Quotulatiousness

October 10, 2009

Passwords and the average user

Filed under: Humour, Technology — Tags: , , , , — Nicholas @ 11:22

In this day of widely publicized panic about online security, it’s time we revisited the basics of password security. I’m sure that none of you reading this would ever have a less-than-ironclad routine for all your online activities:

  1. Never ever use the same password on multiple sites. Once they’ve grabbed for login for the MyLittlePony site, they’re into your bank account . . . or worse, your MyLittlePonyDoesDallas account.
  2. Always use the maximum number of characters allowed . . . I know it’s a pain when a site allows 1024 characters, but your online security is paramount. I believe most health insurance now covers carpal tunnel treatment, so you’re golden.
  3. Never include any word — in any human language — embedded within your password: this includes all the words in the Scrabble® dictionary for every known language. Can’t assume that the black hats speak English, y’know.
  4. Always use both capital and lower-case letters and include at least a single digit and a non-letter character in every password.
  5. Note: Don’t try to be clever and use 1337speak. The folks trying to crack your password all post on 4chan: you’re giving them a head-start. They dream in 1337.

  6. Change your password regularly. Daily, if necessary. Even hourly if you share a computer with others.
  7. Never, ever write your password down. That’s the first thing they’ll look for when they break down your door and trash your crib.
  8. Never, ever re-use a password. Don’t pretend you haven’t done this one. We all used to do it, until site admins started checking that you hadn’t re-used an old password.

Of course, even the professionals don’t do all of this. Some of ’em don’t do any of it. Do like the pros do: set all your passwords to “passw0rd”. Nobody ever guesses that.

For actual password advice that might be helpful, you can try this post on the Gmail Blog.

August 6, 2009

Twitter under DOS attack

Filed under: Americas, Technology — Tags: , , , , — Nicholas @ 13:58

Twitter users have been unable to access the site for most of Thursday morning, due to a Denial-of-Service (DOS) attack:

The extended silence in a normally noisy Twitterworld began around 9 a.m. Twitter later posted a note to its status update page saying the site had been slowed to a standstill by an attack.

In a denial-of-service attack, hackers typically direct a “botnet,” often made up of thousands of malware-infected home PCs, toward a target site in an effort to flood it with junk traffic. With the site overwhelmed, legitimate visitors cannot access the service.

“On this otherwise happy Thursday morning, Twitter is the target of a denial-of-service attack. Attacks such as this are malicious efforts orchestrated to disrupt and make unavailable services such as online banks, credit card payment gateways, and in this case, Twitter for intended customers or users,” co-founder Biz Stone said in a blog post. “We are defending against this attack now and will continue to update our status blog as we continue to defend and later investigate.”

Update: Service is back, intermittantly. More background on the attack here.

July 30, 2009

Latest threat to world civilization

Filed under: Technology — Tags: , , — Nicholas @ 07:25

OMG! Everybody panic!

It’s bad enough that the iPhone can, according to Apple itself, be used to crash cell towers, but apparently they can be very easily hijacked, too:

If you receive a text message on your iPhone any time after Thursday afternoon containing only a single square character, Charlie Miller would suggest you turn the device off. Quickly.

That small cipher will likely be your only warning that someone has taken advantage of a bug that Miller and his fellow cybersecurity researcher Collin Mulliner plan to publicize Thursday at the Black Hat cybersecurity conference in Las Vegas. Using a flaw they’ve found in the iPhone’s handling of text messages, the researchers say they’ll demonstrate how to send a series of mostly invisible SMS bursts that can give a hacker complete power over any of the smart phone’s functions. That includes dialing the phone, visiting Web sites, turning on the device’s camera and microphone and, most importantly, sending more text messages to further propagate a mass-gadget hijacking.

The researchers say they’ve notified Apple about the vulnerability, but that Apple had not provided a fix.

Everybody sing: “It’s the end of the world as we know it, it’s the end of the world as we know it . . .”

Update, 31 July: Apple has announced that it will be releasing a fix to this problem on August 1st.

Update, the second, 31 July: The folks on the Apple-iPhone mailing list say the fix has escaped and is now available through iTunes. I’ll be downloading the update as soon as I get home . . .

« Newer Posts

Powered by WordPress