Archive for June, 2009

Officers of Indian Customs To Be Punished For Password Breach

Wednesday, June 3rd, 2009

The Central Board of Excise and Customs of India claimed that compromised passwords are the biggest threat to system security. Despite elaborate instructions on passwords, which all employees are supposed to follow, “instances of password compromise continue to recur with unfailing regularity”, an unnamed official says.

Sharing of passwords was identified as one of the main reasons of unauthorized access and information leakage. According to CBEC representative, officers who share their passwords with others should “be regarded as being in collusion in the fraud that results”. To prevent insecure use of passwords CBEC plans to introduce a set of measures, including disciplinary action and even dismissal from the Government service.   

Penalty threat may not be the most effective solution. In case of password breach, complex countermeasures are required, and regular password audit is a significant part of it. If it is required that users change their passwords every 30 days, then system administrators have to perform password audits with the same regularity. There is a lot of both free and commercial auditing tools that allow to check password security.

Source: Business Line

Nvidia Unveils 1U Server With 2 Tesla GPUs On Board

Wednesday, June 3rd, 2009

The summer has begun, and as usual at this time of the year big companies present the results of hard work to the public. With Microsoft’s Bing and Google Wave flooding the news, you might have overlooked the joint release of NVIDIA and Supermicro. At Computex 2009 in Taipei, Taiwan, Nvidia and Supermicro announced

a new class of server that combines massively parallel NVIDIA® Tesla™ GPUs with multi-core CPUs in a single 1U rack-mount server.

According to the news text, the performance will increase 12 times compared to a traditional quad-core CPU-based 1U server. The new 1-unit solution combines 2 NVIDIA Tesla 1060 GPU cards with Dual Quad/Dual-Core Intel® Xeon® processors 5500 series, so you do not have to configure your machine as in case with Nvidia S1070 featuring four Tesla GPUs. The new server is based on Nvidia CUDA™ architecture.

It should be a very powerful solution and an expensive one too. However, we do not expect password recovery to benefit much from it. As we’ve mentioned many times before, password recovery is barely cost-effective when expensive hardware is involved in the process.

Read the press release

More reasons to hack your PC

Tuesday, June 2nd, 2009

Want to get an overall picture of all potential threats to your unprotected pc and how it can be used when hacked? Have a look at the vivid graph drafted by Brian Krebs. It’s not only credit cards and passwords… Hey, Brian says this monstrous list not complete, I wonder if you have something to add? 

Eurocrypt 2009 Highlights

Tuesday, June 2nd, 2009

About a month ago annual Eurocrypt conference took place in Cologne, Germany. This is rather academic event (as most if not all events held by IACR) so it is not always easy to read its proceedings filled with formulas and theorems. Nonetheless there are usually couple of very interesting works presented at each such event. Let me tell you a little bit about this year’s highlights.

(more…)

Using Passwords Online

Monday, June 1st, 2009

 Today’s technologies allow staying online practically 24 hrs a day, periodically falling into a sleeping mode. The Internet became easily accessible and numerous devices can connect us to the web from everywhere, and every time when we surf the web we are being registered, at least via IP address of our devices. 

I bet it was more than once that you had to fill out a sort of name-company-position-email-telephone-whatever form when registering or subscribing to something. Do you think about preserving privacy of your information when leaving such data on someone’s website? (more…)