BY STEVE FISHER
THE INTERNET offers
increased social interaction, new ways to shop,
new methods to pay bills
and much more. Unfortunately, it also offers
new ways to rip us off. It
pays to be extra vigilant
if you’re going to spend time online.
The Connection turned to Kurt Muhl, a
security analyst for Red Team Security
Consulting ( redteamsecure.com) in St. Paul,
Minnesota. Kno wn as “white-hat hackers,”
the firm finds security flaws in applications
and websites. You might not be able to be
;;; percent safe online, but you can follow
Muhl’s advice to help minimize your risks.
The Costco Connection: What are the biggest
vulnerabilities on the internet that lead to
Kurt Muhl: One of the biggest ones that I
typically see is fake websites. Anytime you’re
looking to buy something—let’s say car
parts—you don’t really know where to
search, so you go to Google and just type in
“car parts cheap.” Hackers know how to
manipulate those search engines, so if I put
“car parts” a million times within my code,
Google will parse me as being a No. ; hit for
car parts. [The hackers’] goal is to make
their website look legitimate so that you say,
“Hey, I need these parts.” You put in your
credit card information, and, ta-da, now the
bad guy has all of your credit information.
CC: Is online banking safe?
KM: In general, [it is] safe. I always like to
caveat that with “Hackers are always coming up with new ways of misusing things.”
CC: What are some practices that people can
follow to protect themselves?
KM: If you’re going to shop online, go for
known retailers. The second thing is always
use secure websites, indicated by https,
where possible. If you look at your web
browser at the very top in the URL, you’ll
see that it has the green little lock telling
you that it’s secure. And don’t click on ads.
If you’re looking for a new clock for your
house, when you go back to Facebook, you’re
going to see ads on your Facebook page for
that exact same clock. Avoid clicking on it,
because many sites don’t validate who
they’re getting their advertisements from.
So what ends up happening is I, as a bad
guy, can write some quick code that does
some bad stuff and set it up as an advertisement. Now, when you click on it, I can do
some bad stuff to your computer. The other
thing that I always recommend, on top of
not clicking on ads, is using an ad blocker.
CC: Is there a hack-proof password?
KM: No, but I will say that there is such a
thing as a password that is unlikely to be
cracked within a reasonable amount of time
with today’s technology. The factors that go
into determining how hackable a password
K Internet safety
Tips from a “good” hacker to protect your ID
Are you protected against identity theft?
Look into Complete ID through Costco
Services. Go to CompleteID.com.
is, are: how guessable it is, its length and its
complexity. You should have four or five
character types—uppercase, lowercase,
numbers and special characters. And length
determines how many different tries they
have to use to get your password.
CC: To what extent should you have separate
passwords for each online account?
KM: All the time. With the technology that’s
out there nowadays, there’s no reason not
to. Password safes [such as Dashlane and
LastPass] will manage all of your passwords
for you. You can have it ;;, ;;, ;; characters
long, and you don’t have to remember it. All
you’ve got to do is enter one password to get
into the safe.
CC: How often should pass words be changed?
KM: As often as you’re comfortable with.
Password managers may offer to assign
expiration dates, but if you’re not using one,
;; or ;; days is probably best.
CC: Are ID protection programs valuable?
KM: They can be really valuable. With how
prevalent identity theft is, ID protection
programs put all of the information that
you need in one particular place.
You call up your protection provider
and they can give you all of the steps to
restore your identity. They can also tell you
all the places that we know your information
was stolen or that somebody used your
information to take a mortgage out and they
never paid it. There are places that are
actively monitoring for things like that, and
they can help you start to recover. C