RSS

Category Archives: Digital Security

Message To Computer Security Experts From Users: Take This P******d And Shove It!

ARE PASSWORDS  REALLY THAT DIFFICULT?

When it comes to creating passwords for social networks, business [to a lesser extent] or more alarmingly e-commerce programs, most Web users seem to have gotten lazy. That’s the (not particularly shocking) news last month from Web security firm Imperva, which examined data uncovered in a recent breach of a site called RockYou.com: users are simply continuing to ignore experts’ advice.

Password copyFortunately, or not depending on your perspective, there is no paucity of advice on the subject of password selection and protection offered by computer and information security (CIS) experts and analysts – and even though that advice has been around for even as long as a couple of decades now, it is continually evolving.

And yet there will likely be no changes in users’ behavior even with the recent news of the intrusion into web company RockYou and the subsequent pilfering and posting of approximately 32 million user passwords: security analysts were alarmed to find a continuing trend in password choices: one out of five Web users still decides to leave the digital equivalent of a key under the doormat – they choose simple, weak, easily guessed passwords like “abc123,” “iloveyou” or even “password” to protect their data.

There are even some experts like Cormac Herley, Principle Researcher at Microsoft Research who are suggesting that the burden is just too high for users and that it might be entirely rational to reject the experts advice.

It appears Herley might be correct in his assertion [spelled out in detail in his paper] that statistically the overall costs to all users exceeds the relative benefits to the few who might be harmed, yet none of us would appreciate being counted among the statistical few who are indeed compromised.

Vigilance over our digital data is mandatory and the advice offered by experts is valid, but I agree with the assertion made by Herley that the blame lies not with the pallid behavior of computer users, but rather with the complex and incoherent burdens placed upon individual users. More directly: the blame lies with the security experts and the burdens they place upon us.

In order to fix this apparent hole from an individual users point of view there needs to be a universal solution that is far easier to enact than what is about to follow. The human factor is truly security’s weakest link.

Read the rest of this entry »

Advertisements
 
7 Comments

Posted by on July 7, 2010 in Computing, Digital Security

 

Tags: , , , , , , , , , , , , ,

The Safeberg ‘Key on Paper’: Another Two-Factor Authentication Scheme

The Safeberg 'Key on Paper' (or Trusted Paper Key, TPK) unique printed key.

What exactly is this you ask, and how do I use it? What it is, is a Safeberg ‘Key on Paper’ (or Trusted Paper Key, TPK), a uniquely printed key. And how it’s used, according to Safeberg, is as follows:

With this key you can easily access the backup of your files whenever you want. Without the Key on Paper, it is impossible to access your files.

The key can be read by means of a photo, scan, or even your mobile phone. This way, you will not have to retype the extremely long key.

The idea for the Trusted Paper Key was developed as an answer to the question: where could a key to all my data be stored best? Not at Safeberg. And not on your computer, due to its vulnerability. Why not on paper…?

Without your key, you can not access your files. “If you lose your key,” states Safeberg, “we can not offer you any help. We advise you to print the key more than once and store it in a safe place.“

Suggestions on where to save your key:

  • In your own house
  • With friends or family (besides the key, you also need a Safeberg Password to access your files)
  • In a safe

Read the rest of this entry »

 
Leave a comment

Posted by on March 4, 2010 in Computing, Digital Security

 

Tags: , , , , , ,

How Breakable Is Your Password And What Does It Say About You?

passwords

 
Leave a comment

Posted by on February 13, 2010 in Computing, Digital Security, Fun

 

Tags: , ,

How Do You Keep Track Of Your Passwords?

Passwords are a critical security step in protecting our data – we use them for web access at e-commerce and online banking sites, or even file encryption processes used on our computers locally – and the quality of those password choices seem to correlate directly with a given methods ease-of-retrieval process. I.E. Strings of random characters – the best choice for passwords – are difficult to remember. As such, many users, especially those who don’t use password managers or write their passwords down, will default to easy-to-remember passwords, rendering the effectiveness of those digital keys to a minimal level at best.

These are the results of an ongoing SlashDot poll, with the majority (70%) of users [most of whom are likely technology savvy] choosing to store password by memory.

I am among the 17% who uses a password manager, like LastPass.

Results are current as of 2/13/2010.

image

 
Leave a comment

Posted by on February 13, 2010 in Computing, Digital Security, Technology

 

Tags: , , ,

U.S. Enables Chinese Hacking of Google According to Schneier

Hackers seeking source code from Google, Adobe and dozens of other high-profile companies used unprecedented tactics that combined encryption, stealth programming and a zero day exploit hole in Internet Explorer, according to new details released by the anti-virus firm McAfee.

hack The attack, which has been described as ”highly sophisticated,” used nearly a dozen pieces of malware and several levels of encryption to burrow deeply into the bowels of company networks to extract data while obscuring their activity, according to Dmitri Alperovitch, vice president of threat research for McAfee.

Once the user visited the malicious site, their Internet Explorer browser was exploited to download an array of malware to their computer automatically and transparently. The programs unloaded seamlessly and silently onto the system, like Russian nesting dolls, flowing one after the other.

“The initial piece of code was shell code encrypted three times and that activated the exploit,” Alperovitch said. “Then it executed downloads from an external machine that dropped the first piece of binary on the host. That download was also encrypted. The encrypted binary packed itself into a couple of executables that were also encrypted.”

One of the malicious programs opened a remote backdoor to the computer, establishing an encrypted covert channel that masqueraded as an SSL connection to avoid detection. This allowed the attackers ongoing access to the computer and to use it as a “beachhead” into other parts of the network, Alperovitch said, to search for login credentials, intellectual property and whatever else they were seeking.

The hack attacks have been dubbed “Operation Aurora” by McAfee due to references in the malware to the name of a file folder named “Aurora”

Read the rest of this entry »

 
Leave a comment

Posted by on January 29, 2010 in Computing, Digital Security

 

Tags: , ,