LinkedIn
Facebook
TwitterOne Man's Blog
Specialization is for Insects.
Posted on Mar 28, 2007 - 12:43am by John P. in Security, Tutorials - 8 Replies
That’s right. I hate to tell you folks, but if you give me 10 seconds alone with your computer I’ll not only get your user name and passwords to every mail box you have set up in Outlook and Outlook Express, but I’ll also be able to see every single login you have saved in your Internet Explorer auto-complete settings.
And I’ll do it all with this tiny little application. Don’t believe it? Fine, download it, unzip it and launch it. You’ll be instantly staring at all of the passwords you’ve ever told Microsoft to remember for you.
Read the rest of this entry »
Posted on Mar 26, 2007 - 2:17am by John P. in Computing, Security - 260 Replies
If you invited me to try and crack your password, you know the one that you use over and over for like every web page you visit, how many guesses would it take before I got it?
Let’s see… here is my top 10 list. I can obtain most of this information much easier than you think, then I might just be able to get into your e-mail, computer, or online banking. After all, if I get into one I’ll probably get into all of them.
Statistically speaking that should probably cover about 20% of you. But don’t worry. If I didn’t get it yet it will probably only take a few more minutes before I do…
Read the rest of this entry »
|
|
| Re-Tweet | Reply | View Tweet |
|
|
| Re-Tweet | Reply | View Tweet |
|
|
| Re-Tweet | Reply | View Tweet |
|
|
| Re-Tweet | Reply | View Tweet |
|
|
| Re-Tweet | Reply | View Tweet |
|
|
|
| Re-Tweet | Reply | View Tweet |
|
|
| Re-Tweet | Reply | View Tweet |
|
|
| Re-Tweet | Reply | View Tweet |
|
|
| Re-Tweet | Reply | View Tweet |
|
|
| Re-Tweet | Reply | View Tweet |
Posted on Mar 14, 2007 - 1:23am by John P. in Finance, Security - No Replys
In the recent past I’ve done a lot of harping on the security woes of financial institutions (see here, here, and here) so when I saw this announcement I was both extremely happy and a little disappointed at the same time.
PayPal is about to issue SecureID cards to all business clients in order to provide further account security. Now this is what I’m always talking about when I speak of defense in depth! PayPal will combine layers of security, in this case something I have (SecureID password generator), with something I know (my username/password combo) to ensure it’s actually me accessing the site.
Read the rest of this entry »
Posted on Feb 24, 2007 - 1:52am by John P. in Computing, Security, Web Links - 3 Replies
There are a lot of people that have migrated to alternative Web browsers such as Firefox and Opera; the problem is, for most people, it’s been impossible to fully abandon IE because it’s the only option they have to get Windows Updates.
But, if you really despise IE and wish you never had to open it again (or if it just isn’t working), have I got news for you… Using either Opera or Firefox you can head over to WindizUpdate and get your system updated from a source other than Microsoft.
Read the rest of this entry »
Posted on Feb 02, 2007 - 12:26am by John P. in Dear The Man, Security - 19 Replies
Here’s a question I received from a reader:
Can you recommend a good hard drive sweeper? I need to clean up my PC at work… been surfing the net a little too much.
Well yes. Yes I can…
Read the rest of this entry »
Posted on Jan 30, 2007 - 1:38am by John P. in Security - 1 Reply
According to the Epoch Times, in five years, the U.S. government will cease to use SHA-1 (Secure Hash Algorithm) and convert to a new and more advanced “hash” algorithm, according to the article “Security Cracked!” from New Scientist.
The reason for this change is that associate professor Wang Xiaoyun of Beijing’s Tsinghua University and Shandong University of Technology, and her associates, have already cracked SHA-1. This marks the fifth straight encryption method that Xiaoyun’s team has broken (SHA-1, MD5, HAVAL-128, MD4, and RIPEMD).
What does this mean for the rest of us?
Read the rest of this entry »
Posted on Jan 21, 2007 - 1:57am by John P. in Politics, Security - 1 Reply
Imagine a knock on the door after you have been on the Internet, blogging, and the next moment you are under arrest. Amnesty International launched a campaign in defence of Internet bloggers in many countries – including China, Tunisia and Iran who have been arrested for expressing views which have upset their governments.
But how have they been tracked down? It turns out that they have been turned in by major Internet providers such as Yahoo and Microsoft, who have supplied foreign governments with the information they need to pursue them.
Read the rest of this entry »
Posted on Jan 20, 2007 - 1:59am by John P. in Finance, Security - 1 Reply
Smith Barney recently began forcing it’s clients to change their Web login in what is claimed to be a “security enhancement” maneuver. This applies to every client in the US that has a joint account (ie- married couples).
They are forcing this change in conjunction with the requirement of adding challenge questions and answers to each account, but they don’t list the reason for inconveniencing what must be hundreds of thousands, or millions, of clients. In fact, they claim:
Today Smith Barney’s nearly 12,400 Financial Consultants serve more than 7.5 million client accounts representing nearly $900 billion in client assets.
Posted on Jan 06, 2007 - 2:59am by John P. in Finance, Security - 17 Replies
I don’t know why Citi doesn’t make a bigger deal about publicizing this feature of their credit cards, but they actually have an excellent security option which helps protect customers making online purchases. They mention it only in one paragraph here.
If you have a Citibank credit card, you can use the Virtual Account Number feature to generate temporary “alias” numbers to give out in place of your actual number. Why would you want to do that? Well, there are lots of reasons… read on and I’ll give you a few.
  
|
Posted on Jan 03, 2007 - 3:28am by John P. in Computing, Security, Tutorials - No Replys
Peter Gutman, from the Univeristy of Auckland, put together the most comprehensive Introduction to Security overview I’ve seen on the Internet.
I think it’s a fantastic starter for those who know nothing about security, and contains plenty of refresher or new information for security professionals. All in all the entire tutorial would be 400 pages if you print it out.
Posted on Jan 03, 2007 - 1:58am by John P. in Security, Vehicles, Videos - 1 Reply
People who thought their BMW’s sophisticated laser cut key system would keep their cars… well theirs… need to think again.
These brainiac German guys demonstrate quite clearly how to break into any modern BMW in a matter of seconds with a tool kit that costs about $1,200.
Read the rest of this entry »
Posted on Dec 29, 2006 - 3:14pm by John P. in Security - 5 Replies
I spoke with two of the founders of craigsnumber via phone as a follow up to my previous review of the service. Here are the notes from our phone call. The gentlemen I spoke to preferred to remain anonymous so I will refer to them as CN.
CN: From a legal standpoint we are currently in a “quite period” so we’ll share what we can, but it may be limited out of necessity.
