Monthly Archives: August 2012

Crisis Malware Now Targeting VMs & Phones Too (and micropower TMS plans, more lifehacking, faraday)

The Swiss Army knife of spying malware? We saw this a while back when it was in the news as a wickedly effective, highly-targeted Mac threat. Turns out Crisis targets not just OSX but also Windows, VMWware machines, and Windows Mobile phones: if it finds itself on a Windows machine, it’ll infect any virtual machines […]

Most Common iPhone Passcodes (and lifehacking: faraday cage q, TMS update)

Guy uses free iPhone app to collect (anonymous) data on what 200,000 users chose as PINs to secure their app. The app’s setup & lock screens are identical enough that most people likely used the existing iPhone PIN. I suspect that the data generalizes to just about any four digit PIN. Interestingly, the second most […]

Defend your Email Accounts (and lifehacking, EMG)

We all know about password-reset attacks. They’re far more common than more elaborate things, yet almost as effective against most people. They would likely work to some degree against even you, unless you’ve gotten in the habit of defending against them. (pick questions & answers that for one reason or another couldn’t be found out […]

Totalitarian Surveillance is Here (and lifehacking: massive productivity though TMS)

Creepiest thing I read all day, and not just because it mentions both Facebook and Disney in the same paragraph. Guy goes on a ride, ride takes photo, guy gets handed form to buy photo — and the form has his credit-card info prefilled. Guy never told anyone at the theme park so much as […]

Getting Started with Security Metrics

So I talked about feedback. Here’s some thoughts on implementing one flavor of it in your own security designs. Yes, it’s the aftermarket attach-it-to-the-current-setup kind of feedback, but that means it can be used just about anywhere. The original article was oriented towards people working on organizational IT settings. You all know my advice is […]

Making Security Less Intrusive

Normally we think of e.g PIN code locks as something needed every time you perform a certain step. By using other sources of data, some researchers have proposed requiring things like PIN codes only when there’s a chance the user is no longer the legitimate one. Granted, you lose a little security up front. But– […]

Age Brings Wisdom and More Secure Passwords (and lots of cultural observations)

[9 June 2012] A researcher managed to get access to the hashed passwords of 70 million Yahoo users, and finds, among other things — o) that passwords provide only about 10/20 bits of security against online/offline attacks o) and that users over the age of 55 picked passwords twice as secure as teenagers. The only […]