Oct 26 2011

5A – Information Security:

Posted by reinkefj in 5A - Information Security

http://lifehacker.com/

RESPONDING TO THE NEED FOR SECURE PASSWORDS VIA A TOOL

Why not use a novel? TO create the password. Pick your favorite number. Say 37. Take page 37 of your novel. First part is the Third Line Seventh Word. Put in a special character like #. And, the Seventh Line Third Word. If you need lots of them, Page of paper lines #11 to 50. Write the site’s name on the line. Use that page with your technique. Most IT folks might borrow the book to read, but few will figure out your scheme! (I had identical copies of my favorite book at work and at home.) Like the “Purloined Letter”, hidden in plain sight.

# – # – # – # – # 2011-Oct-26 @ 19:11

Oct 03 2011

INFOSEC: Automated tool — shoot your own foot

Posted by reinkefj in 5A - Information Security

http://www.networkworld.com/news/2011/093011-microsoft-kills-google-chrome-with-251475.html

Microsoft kills Google Chrome with bad malware signature
“One way to win the browser war” says security expert
By Gregg Keizer, Computerworld
September 30, 2011 04:35 PM ET

# – # – #

Regardless of the messy details, and I’m sure it was inadvertent, this points up several issues — recovery from the error, how does one maintain a quality controlled environment, and what happens if malware gets to id your production software as bad.

Seems like this was under control in less than a day. With the only data loss being bookmarks.

(1) This can serve as a learning episode. How were the bookmarks backed up? Restore should limit the loss to a day. If not, why not?

(2) A production environment should have all inputs “tested” in at worst a development environment before being admitted to “production”. If not, why not?

(3) What controls are in place to prevent a disgruntled sys admin from marking entire production environments as “malware”. Instant disaster! If not, why not?

Would seem that this episode has some lessons to be learned? Or at least, examined.

# # # # #

Sep 24 2011

INFOSEC: We can authenticate your cat, but not you?

Posted by reinkefj in 5A - Information Security

http://lifehacker.com/35094/cat-door-authentication?tag=softwarelifehacks

Lifehacker
SOFTWARELIFEHACKS
IN BRIEF
BY GINA TRAPANI MAR 7, 2005 9:06 AM 2,387 0 Share

Cat door authentication

*** begin quote ***

A smart cat door – which does facial recognition – doesn’t open for your cat if she arrives home with a mouse in her mouth, or for other animals.

*** end quote ***

Now why can’t we do that in industry.

Passwords are a pain. Tokens are expensive.

Most platforms have a cam. We’ve seen WATSON.

So why can’t we do authentication without involving the wetware?

# – # – # – # – # 2011-Sep-24 @ 14:37

Sep 20 2011

INFOSEC: Failure to secure is a “killer”

Posted by reinkefj in 5A - Information Security

http://it.slashdot.org/story/11/09/20/1237207/DigiNotar-Goes-Bankrupt-After-Hack

DigiNotar Goes Bankrupt After Hack

Posted by timothy on Tuesday September 20, @08:59AM

*** begin quote ***

“DigiNotar, the Dutch certificate authority which was recently at the centre of a significant hacking case, has been declared bankrupt.”

*** end quote ***

Wonder if we’ll ever find the meeting notes where an aggressive information security program was rejected due to cost. I winder if anyone outside of the information security community will notice.

# – # – # – # – # 2011-Sep-20 @ 10:24

Mar 16 2010

INFOSEC: Inside knowledge, but what was the catch?

Posted by reinkefj in 5A - Information Security

http://www.casinocitytimes.com/news/article/computer-experts-stole-%C2%A333-000-in-casino-scam-192870?contentID=192870

Computer experts stole £33,000 in casino scam

15 March 2010

*** begin quote ***

LONDON, England — Two computer experts cheated casinos by creating fake betting slips, Peterborough Today reported.

*** end quote ***

How’d they get caught?

# # # # #