Archive for November, 2009

don’t hack my password

Enterprises looking to maintain IT infrastructure integrity and deter hackers from attacking employees’ passwords, can tap software and simple guidelines to generate secure passwords, according to a security specialist.

Ronnie Ng, Symantec’s manager of systems engineering in Singapore and Indonesia, noted that there are systems and configuration management software, which include components and policies that allow IT administrators to enforce strong password guidelines within the organization.

Recent security incidents have stepped up the need for robust secret code. Last month, 20,000 passwords obtained from a phishing scam turned up on a third-party Web site, revealing login credentials to Windows Live Hotmail, Gmail and Yahoo Mail accounts, among others. A subsequent analysis of the compromised passwords revealed that many users were tardy in creating secure passwords.

Viruses such as Conficker and Gumblar, have already attacked the IT infrastructure of organizations such as the Australia and New Zealand Banking Group.

With these in mind, here are five considerations to strengthen passwords and the password-generating process, for both work and play.

  • Use tools that automatically generate random passwords

IT professionals, Symantec’s Ng noted, should make use of business software that allow the automatic generation of random passwords based on a fixed schedule.

“So even if a certain password somehow becomes compromised, it will only be good until the randomization expires, and it will only apply to [a] particular computer,” said Ng.

  • Use alphanumeric characters and unique symbols to create stronger passwords

Alphanumeric characters with a mixture of upper and lower case letters, numbers and symbols, will make it tough for hackers to crack. Employing this approach will make passwords “as meaningless and random as possible”, according to Ng.

Tech author and columnist J.D. Biersdorfer, noted in a video for the New York Times that such characters and symbols should also be worked into the answers of your challenge questions.

  • Instead of mnemonics, try a ‘pass-phrase’

Researchers at the Carnegie Mellon University in the United States have found out that using mnemonics, which require users to generate a password using the first letter of every word in a sentence, are not as secure as initially thought.

According to a Newsweek article, 144 volunteers were each asked to create a mnemonic password in a study conducted in 2006. The researchers then built a simple program to scour the Web for famous quotes, ad slogans, song lyrics and nursery rhymes, amassing 249,000 entries. Using this list, which is a relatively small universe of phrases in the security field, the researchers cracked 4 percent of the group’s mnemonic passwords, proving that this method has its fallibility.

Far more secure are pass-phrases such as “du-bi-du-bi-dub”, which would withstand a brute force attack–in which a hacker attempts “a,” then “ab”, then “abc”, and so on–for “531,855,448,467 years”, according to the report. So think long, but easy to remember phrases, the next time you generate a password.

  • Change passwords periodically

According to Symantec’s Ng, organizations should incorporate system prompts to alert employees to change their password every 45 to 60 days. Frequent password changes result in higher security, making it more difficult for intruders to access company data using outdated passwords. “But do strike a balance as overly frequent changes may hinder productivity,” he noted.

  • Avoid generating passwords using personal information

Internet users have a common headache: there are too many passwords to remember. Today, with Web-based email programs, Internet banking accounts, instant messaging tools, and corporate office computers among some of the more common systems or equipment requiring a password to authenticate entry, it is hard work for users to remember all their passwords.

However, users should not base passwords on the convenience of their personal information, Ng pointed out. Such data include names, nicknames and birth dates.

Former Governor of Alaska in the U.S., Sarah Palin, is a cautionary tale. Last year, her personal e-mail account was hacked into by a student, who simply searched the Web to find out Palin’s birth date, postal code and where she had met her husband to crack her security code.

So who wants to try a password like “du-bi-du-bi-dub”? That’s quite an interesting one, and it looks easy to remember as well. Another issue that wasn’t covered in this article is the fact that people like to use ONE password for everything: their email account, Paypal, eBay, etc. It’s pretty simple to get to the rest of the accounts once you know one of the passwords. Get into an email account like Hotmail and by sifting through their inbox, it shouldn’t be too hard to guess what other sites they visit on a regular basis.

Advertisements

google’s chrome os

Yesterday, Google showed the world its upcoming Linux based Chrome operating system for the first time. Till now, the project had been all theory and talk, but now the company has given something much more concrete to bank on. Although it is still at least a year till the OS is actually released, but Google did give the world its open source code and displayed what it would be like when in action.

Keeping things simple, Google is not aiming at taking over the PCs of the world, but experts still believe that once out, the Chrome OS could pose a mighty threat to Windows. Chrome is a “browser and cloud-based” operating system for netbooks and lays emphasis on being fast, simple and secure. The new OS aims at shifting users from traditional operating systems to the cloud computing system. Chrome will not support hard drives, only data, and it will run only web based applications.  Installation of desktop-similar software will not be allowed.

The fact that the Chrome can protect itself well against malware attacks makes it very attractive from the security point of view. If any application on the OS appears to be in danger of being corrupted by viruses, it is designed to reboot itself. A clean version of the operating system is then downloaded. User data will be stored in “Google’s cloud computing service and will be encrypted and synchronized constantly between the netbook and the cloud”.

After yesterday’s glimpses, everyone is now more eagerly awaiting the arrival of the Google Chrome OS. Some experts, however, have been quick to warn that Google should speed its launch; otherwise the excitement might die down.

I’m feeling pretty excited about Google’s Chrome OS – it sounds like it would perform well on a netbook. Coupled with web-based applications and it looks to be the perfect platform for office and school work. No more messy transferring of files through thumbdrives and email.

Come to think about it, it’s probably going to tie in with Google Wave quite well too. Did I mention that I’ve gotten an invite to Google Wave? It’s pretty awesome, but without any friends to test it out with, it’s pretty much underutilised right now…

appulous troll bridge: 36

Yet another change to the Appulo.us troll bridge question.

The current question is: Kyek modified a Greasemonkey plugin to allow you to see if an Appulous IPA link was dead before you clicked it. The original plugin was the ________ Links Checker.

And the answer: Cavern

appulous troll bridge: 35

Here’s the latest update on the Appulo.us troll bridge.

The current question is: You ssh to your phone and decide to rename “Documents” to “Other crap”. Type the command to do it, without using quotes.

And the answer: mv Documents Other\ Crap

appulous troll bridge: 34

Appulo.us troll bridge has been updated again. I’m hoping that they make the move to their new servers soon: Appulous is just full of too many excellent applications for the iPhone and iPod Touch!

The current question:

You’re connected to our IRC server. To join our room,what would you type?
The answer is:
/join #chatulous

appulous troll bridge: 31

For those of you who have jailbroken iPhones and iPod Touches, you’ll probably have heard of Appulo.us, a site that allows you to find thousands of IPA files for your iPhone/iPod Touch. Right now they’re migrating to better servers to make it easier to access, and hence a troll bridge has been implemented to restrict the number of users accessing it.

The current question:

This site made a bad knockoff of Appulous to try to get hits, but ended up getting DDoSed until they took it down. It’s ____________.com
The answer is:
Imodzone

get around with google maps

Full details here: http://www.techgoondu.com/2009/11/19/google-maps-packs-in-the-data-with-lta-and-quantum-inventions/

No wonder 2 days ago when I checked Google Maps on my iPod Touch, I was suddenly able to view traffic information on major roads and also get directions from Point A to Point B not only by car and by foot, but also by public transport. It’s all the result of a tie-up between Google Maps, LTA, and Quantum Inventions to bring this information to users.

Now that Google Maps is finally more useful for the average commuter like me, who has to take public transport, I’d bet I’ll be using it more often in the future to find the shortest way to my destination. For those of you who have an iPod Touch, I recommend that you try out your Maps application as well. With a Wifi connection, you’ll now be able to find the quickest route to your destination using public transportation. For those of you with an iPhone, you can even use your GPRS connection to access Google Maps, making for true portability and the ability to check directions anywhere, anytime.