If you invited me to try and crack your password, you know the one that you use over and over for like every web page you visit, how many guesses would it take before I got it?

Let’s see… here is my top 10 list. I can obtain most of this information much easier than you think, then I might just be able to get into your e-mail, computer, or online banking. After all, if I get into one I’ll probably get into all of them.

1. Your partner, child, or pet’s name, possibly followed by a 0 or 1 (because they’re always making you use a number, aren’t they?)
2. The last 4 digits of your social security number.
3. 123 or 1234 or 123456.
4. “password”
5. Your city, or college, football team name.
6. Date of birth - yours, your partner’s or your child’s.
7. “god”
8. “letmein”
9. “money”
10. “love”

Statistically speaking that should probably cover about 20% of you. But don’t worry. If I didn’t get it yet it will probably only take a few more minutes before I do…
Read the rest of this entry »

In the recent past I’ve done a lot of harping on the security woes of financial institutions (see here, here, and here) so when I saw this announcement I was both extremely happy and a little disappointed at the same time.

PayPal is about to issue SecureID cards to all business clients in order to provide further account security. Now this is what I’m always talking about when I speak of defense in depth! PayPal will combine layers of security, in this case something I have (SecureID password generator), with something I know (my username/password combo) to ensure it’s actually me accessing the site.
Read the rest of this entry »

According to the Epoch Times, in five years, the U.S. government will cease to use SHA-1 (Secure Hash Algorithm) and convert to a new and more advanced “hash” algorithm, according to the article “Security Cracked!” from New Scientist.

The reason for this change is that associate professor Wang Xiaoyun of Beijing’s Tsinghua University and Shandong University of Technology, and her associates, have already cracked SHA-1. This marks the fifth straight encryption method that Xiaoyun’s team has broken (SHA-1, MD5, HAVAL-128, MD4, and RIPEMD).

What does this mean for the rest of us?
Read the rest of this entry »

Smith Barney recently began forcing it’s clients to change their Web login in what is claimed to be a “security enhancement” maneuver. This applies to every client in the US that has a joint account (ie- married couples).

They are forcing this change in conjunction with the requirement of adding challenge questions and answers to each account, but they don’t list the reason for inconveniencing what must be hundreds of thousands, or millions, of clients. In fact, they claim:

Today Smith Barney’s nearly 12,400 Financial Consultants serve more than 7.5 million client accounts representing nearly $900 billion in client assets.

Read the rest of this entry »

If you’re like me, you’re wondering what this war between Israel and Lebanon is going to do to the market here in the US. Fear not, Smith Barney’s Consulting Group has produced an article that attempts to answer just this question…
Read the rest of this entry »