1. Home
  2. Inconsistent, misleading password meters can increase risk of cyber attacks: Study

Inconsistent, misleading password meters can increase risk of cyber attacks: Study

Agencies
December 23, 2019

Washington D.C., Dec 23: Inconsistent and misleading advice offered on some of the world's most popular websites could actually be doing more harm than good, says a recent study.

Password meters">Password meters are frequently made available to help the users secure their personal data against the threats posed by cybercriminals.

The study conducted at the University of Plymouth has assessed the effectiveness of 16 password meters that people are likely to use or encounter on a regular basis.

The research says that there is a clear level of variation in the advice offered across different websites.

The study was published in the journal Computer Fraud and Security.

The main focus was dedicated password meter websites, but the study also sought to assess those embedded in some common online services (including Dropbox and Reddit) and those found as standard on some of our devices.

And while some meters do effectively steer users towards more secure account passwords, some will not pick them up when they try to use 'abc123', 'qwertyuiop' and 'iloveyou' - all listed this week among the worst passwords of 2019.

The study was conducted by Steve Furnell, Professor of Information Security and Leader of the University's Centre for Security, Communications and Network Research.

Commenting on the latest research, Prof Furnell said: "Over the festive period, hundreds of millions of people will receive technology presents or use their devices to purchase them."

"The very least they should expect is that their data will be secure and, in the absence of a replacement for passwords, providing them with consistent and informed guidance is key in the quest for better security."

"What this study shows is that some of the available meters will flag an attempted password as being a potential risk whereas others will deem it acceptable. Security awareness and education are hard enough, without wasting the opportunity by offering misleading information that leaves users misguided and with a false sense of security."

The study tested 16 passwords against the various meters, with 10 of them being ranked among the world's most commonly used passwords (including 'password' and '123456').

Of the 10 explicitly weak passwords, only five of them were consistently scored as such by all the password meters, while 'Password1!' performed far better than it should do and was even rated strongly by three of the meters.

However, one positive finding was that a browser-generated password was consistently rated strong, meaning users can seemingly trust these features to do a good job.

Prof Furnell added: "Password meters">Password meters themselves are not a bad idea, but you clearly need to be using or providing the right one."

"It is also worth remembering that, regardless of how the meters handled them, many systems and sites would still accept the weak passwords in practice and without having offered users any advice or feedback on how to make better choices," he added.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
Agencies
May 19,2020

Cybersecurity researchers on Monday warned of a Trojan malware campaign which is targeting India's co-operative banks using COVID-19 as a bait.

Seqrite, the enterprise arm of IT security firm Quick Heal Technologies, detected the new wave of Adwind Java Remote Access Trojan (RAT) campaign.

Researchers at Seqrite warned that if attackers are successful, they can take over the victim's device to steal sensitive data like SWIFT logins and customer details and move laterally to launch large scale cyberattacks and financial frauds.

According to the researchers, the Java RAT campaign starts with a spear-phishing email which claims to have originated from either the Reserve Bank of India or a nationalised bank.

The content of the email refers to COVID-19 guidelines or a financial transaction, with detailed information in an attachment, which is a zip file containing a JAR based malware.

Upon further investigation, researchers at Seqrite found that the JAR based malware is a Remote Access Trojan that can run on any machine which has Java runtime enabled and hence it can impact a variety of endpoints, irrespective of their base operating system.

Once the RAT is installed, the attacker can take over the victim's device, send commands from a remote machine, and spread laterally in the network.

In addition, this malware can also log keystrokes, capture screenshots, download additional payloads, and extract sensitive user information, Seqrite said, adding that such attack campaigns can effectively jeopardise the privacy and security of sensitive data at the co-operative banks and result in large scale attacks and financial frauds.

To prevent such attacks, users need to exercise ample caution and avoid opening attachments and clicking on web links in unsolicited emails.

Banks should also keep their operating systems updated and have a full-fledged security solution installed on all the devices, Seqrite advised.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
News Network
July 24,2020

Melbourne, Jul 24: Home-made cloth face masks may need a minimum of two layers, and preferably three, to prevent the dispersal of viral droplets associated with Covid-19, according to a study.

Researchers, including those from the University of New South Wales in Australia, noted that viral droplets are generated by those infected with the novel coronavirus when they cough, sneeze, or speak.

As face masks have been proven to protect healthy people from inhaling infectious droplets as well as reducing the spread from those who are already infected, several types of material have been suggested for these, but based on little or no evidence of how well they work, the scientists said.

In the current study, published in the journal Thorax, the researchers compared the effectiveness of single and double-layer cloth face coverings with a surgical face mask (Bao Thach) at reducing droplet spread.

They said the single layer covering was made from a folded piece of cotton T shirt and hair ties, and the double layer covering was made using the sew method described by the US Centers for Disease Control and Prevention (CDC).

The scientists used a tailored LED lighting system and a high-speed camera to film the dispersal of airborne droplets produced by a healthy person with no respiratory infection, during speaking, coughing, and sneezing while wearing each type of mask.

Their analysis showed that the surgical face mask was the most effective at reducing airborne droplet dispersal, although even a single layer cloth face covering reduced the droplet spread from speaking.

But the study noted that a double layer covering was better than a single layer in reducing the droplet spread from coughing and sneezing.

According to the researchers, the effectiveness of cloth face masks is dependent on the number of layers of the covering, the type of material used, design, fit as well as the frequency of washing.

Based on their observations, they said a home made cloth mask with at least two layers is preferable to a single layer mask.

"Guidelines on home-made cloth masks should stipulate multiple layers," the scientists said, adding that there is a need for more research to inform safer cloth mask design.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
News Network
January 27,2020

Mumbai, Jan 27: The country's largest car maker Maruti Suzuki India (MSI) on Monday said it has increased prices of select models by up to Rs 10,000 with immediate effect to offset the impact of rising input costs.

The price change varies across models and ranges up to 4.7 per cent (ex-showroom Delhi) and are effective from January, 27 2020, MSI said in a statement.

The price of entry level model Alto range has gone up in the range of Rs 9,000-6,000, S-Presso between Rs 1,500 to 8,000, WagonR between Rs 1,500 and Rs 4,000.

The company has also increased the price of its multi purpose vehicle Ertiga between Rs 4,000-10,000, Baleno by Rs 3,000 to 8,000 and XL6 by up to Rs 5,000 (all prices ex-showroom Delhi).

Currently, the company sells a range of vehicles starting from entry-level small car Alto to premium multi purpose vehicle XL6 with price ranging from Rs 2.89 lakh to Rs 11.47 lakh (ex-showroom Delhi).

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.