Comments for Defending The Kingdom

Comment on Password length: go longer? by Password length: are you sure 8 is enough? | Defending The Kingdom: Security and Privacy in Your Digital Life

Fri, 03 Feb 2012 21:59:21 +0000

[...] (typeof(addthis_share) == "undefined"){ addthis_share = [];}Commenter dearjym notes that, in some instances, crooks may be trying to crack your passwords at a rate of hundreds [...]

Comment on Password length: go longer? by Ian Saxon

Ian Saxon — Fri, 03 Feb 2012 21:08:28 +0000

Good comment. I think I’ll address it in a post.

Comment on Password length: go longer? by dearjym

dearjym — Thu, 02 Feb 2012 15:37:20 +0000

Sorry English is not my first language. I meant to say, several 100,000 possibilities can be tried per second.

Comment on Password length: go longer? by dearjym

dearjym — Thu, 02 Feb 2012 15:35:19 +0000

8 is NOT enough. And you should know that several 100 thousand possibilities per second. YES PER SECOND. 11-14 digits is a minimum. Digits, capital letters, and special chrs are not as necessary as password length. There’s no point in having a password you can’t remember. Once your password reached 14 digits, it really doesn’t matter what you use. For ex. xraypleasetaco (xray + please + taco). It’s just 3 random words, but gives you a 14 digit password. It is infinitely stronger than j&S@!.aGHq% which is 11 digits. Every digit you add to a password increases it’s possibilities by an exponent of 2- IOW, it doubles. And furthermore, typing in 3 words is easy to remember, and fast to enter. If you wanted to add more complexity, the sure, add other chrs, but again, we are looking for something easy to remember, but hard to guess. If the first four letters of your password is ‘xray’ it would remain unknown to anyone trying to crack it, even if they got the first 4 digits right, they’d never know until they actually guessed the entire password. Don’t be afraid of real world words, dictionary words. As long as you are using at least 3-4 RANDOM words, it’s secure. We are trained to create these crazy passwords that are impossible to remember, yet their length is so short (4-8 digits) that it’s crackable. Instead of hard to remember and easy to crack…Go for easy to remember and hard to crack.

Comment on BlackBerry security and VPNs by ras

ras — Thu, 12 Jan 2012 12:10:38 +0000

Blackberry does not support VPN. I used http://www.sunvpn.com on my old Android device and it worked OK. No VPN on the BB kind of sucks..

Comment on How to make great passwords by The backdoor problem | Defending The Kingdom: Security and Privacy in Your Digital Life

Thu, 22 Dec 2011 06:52:37 +0000

[...] the possibility that you forget the master password that unlocks the database. If you’ve used this method, that should never happen. But sometimes bad things do happen, and you should plan for that. [...]

Comment on Password Safe Version 3.2 by The backdoor problem | Defending The Kingdom: Security and Privacy in Your Digital Life

Thu, 22 Dec 2011 06:50:27 +0000

[...] You should keep that in mind when creating answers to security questions. Instead of providing the actual answers, I recommend creating real passwords as answers to these (i.e., your mother’s maiden name could be entered as “d9IgzUe33s”), then keeping track of these additional passwords in a program built for the job (I’ve discussed such programs before). [...]

Comment on Security is not a switch by Password length: go longer? | Defending The Kingdom: Security and Privacy in Your Digital Life

Thu, 03 Nov 2011 16:39:58 +0000

[...] blog has always taken the pragmatic route to security, recognizing that there will always be a tradeoff between security and time and money. In other words, don’t worry about being 100% safe — instead, focus on being safer than [...]

Comment on The fake antivirus attack by Ian Saxon

Ian Saxon — Wed, 01 Jun 2011 21:03:44 +0000

You’re probably right, Andy. For many tenacious viruses, ClamWin isn’t going to be strong enough sauce. Do you have any suggestions for lightweight, bootable USB software for windows?

I agree that Windows Restore isn’t supposed to touch your files. Still, it makes me nervous.

Comment on The fake antivirus attack by andy

andy — Wed, 01 Jun 2011 20:38:16 +0000

While I understand that your recovery recommendations aren’t meant to be proscriptive, I’d like to make a comment on each of them:

1) Loading ClamWin on a portable USB stick isn’t sufficient for your virus-scanning needs. It is likely that ClamWin won’t find all of the vestiges of virus on a live OS and is also possible that the virus will jump to the USB stick the moment you put it in to the infected OS. A much more complete way is to create a bootable virus-scanning usb stick and boot off of that rather than the infected hard drive. I don’t know of any viruses that can jump from one OS (the one on your Hard Drive) to another (the one on the USB drive) as long as the infected OS isn’t running. I have a multi-boot USB stick based on the very slick YUMI multi-boot USB utility (http://www.pendrivelinux.com/yumi-multiboot-usb-creator/) It walks you through how to create a multi-bootable stick with free virus scan utilities and gives you a menu to decide which one you want into. On mine, I have, among others:

AVG Rescue CD (Antivirus Scanner)
Avira Antivir Rescue CD (Antivirus Scanner)
BitDefender Rescue CD (Antivirus Scanner)
Kaspersky Rescue Disk 10
Panda Antivirus

Having all of them is probably overkill, but booting off of the USB stick is definitely not.

2) Windows recovery does not alter (restore or delete) static files. Your word documents and emails all survive the restore.