Holy Shit! My Favorite Site got Hacked! Part 3

Welcome to the final part of my series of posts on hacking.  Holy Shit part 1 can be found here, Holy Shit part 2 can be found here.

In this part, I will present more tools that can be used to stop hackers or at least slow them down from stealing your personal information.  With these you will be able to encrypt your computer data or emails, or generate strong passwords and keep a copy of them in a safe place if you can’t remember them.

The first tool is TrueCrypt, a free open-source application that can encrypt/decrypt data on the fly. The application is simple to use, but still offers more complex options for those who know what they are doing. The official website offers lots of documentation and tutorials. The easiest way to use this tool is to create a virtual disk where you will copy the information you wish to encrypt. This allows you to encrypt only a few files and not the whole file system. Encrypting/decrypting everything can be costly in terms of computer performance, so I suggest only encrypting the essential information. Also, the virtual disk can be moved or simply copied as an encrypted backup. The two downsides of TrueCrypt is that if you forget that password, getting back your data will be complicated. Additionally,  if that password isn’t strong enough, hackers won’t be all that thwarted.

Which bring us to Keepass, a password manager, also a free open source application. The easiest way to hack somebody is to know his passwords and most people have only a few of them when they are hard to remember or they use simple one which are easy to hack. Keepass removed these two weakness from users passwords. It allows you to generate complicated passwords for specific accounts and keep that information in an encrypted file. For safety reasons, you can create a printable page with all the account data, including readable passwords in case something happens to your Keepass database. You can also use Keepass on a USB memory stick and bring these passwords with you everywhere and the various versions are compatible (I use it under Linux and Windows back home using the same database). Also, Keepass offers other protection, by allowing you to avoid typing your login information in lieu of copying and pasting it.  Keepass has a setting that will wipe the memory after a certain number of seconds. Copy-pasting protects against keyloggers and Keepass erases the memory which stops hackers from gaining access to that information at all. Keepass also offers a standalone password generator and options to expire entries or group them in categories.

Another “tool” is GPG (or GnuPG) which will encrypt your emails. Unfortunately, this requires both the sender and recipient to have public keys on a GPG server and email application to support this feature or do it manually (most webmail doesn’t support encryption this way). I find it a bit too cumbersome to use to bother with it.

Finally, keeping your information safe require effort on your part. Be prudent, watch what you are doing and always check if you trust the website, email sender or link before clicking on it. Of course the best way of staying 100% sure that you won’t get hacked is to not use the Internet at all. (But don’t do that.  ~ed.)

2 replies on “Holy Shit! My Favorite Site got Hacked! Part 3”

I started using LastPass recently – do you have any thoughts on that program? So far, I guess it’s kind of nice, but it bothers me a titch that it saves passwords, which kind of defeats the purpose of having a record of difficult-to-remember passwords if anyone hacks it (I do have a tough password securing my LastPass archive though). Another issue with LastPass is that I must have had a LOT of remembered passwords on Firefox, some of which were out of date, because LastPass saved up to 4 passwords for certain sites. Confusing.

I did check LastPass website before writing this article. There is one thing I don’t like about it: the integration with the web browser. They are full of security weakness for hackers to exploit. In fact, I wouldn’t recommend using the Firefox and friends “save password” feature, because of that. Also, I can see not wanting to have 1 password protecting all the rest, but human’s mind isn’t limitless and I sure have a lot of login credential to remember. ;)

Leave a Reply