Posts Tagged ‘security’


28.06.2011

When Extra Security isn’t Secure

posted by Karsten

in Uncategorized

Two situations have recently sprawned a certain level of annoyance in my otherwise secure online presence. I devised a fairly secure system 5-6 years ago, where I have an algorithm from which I create my passwords depending on certain features of websites/services that the password is intended for. This has two major benefits, I have about 2600 different kinds of password that I use, and yet I can always remember them.

No need to write it down anywhere, yet being pseudo unique.

But recently certain developments have meant that this is system is broken, and I end up with a less secure system!

Let me explain. The first is a pretty trivial website “Behind Blackboard” which I use on a very irregular basis. Today I needed to use it, and they wanted me to update my login credentials. Part of this included me to know my email and my institute Blackboard number, which luckily I have in an email.

This resulted in an email with a temporary password. First time on the site and this needs to be changed, and this is where the problems arise. It needed to be:

  • Between 8-12 characters
  • Contain an Upper Char and a lower Char, a Number and a “Special Char” (@£$%_&*^ and so on)

Now this is not very important information that needs super security! It is only protecting the help and documentation of Blackboard, an eLearning system, most of which is freely available anyway, and I’ve only needed to log in 3 times, as far as I remember! So I have hard to write it down – D@mn silly, that is what it is! Now it is less secure as anyone who can find the slip can login!

They do provide an “If you have forgotten the password, answer these questions” option, but the questions where stupid, and I had to make up answers for at least two of them. Really, think about it, would I trust Blackboard with information which could grant them access to my bank’s usual security question, NO! So I had to make something up there as well….. I will not be able to remember these either…..

This brings me to my second part of my rant! My bank, HSBC, is changing they security measures to include a digital “random” number generator gizmo, that you need each time you want to login to their site. Is this more secure than before? NO! Now any opportunist will be able to steal a physical object to pose as me, and if they can spook it (either by being clever and hack it, which is possible, or just observe me using the keys) then they can as easily as before log in to my bank account!

The only “benefit” here is that I now need to bring the gizmo around with me and use it to log in. Will I do that? NO! So I will, effectively, not have online banking! This is one of the things that I need, as banks are NEVER open when I need them to be! Therefore I fear, Dear HSBC, that you might loose a customer soon…

Ranting Karsten!!

Share
Tags: ,
02.02.2007

Vista exploit

posted by Karsten

in RedGloo

This is one of the funniest exploits I've heard of http://www.microsoft-watch.com/content/security/vista_please_dont_list

So with the new voice command feature in Vista it is possible to "take" over just by having access to the speakers… Skype is truely a killer-app for the crackers!

Share