Archive for June 8th, 2009

Did You Change Your Password on a Happy ‘Change Your Password Day’?

Monday, June 8th, 2009

 

Password management has got government support and the status of the national initiative in Australia. The National E-security Awareness Week is held from 5-12 June this year. A series of events and workshops take place across Australia to raise awareness of e-security risks.

In the interview to ABC radio, Australian Communications Minister Stephen Conroy urged to use stronger passwords and update them regularly. He recommended passwords that are 8 or more characters long, including lower- and upper-case characters, one digit and one special symbol. Passwords should be updated at least twice a year.

We welcome the Australian initiative to raise awareness of secure passwords. In the recent years we at ElcomSoft have been trying to draw attention to the fact that both individuals and businesses have to rethink passwords they use. Password recovery techniques have developed much thanks to growing potential of parallel computations and supporting architectures, cheaper graphic adaptors’ prices and constant cryptographic research.

We recommend changing your password every 3 months. Do not forget that for applications with 40-bit encryption (e.g.MS Office 97/2000) 8-character passwords are not enough. Never use any personal data or dictionary words for your password. Read our white papers to learn more about password strength.

 

Dark Tangent called for help in strengthening homeland security

Monday, June 8th, 2009

He started from hacking for fun (cracking phone systems), then he founded DefCon and Black Hat hacker conferences (btw, we had a chance to visit DefCon9 in 2001) and now Jeff Moss is chosen to take care of US cyber security affairs. No doubt, Jeff Moss has the guts to resist cyber terrorism and protect national interests. Good luck, Jeff!

Home and Corporate Wireless Security

Monday, June 8th, 2009

Securing home Wi-Fi remains uncertain when it comes to law. Some urge users are not liable when they use default security settings and it is manufacturer who is guilty when/if wireless network was ‘successfully’ abused. Others put whole responsibility on users. This is practically a question to law and usually its resolution depends on lawyers’ skills to gather and manipulate the details. Your security encompasses not only security against the law when you happen to fall a victim to an intruder, but also protection against that very intruder. In the long run, it’s up to you whether to endeavor to prove your innocence or take measures to build a reliable fence.

If we turn to corporate wireless security, this fence is a must, as it is public data and corporate confidential information that are at risk. Unfortunately, AirTight study shows that 57% of surveyed companies from 6 US districts and London still have to sort out their priorities in terms of data security. In my opinion, if protecting home wireless network can be a dark horse requiring scrupulous examination, nonexistence of corporate wireless security should have relevant decision in court.

Surely, I couldn’t leave this message without mentioning our newest product for Wireless Security Audit, so if you care and use passwords for Wi-Fi protection, use this tool regularly not to allow strangers to poke their nose into your network.