Web Design Brisbane - Raycon Web Design Brisbane - Raycon

Articles

View full article list

Paris Hilton

Mark Edwards
07-03-2005

Paris Hilton learned a hard security lesson when the account for her mobile telephone was recently hacked. The phone numbers of all of her friends and associates were made public knowledge, along with personal photos and emails.



Once this story was spread over the Internet and the international media, the numbers found were deluged with calls and text messages from people all over the world.



So how did the hackers break into the phone account? My recent story of Bluetooth vulnerability in mobile phones sprang to mind and I immediately assumed this was how it was done. Alternately, I imagined some kind of brute force password cracking algorithm being employed. On reading a little further into the story, it appears that the technology used was just common sense.



The company which provided Paris with her account had an online service which was password protected. Knowing that people lose or forget their passwords, they ask you to select a question like "what is your mother's maiden name" to which only you should know the answer. If you lose your password, the site will ask you this question before allowing you to change the password to your account.



In this case, Paris had chosen the question "what is the name of your pet?" Though I am not even a small fan of Ms Hilton, even I am aware that she has a pint sized pooch as a pet. A quick Google search reveals that it is a Chihuahua called Tinkerbell.



Surprise, surprise, this worked and the hackers were in. The rest is history.



Here are some simple rules for choosing a secure password:



1. Never use less than 6 characters.

2. Add at least one capital letter as passwords are almost always case sensistive. But don't make it the first letter. Set yourself a rule that you will always make the third and fifth letters, for example, of your password capitals but the rest lower case.

3. Add at least one number to your password.

4. Add a punctuation mark to your password but don't use the exclamation point, the dollar sign, the ampersand or the "at" symbols as these are the first ones people guess when trying to crack your password. Use something like the tilde.

5. Don't use a single word like "secret" or "password". Common words chosen for passwords are provided in dictionaries for software specifically designed to guess them.

6. Don't use words that could be easily guessed by someone who knows a little about you.

7. If you are creating an account on another website like a chat site, don't use an important password like your Internet banking password or your pin number. Whilst you can rely on your bank to keep your password safe it is not a given at other sites.

8. Don't write down your password, or tape it under your keyboard or on your monitor.



Whilst this is not an exhaustive list, following it will ensure you don't easily end up in Paris Hilton's shoes, which, to save you having to guess, are a size 10.

View full article list