Posts Tagged ‘rant’


28.06.2011

When Extra Security isn’t Secure

posted by Karsten

in Uncategorized

Two situations have recently sprawned a certain level of annoyance in my otherwise secure online presence. I devised a fairly secure system 5-6 years ago, where I have an algorithm from which I create my passwords depending on certain features of websites/services that the password is intended for. This has two major benefits, I have about 2600 different kinds of password that I use, and yet I can always remember them.

No need to write it down anywhere, yet being pseudo unique.

But recently certain developments have meant that this is system is broken, and I end up with a less secure system!

Let me explain. The first is a pretty trivial website “Behind Blackboard” which I use on a very irregular basis. Today I needed to use it, and they wanted me to update my login credentials. Part of this included me to know my email and my institute Blackboard number, which luckily I have in an email.

This resulted in an email with a temporary password. First time on the site and this needs to be changed, and this is where the problems arise. It needed to be:

  • Between 8-12 characters
  • Contain an Upper Char and a lower Char, a Number and a “Special Char” (@£$%_&*^ and so on)

Now this is not very important information that needs super security! It is only protecting the help and documentation of Blackboard, an eLearning system, most of which is freely available anyway, and I’ve only needed to log in 3 times, as far as I remember! So I have hard to write it down – D@mn silly, that is what it is! Now it is less secure as anyone who can find the slip can login!

They do provide an “If you have forgotten the password, answer these questions” option, but the questions where stupid, and I had to make up answers for at least two of them. Really, think about it, would I trust Blackboard with information which could grant them access to my bank’s usual security question, NO! So I had to make something up there as well….. I will not be able to remember these either…..

This brings me to my second part of my rant! My bank, HSBC, is changing they security measures to include a digital “random” number generator gizmo, that you need each time you want to login to their site. Is this more secure than before? NO! Now any opportunist will be able to steal a physical object to pose as me, and if they can spook it (either by being clever and hack it, which is possible, or just observe me using the keys) then they can as easily as before log in to my bank account!

The only “benefit” here is that I now need to bring the gizmo around with me and use it to log in. Will I do that? NO! So I will, effectively, not have online banking! This is one of the things that I need, as banks are NEVER open when I need them to be! Therefore I fear, Dear HSBC, that you might loose a customer soon…

Ranting Karsten!!

Share
Tags: ,
23.06.2011

Patents – US really should sort out their mess!

posted by Karsten

in Uncategorized

Just to show the ludicrous patent situation as reported by The Register.

Starting with an attack of 132 patents, Oracle had to cut that to 21 to make to “judgable”. Choosing those that we can assume are the ones they would suspect were most likely to win in court, of these 17 have already been rejected with prior art etc., leaving 4, that are still up for debate in court!

What would happen if they attacked a “small” provider like HTC or similar? They’d cut a deal before even having cut it down to 21 not to mention to 4 – this has happened so many times!!

This is *NOT* promoting innovation, rather the opposite only benefiting the solicitors, and the end users suffer.

I can kind of understand patents if they constitute real investments in innovation, but sorry, more often than not this isn’t the case in US. They are so easy to obtain, and then the legal battles have to sort out the mess, in a situation where the company with most cash usually persists and win, if not the legal battle, then the settlement battle…

Oh, and don’t get me started on software patents!!!

Share
Tags: ,