Top

Help Support my Blog!

Virgin Mobile USA
Glasses USA
Amazon
Newegg
VPN4ALL
Netflix
Hulu
CafePress

 

Subscribe to Paul’s Tech Talk Affiliate Marketing Blog

Subscribe to Paul’s Tech Talk Science Fiction Blog

Subscribe to Paul’s Tech Talk Scams Blog

  • Acer 11.6
    Acer 11.6" Laptop 2GB 16GB | C710-2856
    Acer

    Currently  in process review this Acer Chrome book and boy is it nice!

Blog Index

Subscribe to our mailing list

* indicates required
Email Format

View previous campaigns.

Powered by MailChimp

Follow Us

Navigation
Sponsors

Entries in passwords (7)

Wednesday
May012013

How password security will change in 10 years!

Author: AuthorPaul Sylvester | Date: DateWednesday, May 1, 2013 at 4:04PM |

Passwords are going out the Window!

We’ve seen in the past where people have used such words as ninja, jesus, 12345678, and password!  I’ve talked about Lastpass in the past and I really believe they are the best possible combination of the two. With the recent questions of Password Length and Password Strength, I have come to the conclusion that in the coming years.   People will be doing a 3 factor authentication and having the passwords as a back up.   It really would be nice to have two ways to authenticate and not have to put in a password.

3 factor authentication!

I know your Password! Click image to see!Three factor authentication is a simple concept.   Since we have a password we can simply use two other ways to authenticate for example a cell phone and maybe a Yubi Key.  The password will be the backup for one or the other.  If you lost your phone and still would need to authenticate you password would be one you can use in an emergency. Thus it really becomes a 2 factor authentication but since we could use all three to authenticate it would make it that much harder for a hacker to brute force an attack and get your sensitive data.

2 factor authentication!

Although most people don’t think of this but having a limited number of possible access to the important data can make it just that much harder and maybe get the hacker to go somewhere else.   What about social networks?  Do we really need that for social?  I am thinking maybe and it just depends on how you login in the first place.   I would love most of them to to maybe let me authenticate with Google and come back to them but that leaves a large hole.   It just depends on how valuable your social status is and what the possible outcome of someone getting a hold of that social network.  

Elite passwords!

Some would call it “leet” speak,  and I’ve heard people say this is something we should do in reguards to making a password.   I tell you know, we already have a 2,000 most common passwords and I am betting it has some really good leet passwords already.  So what makes a hacker no try those to hack your account.   I would think these would be tried after the primary just because this would also be the easiest way to gain access to an account.

In Ten years!

I am pretty confident in ten years we will see something like this happen and we will no longer be depending on a system that was developed in the late 1990’s.   We have to be ready for change and keep it.  I just hope it happens sooner rather than later and that most companies should jump aboard and help us get this implemented.   I don’t know how hard this will be but it will be nice to not have to worry about a password anymore with my bank or other financial institution. 

Paul Sylvester

VPN4ALL best privacy&encryption
Comments Off | in , , , , , | tagged , , ,
Friday
Feb272009

Rogue Fake Codecs on the Rise

Author: AuthorPaul Sylvester | Date: DateFriday, February 27, 2009 at 8:29AM |
Panda Labs has been talking about Adware/VideoPlay and they are seeing a lot of variants on this.   They even play a game, find the difference in the installation screen:



Now as you can see this look to be the same agreement in all those difference installation.  Some things to consider Never install any software from a website that you don't know Nothing about about.

Panda Labs also talks about these new variants in regards to what they do:

This file spreads by making copies of itself in the removable drives and it also creates an autorun.inf in order to be run when they are accessed. This file collects the data stored in the browsers, such as cookies, passwords, profiles, email accounts, etc, and connects to a remote address to send the information.
[Via Panda Labs Blog]

[ad#ad2-right]As you can see this makes you have very little security with your system.  I talk about Identity theft, and why you should always worry about your identity.   This however will make your passwords less secure and maybe even compromise you system to the point of having a data breach.   You need to be careful when you come by this, some fake codecs have been know to be scareware.  In which, the fake codecs installs a Trojan to tell you have a virus and try to make you buy a fake program to get rid of the Virus.  In one of my recent posts about Codecs and Facebook, I talked about the K-Lite Mega Codec Pack and how that will prevent you from installing these sociable links from friends and family.  The nice thing about this pack is it install all the really good codecs that you might come across on the web.  If you have this installed and there's a website that says you need a special codec, you'd know that it is either a fake codec or the author who made the video doesn't standardize.   In which case you will be more willing to leave that site without installing that codec.

If you follow these steps and also consider installing an Anti-virus and Firewall, you will be in a much better shape then when you first started out. Remember only you can prevent from getting a virus. You should also consider doing the registry edit that will prevent Autorun. As you can tell these new variants also are spread through USB and other removable media. This is the other way these programs are using to infect other systems.
VPN4ALL best privacy&encryption
CommentPost a Comment | in , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
Wednesday
Jan142009

Admins are shaking in there boots due to the Ms 09-001 Patch

Author: AuthorPaul Sylvester | Date: DateWednesday, January 14, 2009 at 1:02PM |
I have to talk about this because this is a big deal.   According to Techworld and I'll quote:

"This one scares me - a lot," says Eric Schultze, CTO of Shavlik Technologies. "It is a lot like Blaster and Sasser. It is the same exploit vector. If I am an attacker and I can touch NetBios then I can execute code with no credentials."

[via Techworld]

[ad]Now This is due to the fact of what is happening with an update that came a few months ago the MS 08 - 067 that still people haven't patched their systems.  According to F-secure the Downadup/Conflicker has grown overnight by a million computers being infected.

Now why are they scared of the recent patch (MS 09-001), because of so many vectors of infection, you don't need any credentials.  The virus  does not  need to know any passwords or user names to gain access.  Just like the Downadup variant that is hitting the internet right now, this virus tries to access accounts by guessing weak passwords or even putting itself on flash drives or other mobile media to get other systems infected.

So why are admins scared over this new patch?


Most  companies don't patch there system as quickly as Microsoft would like them to.   You see most companies have quite a few computers depending on the size of the company it could be quite a lot.  So many in fact that it would have several IT personal just to keep the system going.
[ad]

So why don't they just put the new patches on the systems?


Depending on the size of the company and what they do has a lot to do with them updating there systems.  Some use really special programs or have a network going that is vital.  Even the smallest update to the system could bring the network or the program down.  Most companies liketo test it out on test machine for a while to make sure that the patch doesn't  prevent the business from doing business.   Here are a few articles that prove why companies do not want to just install patches automatically:

Some companies are using older systems like Windows ME or some older Windows Operating systesm.   Although there isn't anything we can do about those because Microsoft has stopped supporting them with updates and all.  I know we are all thinking thesame question?

Is there a way to fix the problem with Windows Updates?


I personally don't have an answer but I am sure hackers will find ways to exploit codes so they can get on your system so way.  I've recently read a story about Adware Author and now I understand even more about why people do all of this.

This is one of the questions every admin has to ask themselves?  How do we update all of the systems we are responsible for?  There are no easy answers to this.
VPN4ALL best privacy&encryption
CommentPost a Comment | in , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
Sunday
Jan042009

Old phish becomes new again

Author: AuthorPaul Sylvester | Date: DateSunday, January 4, 2009 at 12:46PM |
According to some reports, this phishing has started up again and is now changed a little web address and when you go to the site it looks like:
Twitter Phish spam

[ad#ad2-right]If you sign into this website with your twitter account information, it sends out a Direct message with these links in them rosalierebyb.blogspot.com redirects to http://twittyblog.access-logins.com/login and the only way you can fix this is to CHANGE YOUR PASSWORD.

I'd also suggest getting a password manager so if you use just one password for all accounts you will easily be able to change them and make the passwords much harder to hack. You do not want your passwords stolen do yo? I suggest Roboform it works really well with password management.
VPN4ALL best privacy&encryption
CommentPost a Comment | in , , , , , , , ,
Friday
Jan022009

Reviewing Roboform: Great Password Manager

Author: AuthorPaul Sylvester | Date: DateFriday, January 2, 2009 at 9:33PM |
I've had Roboform for the last few months checking it out working with it seeing what is the pro's and cons of it. Here's what I've found out.

Limited number of passwords for non-license (Limited to 10 passcards - login information and password) -- This doesn't surprise me in fact once I'd started using it I had to buy it. You see I've got so many places I like to visit and so many logins it isn't easy to track them all. This helps me login to each and everyone of them very easily. Although if you only have a limited amount of sites the free version will work well for those people too.


Defeats Key loggers -- This is good for those who have family members who use the same computer just in case someone installs a virus that tries to steal your sensitive information. Can be put on a portable thumb drive with use to a library or open platforms. This also will prevent key loggers from getting your login information.

Generates strong passwords -- This is a must in my field, I'm so tired of having to come up with a password. Now this is generated on the fly. Click a button and you have a password generated. Tried this out on several sites that would tell you how strong it is and all of the said excellent.

Works with Firefox, Internet explorer, and MSN/AOL -- Now being that I don't have a MSN or Aol I do not know this I have however tried this on Internet explorer and Firefox very easily. It works well with Vista no major problems. I have tried it with Google Chrome and it seems not work at all with it. I do not know if they will start supporting it and only time will tell!!

Backing up your passwords -- it is really easy to back up your passwords database on Roboform. Just copy and paste and your done. No needing to find a hidden Directory, Roboform Database for Vista is in the My Documents folder under "My Roboform Data" Folder. All you need to do is copy that to a USB key and no worries Roboform automatically encrypts the passwords so without the Master password you can't use them.

No need to remember Passwords -- Yes that is right you no longer have to worry about remembering your passwords all you have to do is click a button and Roboform fills the required input forms. It can be annoying if you use the free version because you only can save 10 passwords then the rest you will have to remember.

Easily speed through login screens -- This is the best part of Roboform because no more having to type in the site you need to go to login. Roboform does that for you without any problems. You just pick where you want to go and Roboform takes you through and fills the information in before you know it. I absolutely love this feature because You don't have to type in the place you want to go it will automatically take you there.

Roboform has several version -- Roboform can be made portable and also be put on PDA's (Personal Digital Assistant) or a Mobile Phone(Windows Mobile, Palm, Symbian, or Blackberry). This is great for those who need to have your passwords on more than one type of device. Keeps it safe like big brother still need a master password to get to it. It also makes it just as easy to surf to the important websites with ease.

Download Roboform:



To Buy Roboform:



I strongly recommend this to anyone who has problems remembering passwords or want to upgrade there passwords to the next level.  This will ultimately protect you far better than trying to remember all your passwords.   This however is a personal and this will not protect you 100% but will get far closer to the 100% than just doing it alone.  Remember only you can protect your sensitive data and nothing else can stop password stealing 100% of a time.
VPN4ALL best privacy&encryption
Comment6 Comments | in , , , , , , , , , , , , , , , , , , , , , , ,
Friday
Jan022009

Are you worried about your identity?

Author: AuthorPaul Sylvester | Date: DateFriday, January 2, 2009 at 4:04PM |
So after the fiasco of the other day, I decided I will talk about security and why you should worry about new websites that you have never heard of.   People are not worrying about there identity and keeping there identity safe.   You see whenever someone signs up to a service without thinking about their password being stored or even used maliciously.   You see when most people don't use more than one or two passwords for all there accounts and then you use the same password with a new website.  Are you asking for your identity to be stolen?  In one of my previous blog posts I talked about not having any privacy on the internet.

So How can you protect your privacy?


When ever I come across a site that I don't know about and I want to protect my account from being compromised I find out what I can from several places:

  1. [ad#ad2-right]Google -- Yes this is quite common to use to find out about what people are saying asking the keywords like is it a scam or what people are saying about the site?  This can be very useful to make sure I don't get scammed by a company for instants the Nationwide marketing scam.  Although this is really important when you get things that sound questionable.  This can be very useful with regards to keep your wallet safe.

  2. Whois Network -- If there is a site you've not heard about and have a question about it you can always do a whois lookup.   This is a great resource for finding out how long the site has been up and who owns it?  The problem with this is most people who have a website aren't worried about security and privacy.   So you make sure this site isn't a phish site or to make sure the site isn't being used improperly.

  3. Sitetiki --  a good site to do some research.   It's a wiki like Wikipedia but for websites and if they are good or bad.  It also has a spammer list for people to watch and make sure not to go to.  These sites are usually redirect spam sites uses for email.


What about Personal privacy?


With this I also want to talk about security online to prevent people from gaining access to your accounts online by guessing the password.  Some sites also like to phish for your account information and use the information gained to take control over your account so here are some useful links to help protect your account information:

  • [ad#cricket-right-ez]Roboform -- This is good for generating a really good random password and remembering it.  This will keep people from guessing the password and also make it easy to come up with another good password.  This will also fill out the required site forms that usually use to sign into website.

  • A good VPN Service --  If your like me and you have to use free wifi from time to time and want to make sure you have privacy on the net.  This is good for security on any open wifi network and you don't want to have anyone watch you while your browse online.  In case someone is interested what VPN's are used for here is the link to let people understand it better.

  • Perfect Paper Passwords -- This is coming from Security now Episode 115 and he talks about this to better help people make the best possible passwords.  Listen to it and it will help you understand more about security.


These are just a few ways to prevent people from gaining access to an account.   After doing some research on this and thinking about this in bigger detail.   I would like to make a public apologies about the fiasco yesterday and what happened.  In all truthfulness everything didn't seem right with the doings of the going on with website.   I also was worried about the twitter spam it was sending out as you started the service.   I didn't know until later that it was a real person trying to make a product twitter users could really use.   I have learned from my experience and I will work harder next time and not be so quick to act next time.   If I was the company that bought that site, I'd also offer a job to both of them for being intuitiveness on coming up with a really good product.
VPN4ALL best privacy&encryption
CommentPost a Comment | in , , , , , , , , , , , , , , , , ,
Thursday
Dec112008

Crafty little Trojan:W32/DNSChanger.ARNF

Author: AuthorPaul Sylvester | Date: DateThursday, December 11, 2008 at 2:34AM |
Saw this post and couldn't resist talking about it.   This was talked about on F-secure.    It looks like they use a program call "Homeview Installer" and after you install it you get the Trojan:W32/DNSChanger.ARNF.   So how do you get that off your system?  Before we talk about that, let's talk about what it does.  According to F-secure:

[ad#ad2-right]



This malware is dropped onto the system by Trojan-Dropper:W32/Agent.FLN. It is used to change the DNS settings on a system so that information such as passwords and credit card details can be retrieved.



[Via F-secure]



What you need to do to get rid of this of this Trojan is to scan your system.   You will also need to understand that this is a really good Trojan, it sees to modify your DNS and also your Registry.   Once you located and destroyed it you will then want to remove all your restore points.  After that you will want to check my other resources to better protect yourself.   You are the only one to prevent a virus from getting on your system.   If you like this one check out my other post as well.
VPN4ALL best privacy&encryption
CommentPost a Comment | in , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,