The man in the ad looks like a refugee, or disaster survivor, so McAfee are you foreshadowing that 2012 is going to be a rough one?
Tag Archives: information security
Access Denied Card Game
MOSH!
We have been doing a lot of auditing at work of our transaction system and web services. Every-time I see IPS alerts from a scan I send this out to our group.
Wait, whaaaa?
I recently read the following on a university’s website
“A password reset is time-consuming. Please make every effort to remember your password. It is best to develop a secure storage location, such as a password-protected Word file, for all of your passwords.“
You may remove your palm from your face now….
Where do I start? Lets start with the basics.
First, you should be using complex passwords, passwords with length, and they should be changed often. When I say ‘complex’ I mean a passwords with numbers, letters (both upper case and lower,) use special characters like colons, commas, and percent signs. Your password should never have dictionary words in it, or consecutive letters or numbers. Also the longer the better. (That’s what she said!)
Finally change your passwords often, every month, 60 or 90 days.
Here are some bad passwords:
love
sex
secret
password
god
Here are some good passwords:
Eu6xqm4b
NmPL92d6
hNjPwE58
Ea7xS8hJ
Fysn6H8U
Here are better passwords:
dfp#=;vE63]u(7
p5(V!HQs]W26%u
L=?t(NA2S:QGyr
X7]@dw2k6K;B89
EH%2=7b(nCX9Pm
Here are the best passwords:
b3V4TYu]yxskPcUv?L)E
zYt*EbsTr@Q[nA3R?v45
k=pKh87dDxrB]46+Qbv2
k=4%8JXwK7j-NR]p;Won
x.](7e546uQfPTJE,%;h
Also, don’t have one password for everything. Have a different passwords for each service/system you use, in case one system in compromised, your whole life won’t be.
Create ‘throw away’ passwords, something simple for those times when you are going to be using it once for something non-critical.
Never give your passwords to anyone! Tech support should never need to ask for your passwords, if they do, enter it yourself, never write it down on a post-it note.
It is a good idea to remember your passwords, unless some one has figured out how to implant a USB device into your brain stem, and access the nether regions of your gray matter, they will be safest there. If, for some reason you can’t count on your memory use a program like Truecrypt to create a secure, portable volume, which can be encrypted, and, if lost will take an attacker (if the Truecrypt volume was properly setup) decades or centuries to crack.
If possible, use two form authentication for your services, some credit cards and even PayPal offer a RSA like token for an extra layer of security.
If possible never use public computer systems where you data might be stored for someone else to look at like cookies, or browsing history, these systems may have spyware or key loggers to capture our passwords or activities. If you do use a public computer system, change you passwords as soon as possible after.
This is just the start of good password use, but remember if it looks fishy, trust yourself and not the system.
MABAS Upload
MABAS you might want to knock this feature off your site, as any file could be uploaded without credentials!
