In this entry I’d like to suggest a kind of a list of various legal decisions on password [ab]use I could find on the web. Your add-ins are welcome, just put in any other acts you know…

Time for shoulder surfing is gone, today we have more sophisticated ways to track what you are typing on your keyboard. A series of appearing keyboard attacks yet again prove its incapability of keeping secretes. Let’s see what we have…

The Register reports VAServ.com has been attacked and now more than 100.000 websites have gone forever because of company’s poor password policy. The attackers are unknown and Rus Foster, (former?) VAServ.com director claims that anonymous messages indicated nonexistent passwords. I wouldn’t like to sound sarcastic but their description at AboutUs.org reads quite funny now, what do you think? 

Securing home Wi-Fi remains uncertain when it comes to law. Some urge users are not liable when they use default security settings and it is manufacturer who is guilty when/if wireless network was ‘successfully’ abused. Others put whole responsibility on users. This is practically a question to law and usually its resolution depends on lawyers’ skills to gather and manipulate the details. Your security encompasses not only security against the law when you happen to fall a victim to an intruder, but also protection against that very intruder. In the long run, it’s up to you whether to endeavor to prove your innocence or take measures to build a reliable fence.

 Jerry Fishenden, Microsoft National Technology Officer in the UK leaves his post to work on his own. He intends to elaborate “a guidebook for politicians and policymakers about what does and doesn’t work in terms of delivering an effective technology policy”. 

ElcomSoft is launching a survey intended to collect more information on how people handle their passwords, which remain a major way for user authentication. Whether you are ElcomSoft customer or haven’t seriously thought about password security, we hope you will answer our questions.

Want to get an overall picture of all potential threats to your unprotected pc and how it can be used when hacked? Have a look at the vivid graph drafted by Brian Krebs. It’s not only credit cards and passwords… Hey, Brian says this monstrous list not complete, I wonder if you have something to add? 

About a month ago annual Eurocrypt conference took place in Cologne, Germany. This is rather academic event (as most if not all events held by IACR) so it is not always easy to read its proceedings filled with formulas and theorems. Nonetheless there are usually couple of very interesting works presented at each such event. Let me tell you a little bit about this year’s highlights.

 Today’s technologies allow staying online practically 24 hrs a day, periodically falling into a sleeping mode. The Internet became easily accessible and numerous devices can connect us to the web from everywhere, and every time when we surf the web we are being registered, at least via IP address of our devices.