I attempted to create an account on the Fawcette Technical Publications online (FTPOnline.com) web site to get a link to pass on about a recent editorial in Visual Studio Magazine. It prompted for the usual email address, password twice routine. I used my usual password technique, a scrambling of the site with punctuation and letters. It rejected my attempt with a little message "Password must be between 4 and 10 characters" — okay, mine was eleven or twelve. I slimmed it down to nine, and .. "Password must be between 4 and 10 characters" — now I eliminated all the numbers. Still… "Password must be between 4 and 10 characters" . Finally, I just made it a simple obscenity in all lowercase alphabetic characters. That it took. What kind of security does a site offer when you are limited to alpha-only entry? A simple dictionary attack (limited to 4 to 10 characters, of course) will crack this site. Why don’t they bother to tell you what they require for password? They ought to be embarassed. And why do they do this? Is it harder to store a number than a letter? Does an exclamation take more storage than an alpha? Bozos!
Archive | Security
Security is not a feature; it’s a process. Notes on issues, patches and essays on security.
OTOH, if you have a Mac G5 and run (rare) 64-bit apps, hold off on patching…
OSNews reports Latest OS X Update Breaks 64-bit Support. “The most recent Mac OS X security update from Apple Computer includes a glitch that prevents users from running 64-bit applications on the company’s new Tiger operating system, AppleInsider has confirmed.” 64-bit apps are still rare in the Apple world, limited mainly to console or background tasks, according to the linked AppleInsider article.
Osama fin Ladin: The Fish That Threatened National Security
http://www.post-gazette.com/pg/03362/255283.stm
Here’s fishing you a better year next year! Happy New Years, folks!
Total Information Awareness
The government, lead by once-convicted (later overturned) Admiral Poindexter, has established a “Total Information Awareness” counter-terrorism project. While the goal of protecting our citizens through vigilance is laudable, the reach and potential abuses of the agency are frightening. The Cato Institute warns us here that ” [UPDATE: broken link http://www.cato.org/dailys/12-03-02.html] we shouldn’t always trust the assurances of the Pentagon”. Activists are illustrating the chilling amount of information available already, turning the power of the Internet on [UPDATE: link moved] Admiral Poindexter himself. Similar stories in the [UPDATE: dead link http://www.washtimes.com/commentary/20021212-45129548.htm] Washington Times and [UPDATE: dead link http://www.cnn.com/2002/US/11/20/terror.tracking/index.html] CNN.
MSNBC has a scary report on [UPDATE: dead link http://msnbc.com/news/846795.asp] fake escrow services preying on online auction participants.