Category Archives: security

January 30, 2012 · 2:24 pm

What’s My Password?

It is probably between 6 and 8 characters with a mixture of upper and lowercase and with at least one number. You are likely to use the same or similar passwords for Facebook, Gmail, YouTube, Twitter and even online banking. Or you might have discovered the new way to work with passwords. If not, you should probably change them all today.

By far and away the most sensible password system is the three or four word system recommended by Thomas Baekdal – make your password something like “cheese and chips”, it’s quite important to make it different on each of the systems you use, the most common way of your password being discovered is by the server being hacked and your password read directly from a file on the server’s storage.

There is quite a lot of discussion and advice on the web regarding passwords and passphrases, most of them go into great mathematical and statistical analysis of what makes a good password or passphrase. If you are the type of person who uses a simple word as your password, such as “kevin”, changing it to “Kevin is Lovely” is much more secure than just the single word.

Lots of people use passwords where they swap letters for numbers, eg. “password” becomes “pa55word”, the difficulty comes in remembering which letters you swapped for numbers, so whilst it may be more secure in theory, it is actually less secure because the password has to be written down somewhere. Changing it to “this is my password” is easy to remember and much more secure as it uses more characters. Its weak point is that someone could easily guess this passphrase, so use a more obscure phrase like “Cheese and Chips” instead. For obvious reasons, do not use any of these phrases.

There are web sites which will generate a strong password for you, it will be a random mixture of up to 15 of the characters on your keyboard. It will be almost impossible for you to remember but will take trillions of years for today’s fastest computer to break, so it is very secure (unless it is written down). However, “kevin is lovely” is also 15 characters long and will take 796 million years for today’s fastest computer to break. I’m not suggesting I want my bank to prevent unauthorised access to their servers with a passphrase of “kevin is lovely”, I’d expect them to have multiple security systems in place.

Changing your password is also important, unlike most business systems none of the social media sites require you to change your password on a regular basis, but its still a good idea to change it every now and then. Using the passphrase system makes this easy, for example “Kevin is not Lovely” or “Simon is Lovely”.

Its important to remember that no password system is infallible, if it was then we wouldn’t have these problems. Understanding this is the first step to computer security.

In the real world, a passphrase of “Kevin is Lovely” would most likely be guessed by someone who knows you so it is not a good passphrase to choose. I’ve used this as an example to improve security for someone who currently uses a password of “kevin”. Security experts advise against using common phrases and song lyrics as these are vulnerable to “dictionary attacks”, but changing your password from “kevin” to “Kevin is Lovely” is still a giant leap forward in your computer security. A better phrase would be “Kevin is Fromage” since it doesn’t make sense, use nonsense to defeat logic.

Check how secure your password is at Microsoft’s Password Checker or try the one recommended by Google.

1 Comment

Filed under IT Support, passphrase, password, security

September 26, 2011 · 12:15 pm

Should I upgrade to Lion?

You have very little choice, is the short answer. If you are a MobileMe user you have until June 2012, just before the GB Olympics, to upgrade your computer to MacOS X Lion and make use of all the features of the new free iCloud service. MobileMe users that don’t upgrade will lose out. If you have a Mac that was manufactured before September 2006 you’ll need a new computer to use iCloud and Lion.

There are many benefits to upgrading to the new operating system, especially for laptop users. It’s mostly about trackpads and screens; multitouch gestures use all your fingers and thumbs to move things around the full screen apps. For example, swipe two fingers right to left to go back through your browsing history, swipe four fingers to switch between full screen apps, easy navigation with no keyboard required. We’ve all learnt a few keyboard shortcuts such as CMD C and CMD V to copy and paste, most people learn a few more (CMD X and CMD B maybe) then find out how to do it all with a mouse and don’t need to learn any more shortcuts. Lion moves all of this to the trackpad and your laptop becomes a bit like an iPad, you’ll be swiping, pinching and triple tapping straight away. It’s surprisingly intuitive, even if you haven’t used iOS before.

The biggest benefit of upgrading to Lion is security. Applications are each given a “sandbox” to work in, they are prevented from affecting other applications or the operating system, so viruses and trojans will not be able to escape the “box”, safe as a child’s sand pit. That doesn’t mean you won’t ever get a virus or trojan with Lion, but you’ll be less likely to damage your computer with innocent clicking.

iCloud’s full features will only work with Lion and iOS 5, however Snow Leopard users (MacOS 10.6) will still be able to use @me.com or @mac.com email addresses but none of the other features of iCloud will work, at least that’s my understanding, Apple don’t seem to be very clear on this. Windows Vista and Windows 7 running iTunes 10.3 and an iDevice running iOS 4.3.3 will work with iCloud when it is released next week.

Keeping your computer up to date can be essential for your business to function. To some extent the computer and operating system you choose to run your business will dictate the amount of time and money you will need to spend in the years to come on keeping it working. Do some homework, the best time to buy a brand new computer is shortly after a new operating system is released but check if your existing application software will work on the new OS. Decide if your business depends on up to date software, if it does then there is little point in buying a new computer with an out of date operating system. To keep fully up to date you should buy a new computer every three or four years.

Leave a Comment

Filed under cloud computing, IT Support, MacOS X Lion, security

Tagged as , , ,

July 19, 2011 · 8:23 pm

TED Talks – Mikko H. Hypponen

Very interesting TED talk

Leave a Comment

Filed under security

Tagged as

July 6, 2011 · 10:02 am

Hacking the cloud

Dropbox is a widely used file and folder synchronisation tool which can also be used to share files with others.

I’ve never been a fan of Dropbox and my advice has always been not use this software. Issues with who owns the data and who can access it have always made me very reluctant to install and use it. Dropbox says that you own the data on their servers. However, they own and know the encryption keys used to secure your data from others but not from Dropbox and Amazon employees, Dropbox uses Amazon S3 to store your data.

SpiderOak is a better option. It uses some clever encryption so that ONLY you have access to decrypt your files, SpiderOak can never open, read or modify your data. There are some other advantages too, you can synchronise any folder on your computer even on external hard drives, unlike Dropbox which uses it’s own folder on your computer. Best of all, if you want more than the free services SpiderOak is cheaper than Dropbox.

Computing is clearly heading towards “cloud” based processes. Larry Ellinson trademarked the “Network Computer” in the mid 1990s and the idea is the same as today’s “cloud”. It makes a lot of sense to store all your stuff on bomb-proof servers that someone else maintains, updates and distributes to your various other computers and devices at home or in work. Your bits and bytes are all stored in the “cloud”, as they get bigger you can expand the amount of storage you use much quicker than buying a new hard drive. No need to worry about losing your data or having it stolen, someone else takes care of all that. And that appears to be the problem.

What if we all store ALL of our stuff in the cloud and then the hackers get in? The hackers have got away with data from big computer companies that we have trusted, we expected them to be safe and secure, PlayStation and Sony were hacked, even NATO has been hacked. Why would anyone think anywhere “out there” is safe and secure? The latest news about the hacking of PayPal’s Twitter account makes this even clearer, almost as if the hackers can get in to everything, they just haven’t told us.

There is always someone cleverer than you who can defeat your security systems just because they feel like it or want to make a point. Holding your hard drive in your hand still ‘feels’ like the safest way to store your pictures, movies, music, spreadsheets etc. Apple users can hope that iCloud will solve all these problems, but trust and confidence in any so-called safe systems must be on the wane right now.

Give yourself a break and consider how you can keep hold of your data, or just don’t care.

Update 02/08/11: Latest hacked site the Sun tabloid newspaper

Leave a Comment

Filed under cloud computing, IT Support, security

Tagged as , , ,