Archive for the ‘Passwords & Human Factor’ category

Note to PGP legal dept: I’m not going to put the ® sign every time when I mention PGP. I’m just tired; we already did that in our press release and on our web site, and I think it’s enough. No, really? Well, I’ll repeat one more time: all names like PGP are trademarks or registered trademarks of their respective owners in the UK, USA, Russia and probably somewhere else  e.g. in Albania. There are too many countries to mention, sorry :). Why should I care about (R)? Keep reading, and you’ll see the reason.

We never thought that our participation would bring such kind of trouble (or at least a disappointment).

Last week a colleague of mine, Andrey Belenko, gave a speech at the Troopers conference in Munich. Olga wrote about it in this blog. All the talks at Troopers were awesome. Soon the videos and slide shows will be available for downloading on Troopers website.

 

The key findings of the survey of the 35860 wireless networks (in 12 Indian cities) are:

No, it’s no a typo :). COFEE means Computer Online Forensic Evidence Extractor, actually. Never heard about it? Then read Microsoft supplies Interpol with DIY forensics tool. Just don’t ask where to get it. We have not seen it either.

According to CNET News, Office 14 technical preview will be available in Q3, and release version in the first half of 2010; Office 2010 will come in both 32-bit and 64-bit versions.

Strong passwords are mutated passwords. Everyone who publishes recommendations on creating secure password says that you have to use both upper- and lower-case letters and inject some tricky special characters. Such recommendations may result in p@$$words and pAsswOrds, and p_a_s_s_w_o_r_d_s. The fact is that modern password recovery software uses dictionary attack to get one’s password back. Dictionary attack means searching lists of dictionary words and common phrases that can be found on the Internet or delivered with the software. It is easy to grab that dictionary words and word phrases make bad passwords, but one has to understand that adding special characters to these words and phrases does’t do them any good. Such password can be easily cracked when smart mutations option is on. 

Windows Passwords

April 15th, 2009 by Vladimir Katalov

Need more information on passwords in Active Directory environment — password policies, default settings, fine-graining? Then read Windows Passwords: Making them Secure article at WindowsSecurity.com. But we can also recommend using Proactive Password Auditor on a regular basis, to see how secure your passwords really are.

Michael Kassner placed an article about Surveillance Self-Defense in the TechRepublic, where he gives brief outline of the SSD website. Though some can endlessly brood over the grounds for the project foundation, for me one is clear that this site can be very much helpful to put all principal computer security guidelines together and close the gaps in your own security.
(more…)