BrokeBerry

Attack Computer Wiz

A Security & Technology Weblog

Passwords Byte
 

, , 0 comments

The New York Times has a very good article today talking about the insecurities of passwords. In a nutshell they explain how key loggers, Phishers, scammers and hackers are capturing passwords, no matter how secure or complex the password itself may be. They also call for the use of cryptographically encoded methods to secure logons and how OpenID could be used to eliminate the need for passwords all together. I have said this before and agree with them.


Since this is not a very viable or widely available option yet, there are a few things that you can do now to help protect yourself;


1. Don’t click on un-trusted links – If you frequent a website, save a link in your favorites and ONLY use that link to go to the site. By doing this you will avoid phishing scams and redirects.

2. Use a different password for every site – If you lose your only password then the hacker will own all of your sites. If you loose one password, but have different passwords for all your sites then you will be relatively cushioned from the damage that they can do.

3. Use a password manager – Use a password manager to keep track of your passwords. Be sure it is a trusted program or device that uses strong encryption.

4. Never write your passwords down.

5. Don’t share your password with anyone – When it comes to secures, trust no one.


NyTimes.com

user Posted by Mike Wright

| More


Reporter Hacked at Black Hat… duh
 

0 comments

I have always said that when I get the chance to attend the Black Hat conference in Las Vegas I will be leaving all of my electronics at the hotel. This is a great example of why.

A reporter for cnet was in a ‘safe’ area uploading data back to his servers when he was hacked. In the cnet article he stated that he was using a Sprint wireless card which was running slow so he switched to the conferences wired network. Once connected to the wired network a hacker sniffed his logon information using CAIN and posted it on the internet within minutes. What the heck was this guy thinking?

Link to cnet article.
Link to screen shots.

user Posted by Mike Wright

| More


Adeona, Open Source Asset Tracking (LoJack)
 

0 comments

Have you ever had your laptop stolen and envy those who have spent the time and money on a LoJack type service? Well you may now have a free alternative to those other sometimes pricey services.

Adeona is an open source asset tracking program that is designed and provided by the University of Washington. The application is very small and can be installed on laptops running Windows XP/Vista, Linux, and Mac OS X. The data that is uploaded are; internal IP, external IP, nearby routers, access point information, and if you are running Mac OS X it will upload photos. Once installed, you will need to save a file that is unique to that laptop. Then you can use another machine, along with that file, to retrieve a text file with the location of the stolen laptop that you can turn over to law enforcement.

It looks very nice and I can see huge potential here. Be sure to do your homework though. Keep in mind this is a research project and it is open source. The data that your laptop is providing to their servers may be part of that research.

Adeona

Here is a video of it in action TinkerNut.com

user Posted by Mike Wright

| More

Newer Posts Older Posts