Archive for the ‘Tips & Tricks’ Category

Adobe PDF security

Friday, May 22nd, 2009

Wow, Adobe rethinks PDF security. Curious why? Because of vulnerabilities in Abobe Reader (and so zero-day exploits), of course. From the article:

According to Finnish security company F-Secure, patching 48.9% of all targeted attacks conducted this year involved a malicious PDF file attached to a legitimate-looking e-mail, a huge change from 2008, when PDFs made up just 28.6% of targeted attacks.

But security model of PDF encryption/protection is not going to change, [un]fortunately. (more…)

Frequently Asked Question: Advanced Office Password RECOVERY or Advanced Office Password BREAKER?

Wednesday, May 20th, 2009

Time is money, difficult to contradict this fact. And another proven fact is that you lose something exactly when something turns out to be absolutely necessary. Once you lost a password to your Word document or presentation that you were going to give in an hour, or Excel report which was supposed to be sent to your manager yesterday… you will count seconds before you get back your files. (more…)

Too much security won’t spoil the router, will it make it better?

Monday, May 18th, 2009

A number of D-link routers are now equipped with captcha feature. Sounds interesting. 

Chief technology officer in D-link says: "We are excited to be the first in the market to implement captcha into our routers, providing yet another layer of security to our customers".

No doubt, captcha is a wonderful spam filter for mails and a reliable obstacle to unauthorized access in the web, but is it as good for routers as for the web? (more…)

Laptop security – myths and mistakes

Wednesday, May 13th, 2009

Today’s businesses are very mobile. Sometimes you don’t even need to have a conventional office, it becomes virtual, it is always with you in your mobile phones, netbooks and laptops. Such mobile mini-offices stuffed with corporate documents and reports, partners’ data, confidencial correspondence, access passwords are in danger of being stolen, both virtually and physically. You can try to protect your laptop using laptop security cable locks but what if it was stolen? Let all your information go into adversary’s hands? Do you _really_ think that your Windows logon password is an impenetrable barrier for the adversary? Have you heard of Elcomsoft System Recovery? You still think your laptop is secure because you have BIOS password and/or partial drive encryption? Read an article by Kevin Beaver ‘Securing corporate data on your laptops’ , take off rose-colored glasses and revise your laptop security as suggested in Kevin’s step-by-step outline. 

 

NIST drafts new enterprise password management (open to publication, distribution and adaptation!)

Wednesday, May 13th, 2009

Probably you’ve already heard about this vicious circle thousand times:

Requiring that passwords be long and complex makes it less likely that attackers will guess or crack them, but it also makes the passwords harder for users to remember, and thus more likely to be stored insecurely. This increases the likelihood that users will store their passwords insecurely and expose them to attackers.

So, how to work out an appropriate password policy? Need help? Find some tips in NIST (The National Institute of Standards and Technology) study, GUIDE TO ENTERPRISE PASSWORD MANAGEMENT (DRAFT), which “has been prepared for use by Federal agencies”, but also “may be used by nongovernmental organizations on a voluntary basis”.

Here are some nuggets from the paper: 

• Organizations should review their password policies periodically, particularly as major technology changes occur (e.g., new operating system) that may affect password management.

Users should be made aware of threats against their knowledge and behavior, such as phishing attacks, keystroke loggers, and shoulder surfing, and how they should respond when they suspect an attack may be occurring.

• Organizations should consider having different policies for password expiration for different types of systems, operating systems, and applications, to reflect their varying security needs and usability requirements.

Do you have something to add? So, review and revise it freely – the paper is not subject to copyright. ;) 

 

Green password policy? No re-use!

Sunday, May 10th, 2009

Do you still reuse passwords? The recent study from University of California shows again that such a bad habit continues to exist. The worst thing about reusing passwords is that it doesn’t require being a technically skilled hacker to guess your password for this or that document.  

NVIDIA about Intel

Tuesday, April 28th, 2009

Considering Intel Core i7? Read Nvidia Says Core i7 Isn’t Worth It and nVidia calls Core i7 a waste of money first. We’d agree that investing into GPU(s) is really a good idea, especially if you need to crack passwords.

How to grow your graphics card effectiveness

Friday, April 17th, 2009

Water cooling, liquid nitrogen, and dry ice  – which gets the most of your  ATI Radeon HD 4890 graphics card? Learn it  from Zac O’Vadka today’s post

Smart Password Mutations Explained

Wednesday, April 15th, 2009

Strong passwords are mutated passwords. Everyone who publishes recommendations on creating secure password says that you have to use both upper- and lower-case letters and inject some tricky special characters. Such recommendations may result in p@$$words and pAsswOrds, and p_a_s_s_w_o_r_d_s. The fact is that modern password recovery software uses dictionary attack to get one’s password back. Dictionary attack means searching lists of dictionary words and common phrases that can be found on the Internet or delivered with the software. It is easy to grab that dictionary words and word phrases make bad passwords, but one has to understand that adding special characters to these words and phrases does’t do them any good. Such password can be easily cracked when smart mutations option is on. 

We give you a tip on word mutations implemented by modern password cracking tools, so that you can create really strong passwords for your files and accounts.

Surveillance Self-Defense Project fills the gaps in your security policy

Monday, April 13th, 2009

Michael Kassner placed an article about Surveillance Self-Defense in the TechRepublic, where he gives brief outline of the SSD website. Though some can endlessly brood over the grounds for the project foundation, for me one is clear that this site can be very much helpful to put all principal computer security guidelines together and close the gaps in your own security.
(more…)