Fragile: Passwords May Be Cracked or Broken

Charles Ripley , IDG Creative Lab

Sometimes when you buy something breakable--like a crystal vase, or a big screen TV--the box is plastered with stickers alerting you in bright red letters that the contents are “fragile”. Perhaps we need to start putting those notices on computers and mobile devices as well.

To be fair to passwords, most users still don’t follow basic practices that have been drilled for years. The mantra of choosing long, complex passwords that can’t be easily guessed or cracked has been repeated time and time again. Everyone knows that they’re supposed to choose passwords comprised of uppercase and lower case letters, numerals, and special characters.

The problem is, many people still just don’t get it, or don’t care. Microsoft revealed in its most recent Security Intelligence Report that 92 percent of the Conficker infections still plaguing Windows PCs are a result of weak passwords. Millions of PCs are being compromised because people continue to use “1234”, or “password”, or other equally silly, and easily guessed passwords to “protect” their systems.

Read more »

1

Is It Still Spying If You Approved It?

Online privacy is a hot issue. People expect to be able to surf the Web and use the Internet without compromising their privacy in the process, but the sites and services people use may be monitoring their online behavior. This may seem like an infringement of privacy to some, however, what they don’t realize is that they agreed to be watched.

The average Internet user visits more than 2,500 websites and online services per month. Virtually every one of them has a privacy policy of some sort. You might have to dig (a lot) to actually find it, but it’s there somewhere. By visiting the site or using the service you’re tacitly agreeing to the terms of the privacy policy whether you read it or not.

How many privacy policies have you read from beginning to end? Probably zero. One source reports that legal and tech researchers estimate it would take an entire month to read all of the privacy policies for the sites an average person visits in a year. Are you willing to invest that kind of time? Of course not.

Read more »

1

Twitter Discover Highlights Pros and Cons of Personalization

Twitter is making some changes to the Discover tab. Essentially, Twitter is attempting to deliver more relevant, personalized content that incites users to interact and stay engaged on the service. Customizing content is a double-edged sword, though, that involves some degree of privacy infringement--or at least erosion--to achieve.

A post on the Twitter Engineering blog explains, “We’ve improved our personalization algorithms to incorporate several new signals including the accounts you follow and whom they follow. All of this social data is used to understand your interests and display stories that are relevant to you in real-time.”

Sounds like a good thing at face value. If you’re only following a handful of Twitter accounts it may not seem useful, but if you follow a couple hundred, or a few thousand Twitter accounts you understand how quickly the information flies by, and how difficult it is to keep on top of the rapidly flowing stream.

Read more »

1

Don't Let Google Intercept Your Wireless Data

Charles Ripley , IDG Creative Lab

Google has been in some hot water for a couple years now regarding revelations that its Street View cars traveling the highways and back streets around the world were collecting more than Street View images. Google also intercepted wireless network data, but the reality is that Google only captured wireless data that wasn’t properly protected in the first place.

Google has changed its story a number of times since the report first broke. First it claimed it only collected SSIDs and MAC addresses. Then it conceded that actual data was intercepted, but that a rogue Google engineer was responsible. New information illustrates that Google was aware that data was being collected for years before the activity was uncovered.

The FCC has been investigating, and recently fined Google $25,000 for the incident. In its report, the FCC concludes, “For more than two years, Google's Street View cars collected names, addresses, telephone numbers, URLs, passwords, e-mail, text messages, medical records, video and audio files, and other information from Internet users in the United States."

Read more »

16

Managing the Cloud Storage Chaos

Google finally unveiled its Google Drive cloud data storage service this week, and Microsoft made dramatic changes to its SkyDrive service. Now Google and Microsoft join Box, Dropbox, SugarSync, iCloud, Amazon Cloud Drive, Ubuntu One, and others in an increasingly crowded cloud data storage market.

The news from Google and Microsoft has sparked an avalanche of articles and analysis comparing the different services against each other, and pointing out why one is better than another, or where different cloud data storage offerings fall short. Information like that can be helpful for people trying to choose which service to go with, but the fact is that many users will simply choose “all of the above”.

All of these services provide at least a few gigabytes of storage for free. Dropbox provides 2GB, SkyDrive gives you 7GB, and the rest each deliver 5GB of free online storage just for setting up an account. Thanks to referral deals, special incentives, or being grandfathered in to earlier programs with larger allocations of storage, it’s quite possible to combine the various services to get 50GB or even 100GB of storage without spending a penny.

Read more »

3

Why 'Bull Mountain' Makes Ivy Bridge More Secure

Charles Ripley , IDG Creative Lab

Intel pulled back the curtain this week to unveil a lineup of new Ivy Bridge processors. Most of the focus on the Ivy Bridge CPUs is on the faster performance, and more efficient power consumption. But, beneath the surface Intel has incorporated a feature that also makes Ivy Bridge more secure than its predecessors--“Bull Mountain”.

Bull Mountain is the code name for Intel’s new random number generator technology. Why is that important? Random numbers are required for effective encryption, and weak random number generators are the Achilles heel of data security.

Encryption is a crucial element of computer and network security. Data is encrypted to prevent it from being accessed or viewed by unauthorized users. Traffic between a PC and a website is encrypted to ensure sensitive information like passwords or credit card information aren’t intercepted in transit.

Read more »

1

Why Your Internet Might Disappear This Summer

Charles Ripley , IDG Creative Lab

If you take your Internet access for granted, you might wake up one day in July to find that you can no longer connect to the online world. No, the Internet itself isn’t going anywhere. But, systems compromised by DNS Changer will find that their computers no longer know how to reach the Web.

DNS Changer is malware. It originated a number of years ago, and--as the name implies--it changes DNS.

What’s DNS? OK. Let’s take a step back for a brief explanation.

Read more »

3