The Actrix Online Informer is published each month to help keep
Actrix customers up-to-date with what's happening on the Internet, and to
help ensure they have every opportunity to benefit from it.
Welcome to the June Actrix Online Informer
Welcome to the June 2010 Actrix Online Informer, and nearly the midpoint of the year.
We hope there's something of interest for you in the month's edition, so pull the heater up next to your computer or take your laptop into the lounge by the fire and enjoy.
Does your password pass?
This is an updated version of an article we ran back in 2008. Back then we had a problem with spammers guessing customers' account passwords, and then setting up sub mailboxes under those accounts to use as e-mail addresses from which to send spam. It would appear they are at it again.
Spammers can crack passwords very quickly using programs designed to do 'brute force' username/password guessing. The software cycles through a bunch of common passwords, hoping to hit a match that works. Because a surprising number of people have poor passwords – they tend to have a lot of success.
And if they've cracked your account in order to set up a mailbox, they can also read your mail and get up to all sorts of other worrying mischief. They probably won't because they want to remain hidden, but that's hardly comforting!
In response we will soon be strengthening the minimum requirements for passwords and contacting at-risk users advising them to change their passwords. The new minimum requirements for passwords will be that each must contain at least:
Below we'll suggest a system you can use to come up with a password that contains all these things, is very hard to crack, but is also very easy for you to remember, and even to vary for different log-ins. We'll also tell you about how to change your passwords and settings.
But first, there are a number of generalisations about Kiwis and their passwords. We have a number of bad password habits that might make it easy for baddies to guess or 'brute force' them.
1) The most common form of password is either a pet's or child's name with the digit 1 after it. I think this is because many people don't think about a password until they're setting up an account or log in. Typically they are informed that a password should have letters and numbers, and the first thing that comes into their head that they think they will remember is their child's (the firstborn, or the most recent-born is the most common) or their pet's name. The 1 gets added because they have to have a number in the password and this is the easiest number to remember.
If I wanted to guess your password, then, I would try a few combinations on your kids' or pets' names first. A 'brute force' bot program will be able to try thousands of combinations around common pet or child names in seconds.
2) It is extremely common for people to substitute letters for numbers that look like letters. The letter 'o' gets replaced by a zero. The letters 'i' or 'l' get replaced with a 1. The letter 's' gets replaced by a 5, 'g' by a 9, etc. So using your kids' or pets' names and substituting numbers and letters isn't going to slow down the spammers' bot programs for long.
3) Many people still use a birth date or part of their phone number for the required number(s) in their password. These may be easy to remember, but such numbers are also easily guessed. Short combinations of numbers are also little problem for the bots.
4) Almost unbelievably, some people still think the most obvious password is the one that will never be guessed. They may use the word "password" or pa55word," or phrases like "letmein" or "opensesame" and think they're being really clever. Unfortunately, they're not nearly as original as they think they are. Be sure the 'brute force' bots know about all of these!
5) Many people go years without changing their passwords. Reasons for this would include them not finding the matter important, or just having too many passwords at all sorts of different places, so the thought of changing each one becomes all a bit too much. Probably too, a lot of people have forgotten their passwords, and sometimes you need to know your password before you can change it.
There are two schools of thought on how often to change your password. Some argue that if you have a really good password, then you don't need to change it all that often. They may be right – but the key point is having a really good and uncrackable password that bears no apparent semblance to any real word.
6) People use the same password at various places. Again, this is done so that not too many passwords need to be remembered, and the same password can be used for logging onto the Internet, onto the banking site(s), the auction site(s) and the online dating site or web forum. Unfortunately, though, if your password is harvested, and the harvester suddenly has access to everything you've got.
Okay, so how can you choose a good password?
A good password should be a mixture of letters and numbers, and there should also be a mixture of capital and lower-case letters. But a good password also needs to be easy for you to remember, and for most of us, remembering a string of gobbledegook (e.g. kq9Ph3I9) is not easy.
One suggestion is to think of a core password that would look like gobbledegook to anyone else, but would make sense to you because you know its key. You could then use that core at all of your different log-ins, with a unique variation added to it (also easy to remember) for each separate log in.
Confused? Let me explain.
Think of a short phrase such as a line from a nursery rhyme (e.g "to fetch a pale of water") and reduce it to a series of letters. The core of our password suite will thus become "tfapow". Next change the "to" to the numeral 2 and the letter o to a zero. Our password is now 2fap0w (which isn't too hard to remember if we know how it was derived).
The next step is to think of a unique identifier for each of the sites where you log in. The main colour of a site might be an example. So, if I was logging into my Westpac banking site (mainly red in colour), I might add RE to the front of the password. As soon as I accessed the Westpac site, the main colour would remind me that my password for this site starts with RE, and because I've memorised the core password, I can remember that my password is RE2fap0w. If I was logging into an ANZ web site my password would be BL2fap0w. Of course, colours is just one option. Perhaps there's some other unique identifier for each site: the first or last two letters of the company's name... use your own creativity to find a pattern that works for you.
Next time I change my core password to hd50aw (Humpty Dumpty sat on a wall), my password at the Westpac site would change to REhd50aw.
Another simple method for choosing passwords is to use nonsense syllables and separate them with numbers such as the following: breeN91gilB, ritT81bleeG, or fiM43drutT. Nonsense syllables are easier to remember because they are pronounceable, but they won't make sense to anyone else, and are therefore pretty un-guessable. However, if you're changing your password regularly, these become harder to remember, in my opinion, because there is no system to them.
How and why should you protect your password?
It is one thing to choose a good password that is not easily guessed, but the best password in the world is of little value if you are careless with it.
The most obvious thing that comes to mind here is phishing scams. We've all had those e-mails turn up that purport to come from our ISP, or from PayPal, or Trade Me, or eBay, or our bank warning us that we're about to be cut off or that something has gone wrong with our account, and could we please go to a special page to log in and stop this terrible thing from happening. Of course, behind the scenes, this web page only looks like the authentic one, and it is really designed to capture your log in details for some hacker's nefarious purposes.
Most people are probably aware of phishing scams by now, and are less likely to fall for them, but hackers and web-tricksters are always finding new ways to part people from their passwords, and a high level of suspicion regarding any request for your password is appropriate. Reputable companies have a policy never to request your password in an e-mail, so anyone who does it is highly suspect.
Writing your passwords down is a bit of a tricky one. If they're written down on a piece of paper (and some security advisors recommend this instead of storing them electronically), then they are not vulnerable to a hacker who may have compromised your computer. They are, however, vulnerable to anyone who might be looking through your drawers or papers.
It's generally good practice, too, not to have your user name and password (e.g. dialup or browser-based log-ins) remembered automatically by your browser. If you do this, and your computer is stolen, make sure you contact your online providers immediately to have the password(s) changed.
Lastly, exercise extreme care in choosing who you share any password with. I have been surprised on more than one occasion to find that customers have complained someone else has been using their account and it turns out to be an ex-boarder, or someone with whom they've had a relationship break-up. Our terms and conditions state that your account is for your use alone. Understandably, couples etc will be sharing accounts and we don't mind that, but you give your password out to anyone else at your own peril, especially if you forget to change it once they've moved on.
Some general dos and don'ts by way of summary
Facebook and your privacy
Facebook has been in the news a fair bit lately, mainly for the way in which it has altered users' privacy settings without adequately explaining to them how and why. Many users have had enough or see this as the last straw and are quitting Facebook for good. In fact, 31 May was international Quit Facebook Day. If quitting altogether is too radical for you (who could live without Facebook anymore?) then here is a round up of blogs and articles you may find helpful.
While your Actrix broadband connection should work continuously and without interruption, there may be the odd occasion where things just don't work as you'd expect. Our friendly helpdesk staff are happy to assist with these sorts of issues, but quite often simply restarting your modem (powering it off and then back on) is all that's required to get you up and running again.
It's important to remember, however, that your modem will take a minute or
two to restart (some older models may take up to five minutes). It has to
negotiate with various servers to get connected back to the Internet, and
this can take time, so it's best to give it a few minutes before trying the
If you'd like to ask a question or request some help on any Actrix or Internet-related matter. Simply send us an e-mail with the word "Forum" in the subject line. I'll try and get an answer to you by return e-mail, and will also post the answer here for the benefit of others who may have a similar question or problem. By the same token, if you read something here and think you may have something to suggest, feel free to contribute. Please also note that questions and answers may turn up under the Helpful Tips section on the Actrix home page (www.actrix.co.nz).
Colin writes: I live in a rural area and am wondering whether broadband can be received here. How do I go about this?
Hi Colin, There can be problems getting ADSL broadband to work in rural areas. This is mainly due to the quality of the copper network out in the country and the distance between you and your local telephone exchange. Our help desk staff have a line checking tool that they can use to get an indication of whether ADSL is possible for you or not, though sometimes a "likely" is the best indication the tool can give, as there are so many variable. Definitely worth a look though. Give the help desk a call on 0800 228749. They can also answer other questions you may have.
These questions and answers may also be of help.
Patrick writes: Later in the year I am to spend three months or so in the USA. I am thinking of buying a laptop over there rather than lugging one over. I'm assuming the institute at which I'm staying will have some Internet connection. Could you please tell me how I can continue to use my Actrix connection there to receive and send emails. I suspect it will be somewhat like your advice about using a mobile phone, but with some differences.
Hi Patrick, Yes, you can continue to use Actrix email and your Actrix email address when overseas. You don't need to connect through Actrix to access your incoming mail, so the Internet connection provided by your institute there will be fine. That Internet provider should also have no problem with you using your Actrix email address to send email.
On your new laptop your email settings should all be the same as they are here except for the outgoing mail server setting. It is normal for any Internet provider to require you to connect only to their mail server when you are sending email. So when you get your new laptop in the States, set up your email program as follows:
Email address: your Actrix email address
There are instructions for setting up various email programs at http://www.actrix.co.nz/page.php?id=125 (just remember to replace the outgoing [SMTP] mail server settings with those of your American provider).
I hope that helps.
Please note: Actrix supplies links to these sites for your interest and possible use. We cannot endorse or take any responsibility for their contents.
Got a site you think would be neat to share with other readers?
Click here to e-mail and let me know!
Cyberspace news snippets
What's been happening in the online world?
Social site use rising as privacy fears grow: New Zealanders' use of social networking sites such as Facebook and Twitter is soaring amid growing public concern about privacy on the web, a new poll shows. Click here for more.
E-therapy to chase away blues: Mental health patients could soon be receiving treatment over the web under plans to launch a national e-therapy programme. Click here for more.
Portals to give parents look into schooling: Parents will be able to check their children's school attendance and test results through online portals that will soon be provided by at least 250 schools. Click here for more.
Google cars gathered home internet data without telling: Google has collected personal wireless internet data from New Zealand homes through cars sent around the country for its Street View project. Click here for more.
GST rise will give overseas web firms edge say retailers: Retailers say the looming rise in GST will give online merchants overseas an even bigger price advantage. Click here for more.
Adultery site aims to hook New Zealanders: Typical male: no commitment and lots of sex. That's one of almost 3000 taglines used by Kiwis who have signed up to a website designed to help people have extra-marital affairs. Click here for more.
Social web use best protected via education: Published this week, the survey of Individual Privacy and Personal Information shows that 43 per cent of us now use a social networking site such as Facebook or Twitter. Click here for more.
Internet abuzz with Budget chatter: Kiwis took to the internet to react to the release of Budget 2010 - with the majority believing they are better off after the announcements. Click here for more.
Kiwi broadband speedier: Broadband speeds have improved in New Zealand but are slower outside of Auckland and vary considerably between internet providers (ISPs), the Commerce Commission says Click here for more.
Revised copyright bill still flawed: InternetNZ seminar: Termination of internet accounts as a penalty for persistent copyright infringement through music and movie downloading could put people in peril of breaking the law in more serious ways, lawyer Rick Shera has told a seminar on the Copyright (infringing File-Sharing) Bill, now before Parliament. Click here for more.
Judge orders Facebook truant groups shut: A judge in the Argentine province of Mendoza has ordered Facebook to shut groups created by minors to organise mass truancy from school. Click here for more.
Will social media ruin reality TV?: Facebook, Twitter and YouTube are threatening to spoil reality TV by spilling its secrets before they can air. Click here for more.
Webby Award winners announced in New York: The 14th annual Webbys, which celebrate internet achievement, were announced overnight by the International Academy of Digital Arts and Sciences, a 550-member group of web experts. Click here for more.
Judgement Day: Website lets peers review you: It used to be that a potential employer would call your references to see whether you'd be a good fit. But what if you showed up for an interview and the employer already knew you blew an important project at your current job, just by checking on the Web? Click here for more.
Facebook users reject illusion of privacy: As many as four out of five Facebook users accept that the site offers no privacy, unlike the majority of the general population who consider it a private space. Click here for more.
Facebook must evolve or wither, say analysts: In the fickle world of social networking, Facebook is ubiquitous. But will you still love it tomorrow? Click here for more.
Internet Explorer losing grip on browser market: IE remains dominant today. But, compared to its heights in the early 2000s, it's slipping. This week, the market researcher NetApplications released a report saying IE has fallen to less than 60 percent of the browser market. Click here for more.
Facebook page that led to block removed: A Facebook page that was considered offensive to Islam and led to a Pakistani ban on the site has been removed, possibly by its creator. Click here for more.
Being yourself online: Author Adam Singer says "analysing, taking sides and causing controversy" are great for a blog's popularity and that walking on eggshells gets you nowhere. Click here for more.
Google bans 'cougar' dating site ads: Google is being accused of double standards after a decision to censor the placement of ads for a dating site catering for cougars - older women who seek the company of younger men. Click here for more.
'Rogue' internet firm 3FN shut down: A net firm that actively 'colluded' with many net criminal groups has been dismantled by US authorities. Click here for more.
Virtual life after death: When you die, what happens to your online life? Click here for more.
The net is not just for the young: Helping older people get online is vital, and part of a wider transformation, says Bill Thompson. Click here for more.
Director: Firefox 4 will be 'fast, powerful': In a presentation to Firefox developers, Mozilla's Mike Beltzner said that the planned version 3.7 of the browser will now become Firefox 4.0 - a revamp clearly designed to close ground on Microsoft's Internet Explorer and stay ahead of competitors like Google's upstart Chrome. Click here for more.
Do you get e-mail rage?: It happens without warning. You're scanning e-mails and suddenly you're triggered by someone's words or a tone you sense – or even see; the e-mail is filled with "ALL CAPS" or "Exclamation points!!!" or bold formatting. Click here for more.
Google official reaffirms HTML5 readiness: Despite concerns that it is far from being finished, HTML5 is ready for use, at least for most platforms and for most duties, asserted a Google developer. Click here for more.
Youngsters rein in Facebook use: It might go against conventional wisdom, but a new report from the Pew Internet & American Life Project is adding fuel to the argument that young people are fast becoming the gurus of online reputation management, especially when it comes to social networking sites. Click here for more.
Farmville, Mafia Wars stay on Facebook: Quelling rumours of a breakup, Facebook and the company behind many of the most popular games on the social network say they've signed a five-year partnership that will keep Farmville, Mafia Wars and Cafe World on the site. Click here for more.
South Africa mulls porn ban: A South African government official is proposing a complete ban on digitally distributed pornography and has approached the country's Law Reform Commission to ask whether a change in the law is possible. Click here for more.
Most of us Google ourselves, survey finds: Web search engines make our lives easier: They connect us with what we're searching for in a matter of seconds, and sometimes they bring us to places we didn't even know we were looking for. Click here for more.
Mom Uses Facebook To Find Kids: A California woman whose children were kidnapped 15 years ago located them in Central Florida -- by using Facebook. Click here for more.
Security and Safety
Child abuse 'big business online': There are 450 gangs around the world making money from images of child sex abuse, a UK-based internet watchdog says. Click here for more.
How to stop becoming phish food: Safeguards to stop people falling for phishing scams are not working, says Bill Thompson. We need a different approach. Click here for more.
Online sex predators on rise: Victoria Police have confirmed that organised criminal networks and individuals in and outside Australia have been grooming children for illegal sex and the number of predators is rising. Click here for more.
Sites caught sharing secret data with advertisers, report says: A report in the Wall Street Journal indicates that Facebook, along with MySpace, Digg and a handful of other social-networking sites, have been sharing users' personal data with advertisers without users' knowledge or consent. Click here for more.
Microsoft unveils free web version of Office 2010: Gone are the days when Microsoft could simply unveil a new version and know the market would rush to adopt it. Click here for more.
The Weird, Wide Web
Student on Trade Me mission: The teenage creator of the "invisible ute" Trade Me auction has launched her next cyber project after the success of her tyre sale. Click here for more.
Long-lost brothers reunite via Twitter: We've heard of musicians finding collaborators via Twitter and reporters finding sources, but what about long-lost brothers finding each other? Well, that's what happened to Matthew Keys, online news producer for KTXL FOX40 News in Sacramento, California. Click here for more.
Hacker steals 22,000 email address, demands Astley tune: Dutch hacker Darkc0ke hijacked a radio station database containing 22,000 email addresses and threatened to publish them unless the station play Rick Astley's Never Gonna Give You Up, a variation of an internet meme known as "rickrolling." Click here for more.
Each month we dredge through our archives to pull out stories from the Actrix Newsletter of exactly five years ago. Sometimes these stories will show just how much the net has changed in such a short time, and sometimes they'll be included just because they're interesting.
Net-illiterate 'failing children': Internet-illiterate parents could leave their children on the wrong side of the digital divide, researchers have said. Click here for more.
The Internet, ranked No. 1, changed the world: Today, with a couple of clicks, you can go anywhere in the world without leaving your computer. Click here for more.
Children drive home internet use: Children rule the roost when it comes to home net access, a survey has found. Click here for more.
One in 20 'fall for online fraud': One in 20 UK internet users say they have lost money through online scams, research into spam emails suggests. Click here for more.
E-mails 'hurt IQ more than pot': Workers distracted by phone calls, e-mails and text messages suffer a greater loss of IQ than a person smoking marijuana, a British study shows. Click here for more.
Thanks again for reading the Actrix Online Informer. Feedback can be sent to me via the e-mail address listed below. Please limit this to comments/suggestions regarding the newsletter. Non-forum requests for support should go to the Actrix Help Desk (firstname.lastname@example.org) or to the Accounts Department (email@example.com).
Copyright © 2010 Actrix Networks Limited | Contact: firstname.lastname@example.org