SC World Congress Sound Bites

A Much delayed post, but I never got around to fitting it in while out of town. I attended last year’s SC Wold Congress in New York at the Sheraton. I look back on it now and it was influential in my search for new employment for companies on the leading edge of security.

I wanted to post up a few sound bites, I picked up from the congress… Note that these are now 9 months old:

In October 2009:
“If Facebook were a country it would be the 4th largest in the world”

“Ashton Kusher has more twitter followers than the entire population of Ireland”

“80% of companies today use social media in their recruiting process”

From the CSO of AT&T Stephen Hutnik, “70% of their bandwidth traffic is malicious or junk”

“AT&T is working on ‘Black Cloud’ services for intercepting and stopping DDoS attacks on their network, before they get to their intended targets”.

That last part concerns me as it involves the ISPs to get smart about the routes and type of traffic they are sending – which means they’ll have to scan it first to determine it’s nature and destination. Who’s to say what’s negative or positive, appropriate or indecent, private or public – privacy rights should be watched closely with what ever AT&T, Time Warner, Verizon or any other service provider decides what to do with traffic running over it’s networks.

Passwords – Have you Changed yours lately?



By ASHLEE VANCE
Published: January 20, 2010

Back at the dawn of the Web, the most popular account password was “12345.”

Today, it’s one digit longer but hardly safer: “123456.”

Despite all the reports of Internet security breaches over the years, including the recent attacks on Google’s e-mail service, many people have reacted to the break-ins with a shrug.

According to a new analysis, one out of five Web users still decides to leave the digital equivalent of a key under the doormat: they choose a simple, easily guessed password like “abc123,” “iloveyou” or even “password” to protect their data.

“I guess it’s just a genetic flaw in humans,” said Amichai Shulman, the chief technology officer at Imperva, which makes software for blocking hackers. “We’ve been following the same patterns since the 1990s.”

Mr. Shulman and his company examined a list of 32 million passwords that an unknown hacker stole last month from RockYou, a company that makes software for users of social networking sites like Facebook and MySpace. The list was briefly posted on the Web, and hackers and security researchers downloaded it. (RockYou, which had already been widely criticized for lax privacy practices, has advised its customers to change their passwords, as the hacker gained information about their e-mail accounts as well.)

The trove provided an unusually detailed window into computer users’ password habits. Typically, only government agencies like the F.B.I. or the National Security Agency have had access to such a large password list.

“This was the mother lode,” said Matt Weir, a doctoral candidate in the e-crimes and investigation technology lab at Florida State University, where researchers are also examining the data.

Imperva found that nearly 1 percent of the 32 million people it studied had used “123456” as a password. The second-most-popular password was “12345.” Others in the top 20 included “qwerty,” “abc123” and “princess.”

More disturbing, said Mr. Shulman, was that about 20 percent of people on the RockYou list picked from the same, relatively small pool of 5,000 passwords.

That suggests that hackers could easily break into many accounts just by trying the most common passwords. Because of the prevalence of fast computers and speedy networks, hackers can fire off thousands of password guesses per minute.

“We tend to think of password guessing as a very time-consuming attack in which I take each account and try a large number of name-and-password combinations,” Mr. Shulman said. “The reality is that you can be very effective by choosing a small number of common passwords.”

Some Web sites try to thwart the attackers by freezing an account for a certain period of time if too many incorrect passwords are typed. But experts say that the hackers simply learn to trick the system, by making guesses at an acceptable rate, for instance.

To improve security, some Web sites are forcing users to mix letters, numbers and even symbols in their passwords. Others, like Twitter, prevent people from picking common passwords.

Still, researchers say, social networking and entertainment Web sites often try to make life simpler for their users and are reluctant to put too many controls in place.

Even commercial sites like eBay must weigh the consequences of freezing accounts, since a hacker could, say, try to win an auction by freezing the accounts of other bidders.

Overusing simple passwords is not a new phenomenon. A similar survey examined computer passwords used in the mid-1990s and found that the most popular ones at that time were “12345,” “abc123” and “password.”

Why do so many people continue to choose easy-to-guess passwords, despite so many warnings about the risks?

Security experts suggest that we are simply overwhelmed by the sheer number of things we have to remember in this digital age.

“Nowadays, we have to keep probably 10 times as many passwords in our head as we did 10 years ago,” said Jeff Moss, who founded a popular hacking conference and is now on the Homeland Security Advisory Council. “Voice mail passwords, A.T.M. PINs and Internet passwords — it’s so hard to keep track of.”

In the idealized world championed by security specialists, people would have different passwords for every Web site they visit and store them in their head or, if absolutely necessary, on a piece of paper.

But bowing to the reality of our overcrowded brains, the experts suggest that everyone choose at least two different passwords — a complex one for Web sites were security is vital, such as banks and e-mail, and a simpler one for places where the stakes are lower, such as social networking and entertainment sites.

Mr. Moss relies on passwords at least 12 characters long, figuring that those make him a more difficult target than the millions of people who choose five- and six-character passwords.

“It’s like the joke where the hikers run into a bear in the forest, and the hiker that survives is the one who outruns his buddy,” Mr. Moss said. “You just want to run that bit faster.”

http://lifehacker.com/5445101/your-passwords-arent-as-secure-as-you-think-heres-how-to-fix-that?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+lifehacker/full+(Lifehacker)&utm_content=Google+Reader

Apple now full of Air?

Apple released this week their latest innovation – the MacBook Air.

A steller new laptop at only 3 lbs and fits in an envelop (according to the commercial). We’ve seen small thin laptops before from Sony, Sharp etc. but the innovation here is the attention to wireless connectivity for everything you do. Connecting to computers, drives, internet etc. Everything is wireless. Many will come out and say it’s full of flaws here and there, but there certainly is a market, from the gadget gear heads to the apple enthusiasts.

With the intention of being light, the focus may not be for travelers. The greatest feature is the full keyboard, but unlike most travel laptops, the Air also has a full screen, which great for the hanging at Irving, won’t help you on the cramped airline seats.

One of the most unique features in the sense that it’s missing is there’s no optical drive. No way to add music, programs via CD or watch movies. However there is a add on MacBook Air SuperDrive for $100 more which connects wirelessly. Again though, for those on flights the batter limitation maybe a problem.

Which to me it the worst mistake Apple continues to make. No replaceable battery. There needs to be an option to carry a spare or remove your information cleanly if you need to take it into the genius center for replacement.

Want to use Ethernet when there’s no wireless? There’s a USB to Cat5 converter

Want to use the laptop on a long flight? get a MagSafe Airline Adapter.

Want to print? buy a wireless print server, or printer to connect to.

Want to back up your data before shipping the unit back to replace the battery? You probably already own Time Capsule.

It’s very sweet but very proprietary and expensive ($1800/$3100). Obviously there’s a smaller market for this laptop than the casual computer user or the multi-device hound.

Apple has consistently shaken up the market place with not just their attention to tech innovation but to the consumer drive to own something both functional and stylish. They did it with the iPod, even though it’s not the best or most stable MP3 device. They are doing it with the iPhone even though it’s not the best or first touch mobile device and they’ll do it with this computer all because it comes down to ease of use, function and style.

Wake up, everything is going wireless and computer software is moving to the “cloud” – meaning, there will be no more drives, no more CDs, no more DVDs,… it will all eventually be on the net. IBM, Google are doing it and now Apple is contributing to that vision by creating hardware inline with that vision.
Google Gets Ready to Rumble With Microsoft [NY Times]

As Tom Cruise would say “Man you’re either in or your out, we have no time for spectators”