It happens to the best of us, I guess. Late Wednesday, the cable company Comcast had their website redirected to a page created by hackers. Members of the the hacker group Kryogeniks were apparently really proud of blocking Comcast customers from using their web-based email service, potentially affecting up to 14 million customers.

The hackers somehow obtained the username and password for Comcast’s domain name registration account with NetworkSolutions. They logged into Comcast’s account and updated the settings to redirect their home page.

According to sources at NetworkSolutions, Comcast’s account was not hacked nor compromised. Currently, it’s unclear as to how they acquired the username and password.

I’m taking away a valuable lesson from this unfortunate incident: Guard my usernames and passwords with my life. I’ll continue to use my encrypted password manager software, 1Password. Another effective option is to periodically change passwords associated with sensitive accounts.

I recently received an email from Google on how to avoid phishing, or attempts by criminals to fraudulently collect passwords, credit card numbers, and other sensitive information through email.

Here are some basic tips on how to avoid these scams:

• Don’t reply to or click on links in emails that ask for personal, financial, or account information.
• Check the message headers. The From: address and the Return-path should reference the same source.
• Instead of clicking on the links in emails, go to the websites directly by typing the web address into your browser, cutting and pasting it, or using bookmarks.
• If on a secure page, look for “https” at the beginning of the URL and the padlock icon in the browser.
• Keep your computer’s antivirus, spyware, browser, and security patches up to date, and regularly run system scans.
• Review your accounts regularly and check for unauthorized activity.
• Use a browser that has a phishing filter (Firefox, Internet Explorer, or Opera).

According to a recent post on Macworld.com, Google’s Blogger service is getting hacked by spammers sending coded instructions. The spammers are able to create new pages on the Blogger service to showcase their usual junk products. The surprise element for me is the fact that the spammers are able to overcome and break the CAPTCHA, the funky graphical mix of numbers and letters that must be entered to complete account registration. This was created to limit account registrations to humans. CAPTCHA may now be a thing of the past.

Those darn spammers are getting smarter by the minute!

Dogpaw Studio clients with sites running dynamic applications like WordPress for blogs, Joomla! for content management systems, or phpBB for forums must also be on the lookout for hackers with bad intentions. One of the best measures to take in the fight against spammers/hackers is to routinely make backups of server files and databases. If a malicious attack hit one of your accounts, we could merely restore your site from its backup version. This can make the difference between requiring 1-2 hours of work and many, many hours of work to restore a website.

For about $45, we perform routine backup procedures for many of our clients, which include file backup as well as archiving up to two backup versions on multiple hard drives. Fortunately, we’ve only had one site hacked in the eight years we’ve been in business. Security against hackers and spammers have come to be a reality of the internet, as shown in the unfortunate example above regarding Google’s Blogger service. The good news is that our clients can rest assured that if they experience a hack, we can easily and efficiently restore their website using one of our routine backups.

Another smart way to patch security vulnerabilities is to update software when developers release new versions. All of the blog, forum, and content management system software that we install can be updated by us.

Be smart! Contact us about our routine backup procedures or software updates today!

Passwords galore! It seems like I have to select a password for something every single day. With so many options and methods for creating passwords, how do you pick the right one?

Sometimes you can just pick a password that’s easy to remember like your favorite color or type of pizza. These might be OK for low-risk websites but high-risk and more sensitive areas or websites are best secured with a strong password.

A strong password typically includes:

• a random mix of numbers, upper and lowercase letters, and symbols
• at least 12 characters

Avoid:

• usernames
• dictionary words
• familiar names, dates, telephone numbers, and streets
• passwords you’ve used on another high-risk website (if that password is compromised, multiple accounts may be compromised)

Our clients typically require passwords for email accounts, hosting ftp servers, website statistics, ecommerce/shopping cart admins, content management system (CMS) admins, Google AdWords, and more. I recommend strong passwords for all of these sensitive areas such as: 6e9pzP2s84Ts, 3&W9&7B2JV3g, N873#L:88dWw. But don’t use these examples because anyone reading this blog will know them!

With all of these complex, hard-to-remember passwords, there’s a tendency to write them down on a Post-it note and stick it on your computer. That defeats the purpose of having a strong password since a thief can use that same note to access to your sensitive website accounts. A better option is to use a password management application. There are many out there for both Mac and Windows. Personally, I couldn’t live without 1Password, which is made for Macs. I use it to manage countless passwords and it even has a feature that helps you create strong ones. Just keep in mind that a good password manager should encrypt all of your stored passwords.