John Pozadzides, Internet standards expert, CEO of web company iFusion Labs, and blogger recently published an article titled “How I’d Hack Your Weak Passwords.” What he revealed is striking, to say the least.

We all know that the longer the password, the better. Combining letters and numbers is even better. Using a mixture of lowercase letters and capital letters is another way to strengthen your password. We KNOW all these things. But, did you know just how much of a difference using ONE capital letter in your password can make? Check out this table below. It shows the time an average computer will need to figure out the password for an account using certain programs (which, by the way, can be found FREE online!).

With this in mind, I wouldn’t be surprised if you start changing your passwords now. I suggest that you read the full article as it provides more specific information on how to make your passwords stronger. Passwords are your first (and oftentimes last) line of defense, and yet sometimes, they are taken for granted.

According to Credant Technologies, some users are unwittingly advertising the location of their laptop to anyone with a cheap off-the-shelf handheld wireless signal detector.

Apparently one of the global hotspots for this kind of theft is Jamaica, but the crime could easily be committed anywhere else.

Something I wasn’t aware of (and is rather worrying in its own right) is that some notebook PCs can stay awake for up to 30 minutes even after the lid is shut. Quite why this is necessary (unless it’s deliberately set by the user) is a little unclear.

Anyway, the message is clear: turn your Wi-Fi off when you’re not using your laptop to reduce the risk of thieves locating and stealing it.

It shows weak, fair, good, strong and “unbreakable” passwords, as might be created by teenagers, douches (you work that one out), geeks, nature lovers, professionals, and “normal” people.

Who’s normal?

Interesting that ‘g01111001110011101100e’ — of which the central zeroes and one form five-digit binary groups each referring to a letter position in the alphabet, and actually form the password ‘goggle’ (not ‘google’, ha-ha) — is deemed “unbreakable”. I doubt it is, but I wonder how many geeks would choose a password along these lines? Not strong enough for my liking, but it’s way better than “rockstar” and “iloveu”.

What we don’t have on here are the expletive-laden passwords that I know for a fact many people often use.

Via

However, I am wondering if the fact is that the collection of its users are just more careless / stupid.

Security firm Sophos reckons there has been a 70% rise in attacks on social network sites, while nearly three out of four companies think workers’ behaviour online puts their business at risk.

Three out of five users say they have been spammed via social networking sites, while one in three says they’ve been sent malware: both up around 70% on last year.

Worrying statistics, or proof that the increasing popularity of social networks with the less computer-literate is the reason they seem less secure?

Given that many novice computer users don’t know what firewalls and anti-virus software are, far less actually use them or practice personal safety online, it’s hardly surprising that threats seem to have increased.

It’s true that social network spam is particularly insipid, because it purports to come from someone you know. Perhaps that’s a good reason to only befriend people you trust — I know the Facebook spam I receive would never have genuinely come from those whose accounts have been compromised because it’s not in their character to try to sell me Viagra. Really.

Should social networks be doing more to educate users on what are real threats and what are fake? The recent “unnamed app” scare, for example, has in fact been hijacked by criminals, preying on those worried about their online security.

Maybe people shouldn’t be allowed to go online without knowing at least the basics of Internet safety. Yeah, OK, that’s never going to happen, but it’s a thought.

What do you think?

Security firm Sophos has reacted negatively to the news, suggesting that it glamorises the writing of potentially malicious code (despite the fact that this worm, in particular, wasn’t malicious) and arguing that there are probably more talented, law-abiding coders who could have been given the job.

There are a number of issues here. Firstly, anyone who jailbreaks their iPhone is opening themselves up to a greater risk of malware and other undesired software, particularly if they don’t bother to do basic housekeeping tasks such as changing default passwords.

Secondly, many organisations already hire hackers, because (whatever you think of them) there’s no denying they have talents that perhaps standard programmers and security staff don’t have.

Towns may not be the most proficient programmer, but is it really surprising that he’s been hired? It’s all publicity for the developer, too.

It may well thwart the casual thief who, unable to simply plug it in to a spare USB port and peruse your precious porn stash data like it were a thumb drive, but anyone who really wants to get at your data probably isn’t going to have much trouble.

Adam left a comment on the original blog post, suggesting that the way the drive is constructed makes it highly likely that the AES key is stored on a non-volatile memory chip on the circuit board.

This could well be desoldered and read in order to discover the code and hence grab the data.

Everyday consumers may well be lulled into a false sense of security, while geeks with other geeks for friends (or, indeed, enemies) will probably steer well clear of the device in the first place.

Adam also maintains that most people won’t be able to remember an 18-digit numerical code (apart from Pi, perhaps, which could well be the geeky version of using “1234” as a PIN), though the unit does include the alpha equivalents (much like a phone keypad) so you could spell out a word or phrase instead.

I think true physical security of external hard drives is more important. The Data Locker drive, which comes in 160GB, 320GB and 500GB capacities, does have a self-destruct mode if it detects a brute-force attack — however that pretty much means you’ll need another hard drive to back this one up, in case your data is destroyed by meddlesome fingers.

If you want one you can get it here.

“While you’re visiting, there is something you need to know to survive in Netropolis. There are no police here; no Emergency Services. You are alone in this city of darkness and light, alone and vulnerable.

That is why we built Norton HQ – a beacon of security against the dangers lurking around every corner. A place you can trust when you come to Netropolis, a place where someone will watch over you.”

Maybe I’m wrong, but I get the feeling that, in general, those for whom comics in this genre will appeal already know about computer security, and as likely aren’t using Norton products.

What do you think? Take a look at some pics of Norton’s “we’re trying so hard not to be corporate” comic:

1) Prevent theft of your laptop
2) Protect your information
3) Recover lost & stolen equipment
4) Protection 24/7 online and off
5) New TALKING help feature!
6) Google map / track feature

While all of those things are very important, I find myself being hooked on a series of images in my head…My laptop gets stolen. I report it. The thief can’t wait to try using it. He goes to the nearest free WiFi hotspot, turns the laptop on, and suddenly, this booming voice (Aslan’s voice in The Chronicles of Narnia) is heard. I haven’t come up with the perfect “You’re a thief, return my laptop” line yet but can you just imagine how hilarious it would be to actually witness something like this happening?

Joking aside, this kind of security measure is something that I think will become more widespread in the very near future. You can actually try out the Retriever for free for 90 days.

The Digital Door Viewer ? (US$399) is heaven sent… specially for the sight-challenged elderly. This is an electronic video system designed to replace common door viewers and peephole viewing tubes. The Digital Door Viewer delivers on-demand, high quality images, and is totally integrated and self-contained.

Runs on 8 AA sized batteries and is completely self-contained, doesn’t require any wires or “special connections” at all. It’s easily installed as the standard peephole as all the tools you need would be a powerdrill, a sander and possibly a light hammer too. If you think it’s an eyesore outside, you’d be glad to know that it is JUST the size of a regular peephole too. Yup… the world outside thinks it’s a regular peephole while you enjoy its digital glory.

The LCD panel mounted on the inside of the door has a 5-3/5″ viewing area in an 8-1/2″W x 5-1/2″H frame. On the outside, the camera is mounted in a flat circular housing with just a 3/4″ diameter. And it can fit any regular/standard doors.

So you might be wondering who would be so mad that he would be willing to give that much money away…take a guess?  You probably didn’t have to think much.  Who else would be so affected by a worm?  The software giant, Microsoft, has always been prone to attacks from such malware and sees the Conficker as a “criminal attack.”  According to George Stathakopulos of the company’s Trustworthy Computing Group, “people who write this malware have to be held accountable.”  Hence the reward for whoever could find the person behind the worm.

I doubt that you have not heard of the worm before but for the benefit of those who might not have, Conficker takes advantage of computers which are not updated with regard to Windows security patches.  It is a self-replicating program and can infect computers via the Internet or those innocent looking USB sticks you use on a daily basis.  And once the worm has found its way to your hard drive, it is quite hard to remove as it immediately finds ways to burrow a hole and set up defences to keep itself safe.  Once set up, the worm can be used to steal data, among other things.

Now back to the reward.  Do you think that they will ever catch the perps this time?  Remember, they still have rewards up in the air for the creators of three other worms – Blaster, MyDoom and Sobig.