- Private emails should always be encrypted
- Password Recovery Speeds
- Trojan Horses
- Why do I need security?
- How to change your Windows 98 password
- Password FAQ
- Setting a BIOS Password
- Physical Security
- Guidelines for choosing a good password
- Security News
- Site Information
- Software Vulnerabilities
John C. Dvorak wonders why anyone would want to use Microsoft
Microsoft, despite denials, appears to be in bed with the NSA. Apparently all encryption and other methods to keep documents and discussions private are bypassed and accessible by the NSA and whomever it is working with.
With that said, do you really want to buy a Microsoft product? Do you want to buy anything that gives easy access to snoops poking around at their leisure?
Dan Goodin at Ars Technica has a helpful article about keeping your passwords safe:
“I recently checked in with five security experts to learn about their approach to choosing and storing crack-resistant passwords. They include renowned cryptographer Bruce Schneier, who is a “security futurologist” at BT and recently joined the Electronic Frontier Foundation’s board of directors; Adriel T. Desautels, CEO of Netragard, a firm that gets paid to hack large companies and then tell them how it was done; Jeremiah Grossman, founder and CTO of WhiteHat Security; Jeffrey Goldberg, “defender against the dark arts” at AgileBits, a company that develops the popular 1Password password manager; and Jeremi Gosney, a password security expert at Stricture Consulting.”
These are extra steps everyone should take at least once a year, or during situations where an account may be compromised:
“Regardless of whatever safeguards may have been implemented to safeguard your personal information, it’s a question of when — not if — said data will end up being corrupted or lost.”
Bruce Schneier has posted some interesting thoughts (well, everything he posts is interesting, but this is especially so to me) about passwords and their role.
“[...]As computers have become faster, the guessers have got better, sometimes being able to test hundreds of thousands of passwords per second.[...]“
“[...]My advice is to take a sentence and turn it into a password. Something like “This little piggy went to market” might become “tlpWENT2m”. That nine-character password won’t be in anyone’s dictionary. Of course, don’t use this one, because I’ve written about it. Choose your own sentence – something personal.[...]“
In a report released Saturday, London-based Privacy International assigned Google its lowest possible grade. The category is reserved for companies with “comprehensive consumer surveillance and entrenched hostility to privacy.”
“After a week of extensive testing, the CRN Test Center found that users of Windows Vista and Windows XP are equally at risk to viruses and exploits and that overall Vista brings only marginal security advantages over XP.”
From ars technica:
“…songs sold without DRM still have a user’s full name and account e-mail embedded in them, which means that dropping that new DRM-free song on your favorite P2P network could come back to bite you.”
Ever find yourself with too many passwords to remember and no idea where to keep them so that only you can find the password list? Creating a password.txt file in your root directory is out of the question, as is a password-protected OpenOffice.org file. A piece of paper hidden somewhere is not a good idea, because after you forget where did you put it, someone else will find it and abuse it. Instead of these approaches, consider using steganography, a method for hiding sensitive information inside some other object, typically a JPEG picture or a sound file.
“If whatever we do can be held against us years later, if all our impulsive comments are preserved, they can easily be combined into a composite picture of ourselves,” he writes in the paper. “Afraid how our words and actions may be perceived years later and taken out of context, the lack of forgetting may prompt us to speak less freely and openly.”