| A-B-C, It’s Easy As 1-2-3 |
|
When it comes to online security, we’re just not very creative. Here are the 5 most popular passwords you, me and our fellow Web surfers employ, according to an analysis by security firm Imperva (love the name!) of 32 million login credentials stolen from social networking site RockYou.
(Number 10 on the list is abc123, hence the title of this post. And now you have the Jackson 5 running through your head, right? You can thank me later.) Anyway, you can’t say these passwords are very tricksy. It’s easy to take down a whole company if only one employee uses a weak password. (I’m looking at you, Twitter!) Imperva quantifies it for us: “[T]he combination of poor passwords and automated attacks means that in just 110 attempts, a hacker will typically gain access to one new account on every second or a mere 17 minutes to break into 1000 accounts.” So is the takeaway this: humans are lazy and stupid? Not really, according to the NY Times, which quotes Jeff Moss, a member of the Homeland Security Advisory Council: “Nowadays, we have to keep probably 10 times as many passwords in our head as we did 10 years ago. Voice mail passwords, A.T.M. PINs and Internet passwords — it’s so hard to keep track of.” So how should you cope with password overload? Imperva gives us 3 suggestions:
I’ve got some tips for how to create a strong password. And may I recommend using a password manager such as KeePass? It installs on your USB drive, stores all your passwords in an encrypted database, and even auto-types them for you. All you have to remember is the master password for the database. I go over these topics and more in our Internet Ethics CLE class. Cue the ending music: … as simple as do-re-mi [not in the top 20] |
|
|
Submitted by: Dan Giancaterino, Education Services Manager
|
Comments (2)January 15, 2010
| China Hack Was “Highly Sophisticated” |
|
Wired reports that the intrusion of Google (and others) by Chinese hackers exploited a previously-undiscovered flaw in (what else?) Internet Explorer versions 6 through 8. Microsoft has issued an advisory; here’s their take on the matter: “At this time, we are aware of limited, active attacks attempting to use this vulnerability against Internet Explorer 6. We have not seen attacks against other affected versions of Internet Explorer. We will continue to monitor the threat environment and update this advisory if this situation changes. On completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs.” Or, as Wired puts it: “There is no existing patch for the memory-corruption flaw that causes the browser to internally misfire in a way that allows the hacker to inject malware onto the user’s computer.” I have a suggestion: drive a stake through Jason Voorhees’ heart and switch to Google Chrome. (Eight months later, my Chrome-only netbook is still virus-free.) Do it now. Seriously. Or use Firefox, if you prefer. Anything but IE. According to another Wired article, the hackers who exploited that there hole provided by Microsoft weren’t yer typical script kiddies: “According to [Dmitri] Alperovitch, [a researcher at McAfee anti-virus], the attackers used nearly a dozen pieces of malware and several levels of encryption to burrow deeply into the bowels of company networks and obscure their activity. ‘The encryption was highly successful in obfuscating the attack and avoiding common detection methods,’ he said. ‘We haven’t seen encryption at this level. It was highly sophisticated.’” |
|
|
Submitted by: Dan Giancaterino, Education Services Manager
|
January 14, 2010
| Google Docs Will Now Take Anything You Throw At It |
|
In a few weeks, you’ll be able to upload any type of file onto Google Docs: “Instead of emailing files to yourself, which is particularly difficult with large files, you can upload to Google Docs any file up to 250 MB. You’ll have 1 GB of free storage for files you don’t convert into one of the Google Docs formats (i.e. Google documents, spreadsheets, and presentations), and if you need more space, you can buy additional storage for $0.25 per GB per year. This makes it easy to backup more of your key files online, from large graphics and raw photos to unedited home videos taken on your smartphone. You might even be able to replace the USB drive you reserved for those files that are too big to send over email.” Those of you who read Douglas Rushkoff’s comments in my “Google Calls Out China” post will realize what a double-edged sword this really is. |
|
|
Submitted by: Dan Giancaterino, Education Services Manager
|
December 31, 2009
| Be Honest: You’re Still Eating the Peanut Butter From Your Y2K Stash, Right? |
|
And drinking the leftover bottled water. And we will not speak of the shotgun you got as a looter-deterrent. Anyway, both Wired and the NY Times have a look back at the Armageddon that never materialized 10 years ago. And for your listening pleasure … (Still can’t get the lyrics right, even after all this time.) |
|
|
Submitted by: Dan Giancaterino, Education Services Manager
|
December 28, 2009
| Flying’s Becoming More and More Like Riding the El [UPDATED] |
|
Thanks to a moronic terrorist wannabe, The TSA has enacted more fun rules and regs for your comfort and protection on international flights: “Passengers flying into the United States from abroad can expect to see additional security measures at international airports such as increased gate screening including pat-downs and bag searches. During flight, passengers will be asked to follow flight crew instructions, such as stowing personal items, turning off electronic equipment and remaining seated during certain portions of the flight.” The NY Times translates that for us: “The airlines said the new T.S.A. measures required an additional round of searches, including body pat-downs at airport gates overseas. International travelers were also told that they could not leave their seats for the last hour of a flight, during which time they also could not use a pillow or blanket. They were also limited to one piece of carry-on baggage, including a purse or briefcase, and that piece had to be stowed in an overhead compartment for the last hour of a flight. Airlines were ordered to turn off in-flight entertainment systems with maps showing a plane’s location, and pilots and flight crews were told not to make comments about cities or landmarks below the flight path.” Gizmodo also reports on how some passengers were required to turn off and stow electronic devices, including iPods. I figure after 20+ years of riding the El — being crammed into an aluminum tube with no space and no rest rooms, receiving a pat-down from my fellow passengers (Hey … where’s my wallet?!) and getting no information about why the car has unexpectedly stopped in the middle of the tunnel — these new airline security regs are like second nature to me. UPDATE, 1:55 pm - Xeni Jardin of BoingBoing wonders if the new regs are the end of in-flight wifi. |
|
|
Submitted by: Dan Giancaterino, Education Services Manager
|
December 21, 2009
| Yo, Twitter! Get Your Password Act Together. |
|
Last Friday visitors attempting to connect to Twitter were instead greeted by this page from the Iranian Cyber Army containing the Farsi equivalent of All your base are belong to us. What happened? According to Computerworld, someone got ahold of the Twitter email address used to communicate with the company that managed Twitter’s Domain Name Servers. Once they controlled the account, they changed the DNS records for Twitter so that they connected to a different IP address, the one operated by the Iranian Cyber Army. This is the second password oopsie for Twitter this year. You may remember back in the summer someone compromised a Twitter staffer’s email account and managed to abscond with a bunch of confidential company documents. Those docs eventually made it onto the Web. Time to grow up, Twitter. Otherwise nobody’s going to take you seriously. |
|
|
Submitted by: Dan Giancaterino, Education Services Manager
|
December 15, 2009
| More On Facebook And Your Privacy |
|
Last week Facebook enacted changes to the privacy controls on the site. Needless to say, they were not universally well-received: “As an online marketer, I know that Facebook is a thriving, important venue. So I kind of have to keep an account. But I’m also giving up in some ways. This isn’t the place I’m planning to social network, because I just can’t expend the time to decide what I might be sharing, might not be sharing, what my friends might share, what friends of friends might share and then recheck all those settings every six months when Facebook does something different.” Thank you, Danny, for that. It has instantly become my favorite Facebook sound bite. To their credit and, as in the past, Facebook responded to some of the criticism. Now you can hide your friend list: “In response to your feedback, we’ve improved the Friend List visibility option described below. Now when you uncheck the ‘Show my friends on my profile’ option in the Friends box on your profile, your Friend List won’t appear on your profile regardless of whether people are viewing it while logged into Facebook or logged out. This information is still publicly available, however, and can be accessed by applications.” Got that? Good. But in case you want more advice, the NY Times has a how-to for the new Facebook privacy settings. |
|
|
Submitted by: Dan Giancaterino, Education Services Manager
|
| Why, Oh Why? |
|
“Blippy is a fun and easy way to see and discuss the things people are buying. Automatically share your favorite purchases from iTunes, Amazon, Zappos, Visa, MasterCard, and more.” That is from the homepage of Blippy, which just launched as an invite-only beta service. My only comment/question is “Why?” Why would you willingly participate in something like this? This is simply a repackaged version of Facebook’s Beacon. And we all know how that turned out. Enough with the self-absorption. Link via TechCrunch. |
|
|
Submitted by: Dan Giancaterino, Education Services Manager
|
December 10, 2009
| Making Sense of the New Facebook Privacy Controls |
|
As promised, Facebook implemented its new privacy controls yesterday. I know they’re supposed to be simpler, but imho they’re just as confusing. I still feel like I’m missing something. Oh, well … Anyhoo, the Electronic Frontier Foundation has an excellent commentary on the changes: “Being a free speech organization, EFF is supportive of internet users who consciously choose to share more on Facebook after weighing the privacy risks; more online speech is a good thing. But to ensure that users don’t accidentally share more than they intend to, we do not recommend Facebook’s ‘recommended’ settings. Facebook will justify the new push for more sharing with everyone by pointing to the new per-post privacy options — if you don’t want to share a particular piece of content with everyone, Facebook will argue, then just set the privacy level for that piece of content to something else. But we think the much safer option is to do the reverse: set your general privacy default to a more restrictive level, like ‘Only Friends,’ and then set the per-post privacy to ‘Everyone’ for those particular things that you’re sure you want to share with the world.” I’m not comfortable with the new concept of “publicly available information” that Facebook says I cannot block. This bothers the EFF as well: “The creation of this new category of “publicly available information” is made all the more ugly by Facebook’s failure to properly disclose it until today — the very day it is forcing the new change on users — when it added a new bullet point at the top of its privacy policy specifying this new category of public information that will not have any privacy settings. The previous versions of the policy, however, either didn’t disclose this fact at all, or buried it deep in the text surrounded by broad assurances of privacy.” Here’s the bullet point to which the EFF refers: “Certain categories of information such as your name, profile photo, list of friends and pages you are a fan of, gender, geographic region, and networks you belong to are considered publicly available to everyone, including Facebook-enhanced applications, and therefore do not have privacy settings. You can, however, limit the ability of others to find this information through search using your search privacy settings.” I’ve never liked Facebook. I know Google collects just as much personal data from me — maybe more. At least with Google it’s a quid pro quo. They give me something I value — information — in return for my data. Facebook gives me nothing I care about — hey, if I want to know that you just came in from walking the dog, I’ll call you — in return for personal data that they’re soooo hot to monetize. |
|
|
Submitted by: Dan Giancaterino, Education Services Manager
|
December 3, 2009
| Tiger’s Not the Only One Whose Cell Phone Has Betrayed Him |
|
Could be you, too. Wired reports that law enforcement agencies made 8 million customer location requests over a 13-month period. Though Sprint says that number is grossly inflated, the article quotes comments by Paul Taylor, manager of Sprint’s Electronic Surveillance Team, at a surveillance industry meeting: “‘We turned it on (the web interface) for law enforcement about one year ago last month, and we just passed 8 million requests,’ Taylor is heard saying. ‘So there is no way on earth my team could have handled 8 million requests from law enforcement, just for GPS alone. So the tool has just really caught on fire with law enforcement. They also love that it is extremely inexpensive to operate and easy.’” Don’t blame me if you get a 3-iron to the head. I warned you. |
|
|
Submitted by: Dan Giancaterino, Education Services Manager
|
RSS