Bad passwords everywhere

image of username and password fields

A couple of months ago, I came across a Wired News article describing how a hacker stole information from TorrentSpy, a popular file sharing website.

TorrentSpy’s owners are probably bright and computer savvy, and I suspect they take several measures to keep their servers secure. So how did Robert Anderson, a hacker turned MPAA informant, manage to gain access to their critical information?

The hacker, then 23 and living in Vancouver, British Columbia, claims he had cracked TorrentSpy’s servers by simply guessing an administrative password. He knew the password was weak — a combination of a name and some numbers.

“I just kept changing the numbers until it fit,” he says. “I guess you can call it luck. It took a little more than 30 tries [my bold].”

It’s unlikely that you have much to hide from the courts, but you have important email and bank accounts that you should keep secure with a strong password. Using strong passwords is one of the easiest and most effective means of staying secure on the net. I’ve explained before how to make great passwords.

Read more about passwords

Merry Christmas

Merry Christmas, Defending the Kingdom readers!

There are now almost 5,000 of you, which is great. If you are looking for coverage of a specific security topic in 2008, leave a comment – I might just write about it.

Take care,


Read more about Uncategorized

Taxes and phishing

Man's hand grabbing pile of cash

The Canada Revenue Agency is warning taxpayers to watch out for phishing scams this tax season. They have a good description of how these scams work:

  1. You receive an unsolicited e-mail or phone call promising you a significant amount of money, in the form of a lottery or sweepstakes jackpot, or a tax refund.
  2. To receive the promised money, you are asked to provide either an upfront deposit or confidential banking information, such as credit card or bank account numbers and passwords.
  3. You are then told that someone will get back to you with the promised payout, which doesn’t happen.
  4. When you try to recover the money, you find that the individual who contacted you has disappeared or never gives you a straight answer.

Good to know, particularly if you recognize what is happening at stage 1.

Read more about phishing

2007 state of the net

In May 2007, I commented on the Consumer Reports 2006 State of the Net assessment. Here are the results of the 2007 State of the Net report:


Your chances: 1 in 2


Your chances: 1 in 5, with a typical cost of $100.


Your chances: 1 in 11, with a typical cost of $100.


Your chances of losing money from an account: 1 in 81, with a typical cost of $200.

Encouragingly, the odds of getting nicked by each one of these threats fell since 2006, except in the case of phishing (formerly 1 in 115, meaning phishing attacks are becoming cleverer and more widespread). The cost for each malady stayed roughly the same, with phishing the exception once again. Last year, phishing victims typically lost $850, so the number has fallen considerably.

Read more about phishing,security