Ten signs your son might be a hacker January 31, 2009Posted by Matsu in Fun, Humor, Information Technology, Open Source, Security.
This is from an old post that’s been around a while, but I just happened to stumble across it today.
My favorite is sign number eight, which is:
8. Is your son obsessed with “Lunix”?
It is based on a program called “xenix“, which was written by Microsoft for the US government. These programs are used by hackers to break into other people’s computer systems to steal credit card numbers. They may also be used to break into people’s stereos to steal their music, using the “mp3” program.
Torovoltos is a notorious hacker, responsible for writing many hacker programs, such as “telnet”, which is used by hackers to connect to machines on the internet without using a telephone.
You can read all ten signs that your child may be a hacker on this website. They are very funny.
Security tip: Don’t change your password March 7, 2007Posted by Matsu in Information Technology, Security, Software, Technology.
add a comment
If you have used computers for very long, you probably know that it’s a ‘best practice’ to change your passwords every few months. Well, according to this article in the January 2007 edition of Science News magazine, in the future it will be better to keep your old password longer and not changing it will make it more secure. Let me tell you why.
Back in World War II, allied forces learned to identify individual Morse code operators by the way in which they tapped out the dots and dashes. Everyone has a slightly different ‘accent’ and those differences could be discerned after monitoring the radio traffic long enough to get used to it. This ended up helping the allied forces as they could then tell when the enemy operators were moved and then assume that troops were also on the move.
How does this apply to today’s technology? The article talks about ‘digital fingerprints’ and the various ways that a person could be identified by the way in which they type or their writing style and even by their web surfing habits – how they use the mouse, where they click, etc. You should read the article if any of that interests you.
The one technique of monitoring the precise timing of one’s typing style (the pattern of taps and pauses between letters) is what could be used, in combination with knowing the password, to strengthen security in the future. That way, even if someone guessed your password, unless they typed it exactly the way you type, they would not be able to gain access to your account. And, the longer you use the same password, the better the computer would be able to recognize you because it would have more sample data to compare it against. In that situation, changing your password would mean that the computer would have to learn all over again the various ways you type that word or phrase and it would not be as secure as the password you used for six months or a whole year. Therefore, not changing your password increases security.
Finally, I should say that unless you are using this new technology (one such product can be found here), you should change your password at least a couple of times a year, if not more often.
add a comment
Since February 15, 2005 there has been incident after incident where personal data has been compromised or lost and exposed to potential identity theft. The entire list of incidents, which is growing far too quickly, can be found here.
For now, the last entry in that list is the VA data incident that happended on May 22, 2006.
"The Department of Veterans Affairs (VA) has recently learned that an employee, a data analyst, took home electronic data from the VA, which he was not authorized to do. This behavior was in violation of our policies. This data contained identifying information including names, social security numbers, and dates of birth for up to 26.5 million veterans and some spouses, as well as some disability ratings. Importantly, the affected data did not include any of VA's electronic health records nor any financial information. The employee's home was burglarized and this data was stolen. The employee has been placed on administrative leave pending the outcome of an investigation. "
The latest incident, the loss of Veterans Affairs Administration records for more than 26 million veterans, was reported yesterday. Details on that incident can be found here.
What’s your pandemic disaster plan? May 23, 2006Posted by Matsu in Information Technology, Management, News and politics, Random, Security, Technology.
Last Wednesday and Thursday I attended statewide meetings with other I.T. managers from across Kentucky. The first meeting was for people serving on a disaster recovery/business continuity (DR/BC) committee for higher education. The second day was a day-long meeting that included some discussion and planning for DR/BC.
After the usual and more common disasters were brought up, like power outages, fire, tornados, floods, and earthquakes, someone mentioned the “P” word: Pandemic. This was the first time that someone suggested a pandemic could really happen or that we should make a plan for dealing with a pandemic as a real threat. But, what does that really mean? What can you expect in a pandemic and what is the likelihood of it happening?
Good questions, all. I recommend going to this web site to answer some or most of those questions. It not only answers those questions, it also provides many check lists for how to prepare for it so your home, business, or organization can continue and even survive a pandemic. If you want to hear about it first hand, there is a workshop coming up in Chicago that specifically addresses disaster recovery and business continuity in the event of a pandemic.
Tomorrow, I will post what one Kentucky CFO said he would do if a pandemic broke out and it impacted their business. It’s not so much a business continuity plan as it is a personal disaster plan. In fact, I’ve come to know it as “An Old Fashioned Kentucky Disaster Recovery Plan.” I’ll post a picture of the plan, which will be better than writing about it. Check back tomorrow to see what I mean.
Welcome to Wonderland, Alice.
This morning Cory Doctorow posted this message on boing boing about how people who discover security flaws and make it public knowledge are getting arrested for breaking federal laws governing information technology and privacy. Here's some of what he had to say:
Why it's dumb to bust people for pointing out security flaws
Jennifer Granick's column in today's Wired News, "Spot a Bug, Go to Jail" covers the insane trend to suing and punishing whistle-blowers who report on security vulnerabilities.
It's a truism among security practitioners that there is no security in obscurity — in other words, that a system is made less secure if you keep its workings and failings secret.
It's only by the disclosure of failings that systems can be improved, and this disclosure also lets users of security systems make good decisions about whether a given system is adequate. If your bike lock can be picked with a ball-point pen, don't you want to know that?
First of all, did you know you could pick a bike lock with a ball-point pen? Now, that's amazing and amusing.
Secondly, how do you think IT professionals should respond when they accidentally discover system or network vulnerabilities? Should they just ignore them and tell nobody about it? Or, should they tell the organization that is responsible for securing the system or network? Or, should they go public with what they discovered and tell others exactly how the system or network vulnerability works and how it can be exploited?
I am not sure that we (as a society) should be prosecuting those people who discover and make public what they know about a security hole in either systems or networks. Now, if they act maliciously or exploit the vulnerability for some personal gain, then they should be prosecuted. But, if they are just trying to call attention to a problem so that some real damage can be avoided, then they should not be punished.
What do you think?