Xato
Pafwert: Now Open Source
Wed, Apr 17 2013 23:04
More than 15 years ago I started working on a unique password generator that eventually evolved into a small program I now call Pafwert. Pafwert is an unique tool to help you to select strong passwords that are easy to remember. Using strong entropy,...
Email: The Security Industry’s Single Biggest Failure
Thu, Nov 29 2012 15:07
I still remember so clearly the frustration I felt back in the 90′s when starting in the security industry and trying to sell my services. It was so difficult trying to emphasize just how much at risk potential clients were and then get them to...
Now eBay Wants in on Password Patents
Tue, Nov 13 2012 11:16
I wrote a couple months ago about the many attempts to patent various methods of checking passwords. Now eBay wants in on the game with United States Patent Application 20120284783. Here’s their summary: A proposed password is decomposed into basic...
About The US Government’s Absured Filing in a Megaupload-Related Case
Sat, Nov 3 2012 14:55
You’d think the US Government has been embarrassed enough with their abuse of power and disregard for procedure in the Megaupload case that they would just let it all quietly die. No, as evidenced by a recent filing in the Kyle Goodwin case, they...
RSA’s Distributed Credential Protection: Yeah They Are Overselling it a Bit.
Fri, Oct 19 2012 15:59
RSA recently announced their new Distributed Credential Protection (DCP) product which they proudly tout as a “revolutionary” way to secure user credentials. But looking closer (especially at that $160,000 per license price tag), I’m...
Is Mozilla’s Persona the Authentication System That We’ve All Been Waiting For? Probably Not.
Mon, Oct 1 2012 10:06
Last week, Mozilla announced the first beta release of Persona. Persona, formerly called BrowserID, is a personal authentication system that aims to eliminate passwords to log in to web sites. Of course, you still need one master password to log in to...
6 New Password Rules
Wed, Sep 5 2012 17:12
Considering the increasing attention passwords have been getting lately, I thought it was about time we sit down and establish some new rules to define exactly what is a password. After all, so much of our personal lives, finances, and identities rely...
My Advice: Just use a Password Manager
Mon, Aug 27 2012 23:14
For years I have advocated using long, memorable passwords using a variety of different memorization techniques. Humor, repetition, common suffixes, memorable phrases, and other methods are great for creating long passwords that are easy to remember....
Analyzing the XKCD Passphrase Comic
Tue, Jun 12 2012 16:52
I rarely see any discussion of password strength without seeing th XKCD comic below brought up to illustrate that a long pass phrase is better than a shorter random jumble of characters. Since this is something I have been arguing for fifteen years, this...
Despite the Hyperbole, Flame is Kind of Lame
Fri, Jun 8 2012 16:40
We have all been hearing quite a bit of hyperbole concerning the sophistication of the Flame malware. It’s hard to find any headline about the malware that doesn’t involve the adjectives massive, sophisticated, elaborate, impressive, or scarey...
93% of the Top 10,000 in the LinkedIn List
Thu, Jun 7 2012 18:27
I would like to welcome LinkedIn to the not-so-exclusive club of major web sites that have experienced major password leaks. Like any other major leak it is hard to visit any forum or tech blog without seeing some mention of it. And like any other leak...
If You Drew a Line From San Francisco to New York
Thu, May 24 2012 20:23
One of the difficulties of expressing just how much stronger one password is than another is that we as humans have such a hard time visualizing large numbers. Can we really, for example, truly comprehend the difference between a strong password and a...
If a Strong Passwords is 2,573 Miles, How Long is Yours?
Thu, May 24 2012 20:23
One of the difficulties of expressing just how much stronger one password is than another is that we as humans have such a hard time visualizing large numbers. Can we really, for example, truly comprehend the difference between a strong password and a...
Updated Thoughts on CISPA
Fri, Apr 27 2012 16:55
Since I wrote my last post on CISPA a few weeks ago, a number of things have changed and my own opinion has evolved some as well. I still feel that the EFF’s interpretation was perpetuation a great amount of FUD, but that doesn’t really justify...
My Favorite Passwords of the Month
Thu, Apr 26 2012 3:55
Okay so I deal with passwords quite a bit and people tend to eagerly share their passwords with me way more than they should. And although most passwords I come across are pretty weak, I do sometimes come across some true greats, either for their strength...
Did the EFF Get it Wrong on CISPA?
Sun, Apr 8 2012 4:19
My first reaction in seeing the recent headlines about CISPA (HR 3523), like many others, was simply being outraged at yet another attempt by the US government to open the doors for spying and censorship. In fact, we have seen so much of this lately and...
Yes, Use Bcrypt. And Scrypt.
Mon, Mar 19 2012 13:06
I often come across articles that argue the strengths or weaknesses of one crypto algorithm or another. As these articles point out, cryptography is complicated and there are many factors that can affect any particular algorithm. The greatest threat for...
The RIAA & MPAA Don’t Want you to Know They Suck
Wed, Mar 7 2012 16:11
We know that a while back the entertainment industry apparently pressured Google into removing terms that are closely associated with piracy from appearing in Autocomplete. Of course, this strategy is completely absurd and it is hard to imagine that industry...
Amazing Visualization of Password Numbers
Wed, Feb 29 2012 1:48
One thing humans have an incredibly difficult time visualizing is huge numbers. For example, most of have a horrible time conceptualizing number like a trillion. When dealing with passwords, one way we have of measuring a password’s strength is...
A Million Random Digits
Thu, Feb 23 2012 0:04
There is much to be said about randomness and many recommend using truly random password generators. However, sometimes you just don’t have internet access to visit a random password generator web site. The solution? this book contains six hundred...
More Posts
Next page »
Search
Go
This Blog
Home
Tags
abuse
Application Security
complexity
Cryptography
General
hackers
Hacking
Hardening
Law
laws
Malware
password
password length
Passwords
Patch Management
policy
Privacy
random
security
Security Policy
sopa
statistics
Tools
Windows File Protection
Windows Security
Community
Home
Blogs
Media
Groups
Archives
April 2013 (1)
November 2012 (3)
October 2012 (2)
September 2012 (1)
August 2012 (1)
June 2012 (3)
May 2012 (2)
April 2012 (3)
March 2012 (2)
February 2012 (4)
June 2011 (6)
April 2009 (2)
May 2008 (1)
April 2008 (1)
February 2008 (6)
January 2008 (4)
December 2007 (4)
November 2007 (1)
September 2007 (1)
August 2007 (4)
May 2007 (8)
April 2007 (2)
March 2007 (8)
February 2007 (17)
January 2007 (9)
December 2006 (5)
October 2006 (3)
September 2006 (3)
March 2006 (1)
Syndication
RSS for Posts
Atom
RSS for Comments
Email Notifications
Go