The Deep Web (also called Deepnet, the invisible Web, dark Web or the hidden Web) refers to World Wide Web content that is not part of the Surface Web, which is indexed by standard search engines. http://en.wikipedia.org/wiki/Deep_Web
What is the Invisible Web? Is it some kind of Area 52-ish, X-Files deal that only those with stamped numbers on their foreheads can access? Well, not exactly. The term "invisible web" mainly refers to the vast repository of information that search engines and directories don't have direct access to, like databases. Unlike pages on the visible Web (that is, the Web that you can access from search engines and directories), information in databases is generally inaccessible to the software spiders and crawlers that create search engine indexes.
How Big is the Invisible Web?
In a word, it's humungous. Bright Planet estimates the invisible, or deep, web as being 500 times bigger than the searchable, or surface, Web. Considering that Google alone covers around 8 billion pages, that's just mind boggling.
Why Is It Called "The Invisible Web"?
Spiders meander throughout the Web, indexing the addresses of pages they discover. When these software programs run into a page from the Invisible Web, they don't know quite what to do with it. These spiders can record the address, but can't tell you squat about the information the page contains. Why? There's a lot of factors, but mainly they boil down to technical barriers and/or deliberate decisions on the part of the site owner(s) to exclude their pages from search engine spiders. For instance, university library sites that require passwords to access their information will not be included in search engine results, as well as script-based pages that are not easily read by search engine spiders.
Why Is The Invisible Web Important?
Perhaps you think it would be easier to just stick with what you can find with Google or Yahoo. Maybe. However, it's not always easy to find what you're looking for with a search engine, especially if you're looking for something a bit complicated or obscure. Think about the Web as a vast library. You wouldn't expect to just walk in the front door and immediately find information on the history of paper clips lying on the front desk, right? You might have to dig for it. This is where search engines will not necessarily help you, and the Invisible Web will. Plus, the fact that search engines only search a very small portion of the web make the Invisible Web a very tempting resource. There's a lot more information out there than we could ever imagine.
How Do I Use The Invisible Web?
Fortunately for you and I, there are many other people that have asked themselves the exact same question, and have put together great sites that serve as a launching point into the Invisible Web. Here are some general gateways:
* One of the best ones out there is the Direct Search site put together by Gary Price, a librarian and information research consultant. His page is nicely organized into searchable categories and is updated frequently.
* Another good resource is the Invisible Web Directory , put together by the aforementioned Gary Price and search guru Chris Sherman. This site is a directory of searchable databases, organized by subject.
* The Resource Discovery Network has resources mostly from the United Kingdom, and is extremely well-organized and very searchable.
* The University of California, Riverside maintains InfoMine , an incredible resource that at last count included over 100,000 links and access to hundreds, if not thousands, of databases.
* The Virtual Library is simple and easy to use, with annotated subject links. I especially appreciate the annotations because it helps rule out extraneous search time.
AboveTopSecret.com is the Internet's largest and most popular destination for the intelligent discussion of "alternative topics" with more than 3.8 million pages of content where 196,234 members have created 8,976,405 posts on 573,442 different topics in 162 discussion forums.
Outsmart Hackers Forbesasked prominent security researchers and consultants for tips on creating passwords that keep your online accounts secure. Here's their advice.
Easy To Remember
Kevin Johnson, a senior security analyst at security consultancy firm InGuardians, says passwords don't have to be hard to remember, just hard to crack. He suggests typing a sentence with lots of words and including punctuation. With enough words, it keeps the password sufficiently long but makes them easier to type and remember.
Change It Up
Arbor Networks' Jose Nazario suggests changing your passwords more often based on the sensitivity of the content those accounts protect. He says accounts protecting financial information, for example, should have strong passwords that are changed often and are never reused.
Misspellings OK
Alexander Peslyak, chief technologist at security software company Openwall, suggests avoiding password phrases like "To be, or not to be" that appear elsewhere. Deliberately misspelling words can make passwords harder to crack too, he says.
Nothing Personal
Paul Judge, chief research officer at anti-spam company Barracuda's threat analysis lab, suggests staying away from using words and numbers that are dear to you--pets, significant others, your mother's maiden name, etc. That kind of information can be easy to find at sites like social networks, he says.
Scramble It
Cryptography Research's Paul Kocher suggests that if you need to write a password or pin on a piece of paper, scramble the letters. He says even something as simple as swapping or adding digits can help prevent misuse.
Separate Passwords
Jeremiah Grossman, chief technologist at consultancy WhiteHat Security, notes that you wouldn't have the same key for your home, car and office--so don't keep the same password for different sites either. That way, he notes, if one account is compromised you won't give the attacker a foothold into the rest of your accounts.
Seek Help
Nate Lawson, president at Root Labs, suggests using a password manager like Keepass on Windows or 1password on Macs to generate stronger passwords than you may be able to remember.
Add A Number
Rich Mogull, chief executive at analyst firm Securosis, says you should consider adding a number to the end of sentence-based password phrases for extra uniqueness.
Avoid Public Wi-Fi
Alex Sotirov, an independent security consultant, avoids public wi-fi and typing passwords into other people's machines in case a keylogger is installed. People can watch network traffic, he notes, and staying away from wi-fi points at places like Starbucks can squelch the opportunity for others to "sniff" out your passwords.
Lots Of Levels
Lookout Chief Technologist Kevin Mahaffey says that if you have to reuse passwords, only do so at unimportant sites. Having different levels of passwords will help prevent attackers from gaining a foothold into your entire online life
Https
Cryptography Research's Kocher suggests making sure that you only log in on pages protected with SSL encryption. Look for the "s" in "https://" and you can decrease the likelihood that someone could sniff your password on an open network or public wi-fi access point. He says you'll also help protect yourself against phony Web sites and other phishing attempts.
Deceptively Strong
Openwall's Peslyak warns that cheap password management software can sometimes generate passwords that look strong but aren't. He also warns against the default passwords generated by many Web applications, which can also be weaker than they appear.
Write It Down
WhiteHat Security's Grossman says that it's much easier to secure a piece of paper than a computer. So if you need to write your passwords down, do it on a physical medium. This way bad guys have to be on premise to steal them and can't reach into your computer from afar.
Archive It
Cryptography Research's Kocher suggests archiving important passwords so that friends and family can have access to your accounts in case tragedy strikes.
Replace It
Some people replace letters for numbers, and vice versa, in their passwords in hopes of making them more secure. So, instead of typing "replace," they type "r3plac3." Openwall's Peslyak says this doesn't always work because software can replace letters too, allowing a hacker to crack your password. Peslyak says you should use different numbers to replace a letter, i.e.,"r7plac8" not "r3plac3."
BURLINGAME, Calif. -- When it comes to being targeted by a hacker, you're more likely to be a fish than a deer.
Unlike in the movies, where cybercriminals are able to pinpoint their victims (deer), real-life bad guys are automating attacks across large pools of people (fish) in hopes of stealing data from a few.
A recent hack on a social-gaming company called RockYou suggests that hackers can be more efficient when they target large groups of people rather than trying to crack one person's password. By casting a wide net, a hacker gained control of over 32 million RockYou user passwords. Security company Imperva, which discovered and announced the security hole in RockYou's database systems, analyzed the stolen passwords and published a paper based on the password data.
Here's what Imperva found: The most common password used was "123456," followed by "12345" and "123456789." All in all, more than half a million people chose passwords composed of only consecutive numbers. So, if a hacker tried to log in to all RockYou accounts with just one password attempt--123456--every hundred or so attempts would yield a compromised account. Dozens of attempts can be scripted every second, so Imperva estimates that using this technique would only take around 15 minutes to hack 1,000 accounts.
"The entire operation of password breaking ... looks very different than what we've been used to thinking," says Imperva Chief Technologist Amichai Shulman.
The RockYou password sample is biased towards people who play social games on sites like MySpace. Moreover, programmers can mitigate the threat of automated attacks by building lock-outs and other security mechanisms into their Web applications.
But for the most part, programmers aren't taking the key steps to prevent automated attacks, says security analyst Kevin Johnson, who teaches a course on hacking Web applications for the SANS Institute, a security training outfit.
"The majority of Web applications aren't protected against that kind of attack," says Johnson. "Security is not something on most people's mind."
In a world where hackers are merely looking to pluck "the low hanging fruit," good security is less about being impenetrable and more about picking better passwords. Here are some tips from security experts:
--Make your password easy to remember. Johnson says passwords don't have to be hard to remember, just hard to crack. He suggests typing a sentence with lots of words and including punctuation. With enough words, it keeps the password sufficiently long but makes them easier to type and remember.
--Change up your password. Arbor Networks' Jose Nazario suggests changing your passwords more often based on the sensitivity of the content they protect. He says accounts protecting financial information, for example, should have strong passwords that are changed often and are never reused.
--Use different passwords for different accounts. Jeremiah Grossman, chief technologist at consultancy WhiteHat Security, notes that you wouldn't have the same key for your home, car and office--so don't keep the same password for different sites either. That way, he notes, if one account is compromised you won't give the attacker a foothold into the rest of your accounts.
So just remember: Attacks happen, and you probably shouldn't take them personally. And you likely can out-smart a hacker merely by giving a little thought to your password.
