Kaotic, Kreation, Design

Everyone has to use them; they protect our privacy so when it comes to something that grants access to things like bank accounts and private files why risk it?

Working in the IT field I can’t tell you how often I see passwords such as “123456” or “Password1” when a good password should never be a sequence of numbers or something based on a word found in the dictionary.

In fact when the application developer RockYou’s login credentials were left exposed because of a SQL injection bug  in RockYou’s website the top 10 passwords  used were listed as the following:

1. 123456
2. 12345
3. 123456789
4. Password
5. iloveyou
6. princess
7. rockyou
8. 1234567
9. 12345678
10. abc123

A good password should be something along the lines of “7ufebuHU” hard to remember? Yes it is but its also hard to guess and not going to be cracked in a dictionary based attack. If you really hate remembering passwords grab some kind of password database application, never settle for storing your passwords in a text or word document. I personally use 1Password (Mac Only) at home because it offers the ability to sync with the 1Password companion app on the iPhone. It also stores my passwords using AES the same encryption algorithm used as the national standard in the United States, 1Password uses 128-bit keys to encrypt your passwords. Which basically means it would take years to decrypt your data using a brute force attack, negate this altogether by changing your master password every few months.

If you don’t want to fork out any cash for a good password database, then check out KeePass which is a free alternative, which also offers encryption. A nice future the KeePass team came up with, if you don’t want to even remember the one password to decrypt your password database is the use of keyfiles, you can toss the keyfile on a flash drive and keep it with you while leaving the password database one your computer, to decrypt the database to retrieve your passwords simply plug in the flash drive and point the KeePass application at the keyfile.

With both of the above applications you can copy the passwords directly to your clipboard to paste in whatever application you need, and both also have the ability to clear your clipboard after a set number of seconds. KeePass even has the ability to automatically clear the clipboard as soon as you paste it.

So now if you’re going to store everything in the password there is no need to keep them simple, both programs offer you the ability to generate random passwords. If you don’t have ether application handy and need to generate a password, you can use a nifty tool up at the PC tools page to generate up to 50 passwords all at once.

The moral of the posts is that by making a little effort at using a secure password makes a big difference at keeping prying eyes out of your private information.

Also as a final note, looks like 1Password has already made plans and released Mockups for the iPad Interface =) I’m looking foward to that release.

written by Brandon Leon \\ tags: Open Source, Passwords, Privacy, security

I knew it was bound to happen eventually. As soon as they announced they were embedding RFID (Radio-frequency identification) Chips in the new passports my first thought was “how long till someone discovers how to scan that?”.

Chris Paget from San Fransisco already figured it out, and built a mobile scanner that sits in the back of his car scanning for the RFID chips in the new passports. Chris hopes by showing he discovered how to do this perhaps future passports will have better security built in.

Most of the comments on YouTube scream out”Fake!” but then again most comments scream this out on all videos, Is Chris’s method full proof? No. but he simply proves its possible.

Passport RFIDs cloned wholesale by $250 eBay auction spree • The Register.

written by Brandon Leon \\ tags: RFID

Still transferring files around on a Flash drive? Why bother with that anymore when you can sign up for Dropbox and get 2GB of online storage for free.

So how does dropbox work exactly? First off its cross platform meaning the software works with Widows, Apple and Linux computers. Simply install the Dropbox client on any machines you would like to sync with. During installation on the first machine you set up you’ll be presented with the option to log into an existing account or create a new account. 

Select the option to create a new account, after setting up the account on the first machine you can select the option to log into an existing account on any additional machines you set up. After setting up the client on a windows machine you’ll see a new folder in your My Documents folder called My Dropbox any file you drop into your Dropbox folder will synchronize and be available on any other computer you’ve installed Dropbox on, as well as from the web. Also, any changes you make to files in your Dropbox will sync to your other computers, instantly.

But that’s not all, Dropbox does not only sync files it also tracks any changes made to the files, Accediently delete that presentation your supposed to give tonight? No problem log into th web interface and undelete the file, or pull up older versions of the file if you need to.

Need to send someone a large file? toss it in the public folder then right click the file and select “Copy public link” you can then paste this URL into your email and any user (even users not running dropbox) can download the file.

Even if you don’t plan on sharing your data with other machines Dropbox has its benefits, Anything placed in the Dropbox directory will be immediately transported over SSL to the Dropbox server, and encrypted using AES-256.

Dropbox is also incredibly fast, say you have a 50MB file and you change one small aspect of that file, the client doesn’t bother updating the entire file, it only transmits the changes of that file to the server and then down to all the machines behind synchronized with the account, thus incredibly speeding up the process.

So head over to the Dropbox site and stop bothering with a flash drive.

written by Brandon Leon \\ tags: Backup, security, Synchronization