Malvertising: Taking annoying ads to the next level

Advertising has always been a necessary part of entertainment. You may just want to read that article posted online without interruption, but someone has to pay the writer's salary; if you aren't doing it then an advertiser has to. However, a technique being used by hackers to infect computers is turning this model on its head. 

Malvertising is a term for hiding malware within advertising on legitimate sites, thereby lulling users into a false sense of security right before their machines get compromised. It's a hard-hitting form of hacking that can lead to the breaching of private information, which is why users should do everything they can to avoid becoming a target. 

"Hackers generally go through third-party ad providers."

No site is safe

Until recently, the best way to stay safe online was to avoid less-than-reputable websites. Big, recognizable names were considered secure, as these companies had the money to keep hackers at bay. However, as a recent malvertising campaign levied at viewers of Forbes content showed, size doesn't really matter if hackers know how to play the system. 

In a move to boost advertising numbers on its site, the company recently decided to force people using ad blockers to turn these applications off when viewing Forbes content, according to Network World. While this certainly boosted views of ads on the site, it also allowed hackers to deliver malware-laced pop-up ads to anyone viewing the annual "Forbes 30 under 30" article. 

Although this ironic twist of fate has hurt Forbes's reputation within the cybersecurity community, it isn't entirely to blame here. While ad blockers certainly help fight the risk of infection from certain malvertising campaigns, How-To Geek contributor Chris Hoffman explained this software doesn't stop every threat

According to Hoffman, something as simple as forgetting to patch outdated pieces of software could allow hackers an easy way into your computer. Hackers generally go through third-party ad providers to release their malvertising, which is why it doesn't really matter how reputable the original site is. Once a vulnerability has been established, a Flash object can be used to compromise your machine. Most computers automatically play Flash files, which allows cybercriminals to bypass the human element and infect your computer more efficiently. 

Malvertising is used by hackers to infect machines. Malvertising is an easy way for hackers to infect your computer.

What can the average user do?

Even though they aren't perfect, applications like Adblock Plus still work to fend off certain malvertising campaigns while also giving you an ad-free experience across the Web. Another action users can take is to enable Click-to-Play in their browsers, which allows users to choose which Flash plug-ins they want to view and which they want to leave them be. This allows the user to take control of what's being downloaded by their computer, thereby decreasing the risks of automatically getting compromised by malvertising. 

Finally, those wishing to defend their computers should look into cybersecurity software designed to ward off malware. This technology is meant to be a last line of defense against malicious campaigns like malware, and could very well save you from the headache of dealing with malvertising. 

Total Defense

What We Have to Say:

Find More Anti Virus Articles

Read More


How to make a password

Your account passwords are becoming just as important as your house keys. Despite this, many people don't treat password creation with the respect it rightfully deserves. In fact, so many people use "123456" to access their accounts that SplashData found it to be the worst password in both 2014 and 2015. 

The only people that benefit from simple passwords are hackers, so it's important to solve the problem now before any of your data gets stolen. Thankfully, making a new password is easy if you know what to do. 

"Making a new password is easy if you know what to do."

Begin by realizing what you're up against

The problem with simple passwords has to do with two different kinds of hacking styles. The first is called brute force, which is where the hacker uses a computer to guess multiple passwords in quick succession. This is why passwords like "123456" aren't secure in the slightest, as the computer will be able to brute force these almost instantly. 

A good way to find out if your password is safe from such an attack is to check it out on howsecureismypassword.net. This site uses previously gained brute force knowledge to estimate how long it would take for a computer to guess your password. The results aren't 100 percent accurate, but they're good enough to tell you if some of your old passwords are still viable. 

Another technique hackers like to use involves researching a target's online life, which has more to do with those security questions on your account than the actual password itself. A hacker may not be able to research your password, but they will be able to find out your first dog's name or the city you were born in.

This is the kind of information they can use to bypass your password altogether by simply clicking the "forgot my password" option that most sites have. The only way to fight this is to be vigilant about what you put online. If your dog's name is a well-known fact on Facebook, you probably shouldn't use it as a means of accessing your private accounts. 

You shouldn't use easy-to-access information as your security qeustion. You're in for a ruff time if you use this guy's name as the answer to your security question.

Passwords should be long and strong

Now that you know how hackers generally access your accounts, it's time to actually create your new passwords. It's worth noting here that you should be using a unique password for each account with private information. Using the same phrase for your bank account as you do for your Facebook profile is one of the easiest ways to get hacked. If one of your accounts is compromised, then all of them are at risk if you reuse passwords.

So what should a password look like? The general consensus within the security community is that passwords should contain uppercase and lowercase letters, as well as numbers that don't correspond with something a hacker could easily find online, like your birth year. The word also needs to be long, usually more than six characters. On top of that, you should endeavor to avoid words found in the dictionary, as hackers often use guessing algorithms set up to check for these kinds of words. 

A great way to create a solid password is to use the first letters of a longer phrase with random numbers at the end. Something like "I don't like to play soccer but I like to play football" could be transformed into "IdltpsbIltpf3978," with each of the "I's" being capitalized. That password is reasonably easy to remember if you're a football enthusiast, and it would take a hacker's computer approximately 38 billion years to guess. 

That said, keeping all of your passwords in line can be difficult, especially if you have a large number of accounts. This is why security professionals often recommend that you use a password manager, which is where a company stores all of your passwords in one secure space for later use. These sites generally offer two-factor authentication, meaning you don't have to worry about a hacker gaining access to all of your precious passwords. 

Your online security is just as important as the safety of your home, and you should treat it as such. Creating a complex password for each of your most important accounts allows you to keep your information out of the hands of hackers. For your own sake, take the time and create some new passwords today. 

Total Defense

What We Have to Say:

Read More


Is your smartphone secure?

Smartphone ownership is no longer a luxury afforded only to the rich. With the Pew Research Center having found that American smartphone ownership grew from 35 percent in 2011 to 68 percent in 2015, it's clear that people are rapidly seeing the benefits of these handy gadgets. However, with this rise in popularity comes the risk of a cyber attack.

Hackers know that users store and transmit a lot of personal data with their phones, and they also know people often don't protect their own devices. But what do these hacks look like, and what can consumers do to protect their smartphones? 

"Smartphones are easily stolen or lost."

Physical theft is a problem

One of the biggest weaknesses of smartphone security has to do with the device's best feature: mobility. Smartphones are designed to be movable, which means they're also easily stolen or lost. In fact, a study conducted by Kensington found that around 70 million smartphones are either stolen or left behind annually. What's more, 93 percent never find their way back to their rightful owner. 

While having to replace your smartphone is certainly a pain, the real issue here is that a skilled hacker might be able to access the data on your device if you don't protect it properly. Hack Cave published a few methods for bypassing an Android's password screen, which means allowing your smartphone to fall into the hands of a knowledgeable criminal could very well end in a breach of your private information. 

A smartphone is a computer

The other issue with current smartphone security is the fact that many users don't seem to view their devices as computers. Users know their phones have the same capabilities as a desktop, but they often forget that this means smartphones have similar vulnerabilities. This usually translates to risky Internet surfing behavior, which hackers exploit to their advantage. 

A smartphone is just a smaller computer, with similar vulnerabilities. Users often forget their phone can be hacked like a computer.

A perfect example of this is the Stagefright exploit on Android devices that's been named Metaphor. This hack begins with a criminal getting the target to visit a compromised website, according to The Hacker News contributor Swati Khandelwal. This site will have a video containing malicious code that forces the device to crash, thereby sending information to the hacker about the phone.

After a few more steps, the criminal can send another malware-infested video file that will allow him to monitor the victim's activity. This technique works on Android versions 2.2 ­to 4.0 and 5.0 to 5.1, which includes millions of devices. Google has been working to fix vulnerabilities such as this, but many people don't update their phones' software enough to receive these patches.

What's a user to do?

Clearly, hackers pose a very real threat to smartphone security. That said, there are a few steps users can take to massively increase their ability to fight off an attack. First and foremost, people need to be mindful about their devices, both in the physical world and on the Internet. Leaving a smartphone on the bus can be just as dangerous as clicking links from an unknown email account, so users should endeavor to think through their actions.

This also means keeping up with software updates, as these often plug vulnerabilities that hackers like to exploit. After that, it's important to invest in solid cyber security software for your mobile device that can help you avoid risky websites. Your smartphone deserves just as much security as your home computer does, and protecting it against cyber attacks could very well save you the headache of dealing with the breaching of your private information. 

Total Defense

What We Have to Say:

Read More