security
In November 2007 I called these three CAPTCHA implementations “unbreakable”: Google (unbreakable)Hotmail (unbreakable)Yahoo (unbreakable) 2008 is shaping up to be a very bad year indeed for CAPTCHAs: * Jan 17: InformationWeek reports Yahoo CAPTCHA broken * Feb 6: Websense reports Hotmail CAPTCHA broken * Feb 22: Websense reports Google CAPTCHA broken
security
As far back as I can remember – which admittedly isn’t very far – GUI toolkits have included a special type of text entry field for passwords. As you type, the password field displays a generic character, usually a dot or asterisk, instead of the character you actually typed. I’ve
security
The most obvious badge of internet security is the “lock” icon. The lock indicates that the website is backed by a digital certificate: 1. This website is the real deal, not a fake set up by criminals to fool you. 2. All data between your browser and that website is
security
Software is digital through and through, and yet there’s one unavoidable aspect of software installation that remains thoroughly analog: entering the registration key. The aggravation is intentional. Unique registration keys exist only to prevent piracy. Like all piracy solutions – short of completely server hosted applications and games, where piracy
security
Jon Galloway and I got into a heated debate a few weeks ago about the efficacy of anti-virus software. My position is that anti-virus software sucks, and worst of all, it doesn’t work anyway. That’s what I’ve been saying all along, and it’s exactly what I
security
I encourage my coworkers to lock their computers. Security, after all, is everyone’s business. But often gentle encouragement is not enough. Sometimes, more... persuasive methods are necessary. I first learned about the noble art of goating from from Omar Shahine: We have this problem in Hotmail. If you walk
security
Evidently hardware assisted brute force password cracking has arrived: A technique for cracking computer passwords using inexpensive off-the-shelf computer graphics hardware is causing a stir in the computer security community. Elcomsoft, a software company based in Moscow, Russia, has filed a US patent for the technique. It takes advantage of
security
The web is nothing if not a maze of user accounts and logins. Almost everywhere you go on the web requires yet another new set of credentials. Unified login seems to elude us at the moment, so the status quo is an explosion of usernames and passwords for every user.
security
The multi-platform password cracker Ophcrack is incredibly fast. How fast? It can crack the password “Fgpyyih804423” in 160 seconds. Most people would consider that password fairly secure. The Microsoft password strength checker rates it “strong.” The Geekwisdom password strength meter rates it “mediocre.” Why is Ophcrack so fast? Because it
security
Scott Wasson at The Tech Report notes that two of his family members fell victim to the eCard email exploit that has been making the rounds lately: I just dropped off a package containing my dad’s laptop at the FedEx depot this afternoon. I spent parts of several days
legalese
If you’ve used a computer for any length of time, you’ve probably clicked through hundreds of End User License Agreement (EULA) dialogs. And if you’re like me, you haven’t read a single word of any of them. Who can blame you? They’re mind-numbing legalese. As
security
In How to Clean Up a Windows Spyware Infestation, I documented how spyware can do a drive-by infection of your machine through your web browser. To be absolutely clear, I never clicked on any advertisements, or downloaded and executed any files. All I did was open a GameCopyWorld web page