If you invited me to try and crack your password, you know the one that you use over and over for like every web page you visit, how many guesses would it take before I got it?

Let’s see… here is my top 10 list. I can obtain most of this information much easier than you think, then I might just be able to get into your e-mail, computer, or online banking. After all, if I get into one I’ll probably get into all of them.

1. Your partner, child, or pet’s name, possibly followed by a 0 or 1 (because they’re always making you use a number, aren’t they?)
2. The last 4 digits of your social security number.
3. 123 or 1234 or 123456.
4. “password”
5. Your city, or college, football team name.
6. Date of birth - yours, your partner’s or your child’s.
7. “god”
8. “letmein”
9. “money”
10. “love”

Statistically speaking that should probably cover about 20% of you. But don’t worry. If I didn’t get it yet it will probably only take a few more minutes before I do…
Read the rest of this entry »

In the recent past I’ve done a lot of harping on the security woes of financial institutions (see here, here, and here) so when I saw this announcement I was both extremely happy and a little disappointed at the same time.

PayPal is about to issue SecureID cards to all business clients in order to provide further account security. Now this is what I’m always talking about when I speak of defense in depth! PayPal will combine layers of security, in this case something I have (SecureID password generator), with something I know (my username/password combo) to ensure it’s actually me accessing the site.
Read the rest of this entry »

There are a lot of people that have migrated to alternative Web browsers such as Firefox and Opera; the problem is, for most people, it’s been impossible to fully abandon IE because it’s the only option they have to get Windows Updates.

But, if you really despise IE and wish you never had to open it again (or if it just isn’t working), have I got news for you… Using either Opera or Firefox you can head over to WindizUpdate and get your system updated from a source other than Microsoft.
Read the rest of this entry »

Here’s a question I received from a reader:

Can you recommend a good hard drive sweeper? I need to clean up my PC at work… been surfing the net a little too much.

Well yes. Yes I can…
Read the rest of this entry »

According to the Epoch Times, in five years, the U.S. government will cease to use SHA-1 (Secure Hash Algorithm) and convert to a new and more advanced “hash” algorithm, according to the article “Security Cracked!” from New Scientist.

The reason for this change is that associate professor Wang Xiaoyun of Beijing’s Tsinghua University and Shandong University of Technology, and her associates, have already cracked SHA-1. This marks the fifth straight encryption method that Xiaoyun’s team has broken (SHA-1, MD5, HAVAL-128, MD4, and RIPEMD).

What does this mean for the rest of us?
Read the rest of this entry »

Imagine a knock on the door after you have been on the Internet, blogging, and the next moment you are under arrest. Amnesty International launched a campaign in defence of Internet bloggers in many countries - including China, Tunisia and Iran who have been arrested for expressing views which have upset their governments.

But how have they been tracked down? It turns out that they have been turned in by major Internet providers such as Yahoo and Microsoft, who have supplied foreign governments with the information they need to pursue them.
Read the rest of this entry »

Smith Barney recently began forcing it’s clients to change their Web login in what is claimed to be a “security enhancement” maneuver. This applies to every client in the US that has a joint account (ie- married couples).

They are forcing this change in conjunction with the requirement of adding challenge questions and answers to each account, but they don’t list the reason for inconveniencing what must be hundreds of thousands, or millions, of clients. In fact, they claim:

Today Smith Barney’s nearly 12,400 Financial Consultants serve more than 7.5 million client accounts representing nearly $900 billion in client assets.

Read the rest of this entry »

I don’t know why Citi doesn’t make a bigger deal about publicizing this feature of their credit cards, but they actually have an excellent security option which helps protect customers making online purchases. They mention it only in one paragraph here.

If you have a Citibank credit card, you can use the Virtual Account Number feature to generate temporary “alias” numbers to give out in place of your actual number. Why would you want to do that? Well, there are lots of reasons… read on and I’ll give you a few.

Peter Gutman, from the Univeristy of Auckland, put together the most comprehensive Introduction to Security overview I’ve seen on the Internet.

I think it’s a fantastic starter for those who know nothing about security, and contains plenty of refresher or new information for security professionals. All in all the entire tutorial would be 400 pages if you print it out.

People who thought their BMW’s sophisticated laser cut key system would keep their cars… well theirs… need to think again.

These brainiac German guys demonstrate quite clearly how to break into any modern BMW in a matter of seconds with a tool kit that costs about $1,200.
Read the rest of this entry »

I spoke with two of the founders of craigsnumber via phone as a follow up to my previous review of the service. Here are the notes from our phone call. The gentlemen I spoke to preferred to remain anonymous so I will refer to them as CN.

CN: From a legal standpoint we are currently in a “quite period” so we’ll share what we can, but it may be limited out of necessity.

Read the rest of this entry »

People routinely ask about my favorite software so, I’ve decided to gather all my top picks in one place to make every one’s life a little easier.

All of the software listed here is free for personal use, meaning:

1. Any of this software can be installed and used at absolutely no charge, forever. There is no nagging, spyware, or anything else nasty.
2. Because it’s totally free, sometimes there is very little support. You either figure out how to use it, or just get rid of it.

So, without further ado, here is the list categorized by type of application:
Read the rest of this entry »