SWITCH Security-Blog

SWITCH-CERT IT-Security Blog

Jekyll or Hyde? Better browse securely

A Guest Article by Stefan Lüders.*

Surfing the web is like walking London in 1886. Usually you meet nice and lovely Dr. Jekyll, interact with him, and all fine, cosy and perfect. But in other circumstances, during the night, you might hit on evil and malicious Mr. Hyde. He just wants your money and your secrets, or abuse you. As in the novel by Stevenson, the good and the bad web pages can be very close together. Continue reading

Why you should treat passwords like your toothbrush

A Guest Article by Stefan Lüders.*

Your password is your entry token into the digital world. eBay, Amazon, Facebook, Twitter – your company accounts – all ask you for a password to authenticate and prove that you are you. And vice versa: If I know your password, I can impersonate you and use your money to buy from eBay or Amazon, post nasty messages on your Twitter or Facebook profile, or misuse computing facilities of your company or organization in your name!

Would you give me your UBS bankcard and its PIN number? Of course not! Please apply the same sensitivity to your digital credentials, i.e. passwords, SSH keys, certificates, etc. Beware of attempts to “steal” your password. Computing staff, including the Computer Security Team, will never ask for your password (nor will any other legitimate person at Facebook, eBay, etc.). So be wary of malicious e-mails, or other means requesting your password. Never send it via e-mail, and type it only into web interfaces you know and trust.

Remember: Your password should be treated like a toothbrush: do not share it, and change it regularly!

Continue reading