phone and wallet/purse  stolen and the thief sends you a message asking you to remind them of their PIN number. What do you do ? Is that something you would expect of your partner ? Another little known feature of many devices is the ability to “configure” them using an SMS message. Telephone providers use this method to help you configure a phone for their network. But, on many phones these messages are received and actioned automatically and silently. You may never even know you received the message! To help counter this is it possible on some devices to disable the automatic processing of these type of messages, meaning it does not actually action any change until you open the message. That allows you to decide whether or not open it or just delete it.

All that storage!
Many phones have a whole heap of storage available (way bigger than my first hard disk !!). Some phones have this as “internal” storage and other phones allow you to plug in additional memory cards to extra storage. The sheer amount of information you can carry around is amazing. Always remember that the “removable” storage in your phone is just that, removable. Often it can simply be plugged into another phone or a computer and all it’s contents can be read or copied. Some phones allow you to encrypt that removable storage. While it does impact the speed of the storage, I recommend you do it. Internal storage is far less susceptible to this and, as long as the phone itself has some sort of password and lock on it you really have to be determined (or a government spy) to get information out of it. More and more so these days smart phones are encrypted out-of-the-box so that is good news.

It’s SIMple really
Sorry about the pun. SIM cards are tiny bits of plastic and metal that allow your phone to connect to the world. Not many people actually store any information on SIM cards any more (sometimes contacts are kept there), but they do allow someone to pretend to be you. It’s effectively your phone number. To stop people pretending to be you, always try and put a PIN number of your SIM card. That will mean that if someone does take your SIM card and plug it into another phone, they won’t be able to use it unless they know the PIN.

Virus Alert
As phones become ubiquitous, the baddies are starting to seize the opportunity and are creating malware for smartphones that work in a similar way to those on computers. They steal data, send messages pretending to be you, run up large call or data costs, and send premium SMS messages. To help combat this some anti-virus vendors have versions of their software specifically for smartphones.

Now, not all phones are created equal and not all these tips are relevant for every phone so it’s important to seek advice if you need to. Additionally, judge for yourself the level of concern you have with your own phone and take appropriate action (or inaction) to suit your particular needs.