Kaspersky Lab researchers have examined publicly available hardware and software tools for hidden password cracking and have discovered that a powerful hacking tool can be created with just $20 and a few hours of work from someone with basic programming skills.
In an experiment they used a USB device based on a improvised Raspberry Pi, set up in a specific way and even without having any malware installed. Armed with this device, they were able to collect hidden data associated with identifying users from a corporate network at a rate of 50 password violations per hour.
In order to protect your computer or network from attacks with the help of similar DIY devices, Kaspersky Lab security experts advise the following:
For regular users:
– When returning to your computer, check for additional USB devices that protrude from your ports.
– Avoid accepting flash drives from unreliable sources. This unit could actually be a password hyphen.
– Get the habit of ending sessions on sites that require authentication. Typically, this means clicking a “disconnect” button.
– Change your passwords regularly; both on your computer and on frequently used web pages. Remember that not all your favorite websites use cookie data substitution mechanisms. You can use specialized password management software to easily manage powerful and secure passwords, such as the free Kaspersky Password Manager tool.
– Enable two-factor authentication by requesting, for example, a connection confirmation or using a distinctive hardware.
– Install and regularly update a security solution from a proven and trusted vendor.
For system administrators:
– If network topology allows, we recommend using only Kerberos protocol to authenticate domain users.
– Limit privileged users to the domain by logging in to legacy systems, especially domain administrators.
– Domain users’ passwords must be changed regularly. If, for whatever reason, your organization policy does not involve regular password changes, be sure to change this policy.
– All computers within a corporate network must be protected by security solutions and regular updates must be ensured.
– To prevent the connection of unauthorized USB devices, a device control feature such as that available in Kaspersky Endpoint Security for Business Suite may be useful.
– If you are the owner of the online resource, we recommend that you enable HSTS (Strict HTTP Transport Security), which prevents HTTPS from switching to HTTP and spoofing login data from a stolen cookie.
– If possible, turn off the listening mode and turn on the Client (AP) privacy setting on Wi-Fi routers and switches, disabling them from listening to other workstations.
– Turn on the DHCP Snooping setting to protect corporate network users from receiving DHCP requests from a fake DHCP server.
(Συνολικές Επισκέψεις: / Total Visits: 11)
(Σημερινές Επισκέψεις: / Today's Visits: 1)