October 2018 archive

23
Oct
2018

Some tips on protecting your information!

categories: Uncategorized

It is National Cybersecurity Awareness Month (NCSAM) and I thought I will share some of the ways I protect my information. Spoiler alert: you may not find anything that you already don’t know and I may have written about these earlier. And if you came to the event at Wellesley last Friday, you already heard about these from me. But I hope this serves as a good reminder about some of the best practices for keeping your information safe.

Passwords & Passphrases

I use fairly long and complex passwords. I prefer passphrases wherever they are supported. It is so sad that so many systems still do not support passphrases and are restrictive in terms of the length of the passwords. As a rule, I use different passwords for different systems. I will be very happy to privately share with anyone who is interested in knowing more about how I maintain/remember all of these passwords. I also avoid saving passwords for some of the critical systems and financial institutions in my browser’s password manager. They are safe and continue to be safer, but, if ever someone steals my Google Password AND bypasses two factor authentication, they will have access to all my passwords (paranoia!).

To change the passwords often or not is an age old question and I believe that having a long and hard to guess password is much better than changing passwords often. One of the reasons for mandating the password change was that if hackers had access to your password, changing it prevents them from accessing your data and that it is hard for them to guess your new password. With the exponential increase in computing power, the moment your password has been hacked, a lot of your information has already been accessed before you can change the password. Secondly, it has been shown that mandatory password changes result in predictable password patterns that are easier to guess than one can imagine. I encourage you to read this article “Time to rethink mandatory password changes” on this subject. So, my advice – make passwords long and hard to guess.  (more…)

08
Oct
2018

Spy Chips – My question to John Chambers in 2010

categories: Uncategorized

There is continuing controversy as to whether the claims that certain motherboards manufactured in China were fitted with tiny microchips that are capable of compromising data. Details as to what exactly this means is less important than the answers to “what if” questions. The chip could potentially install malware or open up a port silently for the hackers to invade any of the systems using such a motherboard. It could also potentially inflict other major damages such as erasing all data or corrupt the data slowly (in some intelligent ways) so that even backups over a period of time makes it impossible to retrieve the data. And it may be programmed to be dormant and wake up in some future date. Who knows?

Planting such “easter eggs” is a common practice in software, but not necessarily with the intent of causing damage, but more as a joke or for fun. Programmers of video games or computer software planted these for fun. For example, TECO editor from TOPS-10 operating system (in the late 70s and early 80’s) used the command make to create a file. If you typed “make love” to create a file called love, it had an easter egg which would respond by saying “not war?“. Most recently, Google engineers have been creating a fair amount of easter eggs.

I want to tell you a story about my question on this subject some 8 years ago…

(more…)