This is similar to what I teach to my users. Take something familar and build a password from it. Take a quote from a book, a bible scripture, a passphrase... then extract/add/replace some extra characters, to build a stronger password. My users are learning. Once they get the hang of it we move them onto using made up, but memorable to them passphrases to start with.
One problem with common phrases, names of football players, etc. is the abundance of word lists available for dictionary attacks (using l0phtcrack, etc.) I have word lists for many subjects (medical, computer, biblical, actors names), in many languages (even hindu, swahili, and polish), and lists collected from years of succesful dictionary attacks. Just browse Google for 'word lists'
Like the story about the bear and the two hikers "I don't have to outrun the bear, I just have to outrun YOU!" one hiker says to the other as he slips on his Nikes. You want to make sure your password isn't among the first ones broken.
Use the same tools the black hats do to audit your own systems and users. It's an education!
HC
General Electric Ordnance Systems - our prime vendor for the Mk 88 Mod 2 Fire Control System onboard the ballistic missile submarine I rode in the early 80's. The company that used to make Singer sewing machines also contributed a small part. There are a number of companies that contributed to our original "41 For Freedom" that might surprise you.
But don't let it surprise you, there was a need and somebody filled it. These companies through their contracts with the gub-mint helped provide the tools needed.
HC - still proud to have served
Because we Americans want it NOW. We want to see the results minutes, not days after the polls close.
The media feeds the hype by the forcasting the winners by use of exit polls, with scores of pundits discussing the ins and outs of every race. We have come to expect this and a move to return to paper ballots might dampen everyone's 'fun'. A paper ballot that could be reliable scanned, and non-refutable could work, but putting such a system in place has to run the gauntlet of every special interest group not to mention the politicians and government departments (Boards Of Elections) and workers who oversee such systems. (I worked county govt. IT for many years, and the BOE officials and workers were no more or less typical than any other govt. agency).
Make it cheap, reliable, difficult to defraud AND fast... then we have something to push hard for.
HC
We run Trend Micro's IMSS too, 'cept we got the first sobig32.e virus a few hours before Trend had the new sig files ready.
Our second level of defense was similarly unprepared. New sigs weren't available yet.
The tertiary system (user edu-ma-ca'shun) failed miserably in one glaring instance.
One bright spot, our internal CERT team rocked!
So be careful about crowing so loudly...
I still believe in "defense in depth" but also have a plan for when the inevitable happens.
Hung Chow
Why not use a hovercraft?
on
Landshark
·
· Score: 1
Decades of reasearch and technical innovations... they come in a multitude of sizes... ( http://www.hovercraft.com/ ) And playing bumper cars on the freeways and waterways would make any commute more entertaining!
HC
We haven't seen any specs yet, but they did give some guidance that is could be PocketPC based. I'll reserve judgement until we see some hard facts.
Still loving my Sharp Zaurus!
Slashdot Mirror
This is similar to what I teach to my users. Take something familar and build a password from it. Take a quote from a book, a bible scripture, a passphrase... then extract/add/replace some extra characters, to build a stronger password. My users are learning. Once they get the hang of it we move them onto using made up, but memorable to them passphrases to start with.
One problem with common phrases, names of football players, etc. is the abundance of word lists available for dictionary attacks (using l0phtcrack, etc.) I have word lists for many subjects (medical, computer, biblical, actors names), in many languages (even hindu, swahili, and polish), and lists collected from years of succesful dictionary attacks. Just browse Google for 'word lists'
Like the story about the bear and the two hikers "I don't have to outrun the bear, I just have to outrun YOU!" one hiker says to the other as he slips on his Nikes. You want to make sure your password isn't among the first ones broken.
Use the same tools the black hats do to audit your own systems and users. It's an education!
HC
General Electric Ordnance Systems - our prime vendor for the Mk 88 Mod 2 Fire Control System onboard the ballistic missile submarine I rode in the early 80's. The company that used to make Singer sewing machines also contributed a small part. There are a number of companies that contributed to our original "41 For Freedom" that might surprise you.
But don't let it surprise you, there was a need and somebody filled it. These companies through their contracts with the gub-mint helped provide the tools needed.
HC - still proud to have served
Because we Americans want it NOW. We want to see the results minutes, not days after the polls close.
The media feeds the hype by the forcasting the winners by use of exit polls, with scores of pundits discussing the ins and outs of every race. We have come to expect this and a move to return to paper ballots might dampen everyone's 'fun'. A paper ballot that could be reliable scanned, and non-refutable could work, but putting such a system in place has to run the gauntlet of every special interest group not to mention the politicians and government departments (Boards Of Elections) and workers who oversee such systems. (I worked county govt. IT for many years, and the BOE officials and workers were no more or less typical than any other govt. agency).
Make it cheap, reliable, difficult to defraud AND fast... then we have something to push hard for.
HC
We run Trend Micro's IMSS too, 'cept we got the first sobig32.e virus a few hours before Trend had the new sig files ready. Our second level of defense was similarly unprepared. New sigs weren't available yet. The tertiary system (user edu-ma-ca'shun) failed miserably in one glaring instance. One bright spot, our internal CERT team rocked! So be careful about crowing so loudly... I still believe in "defense in depth" but also have a plan for when the inevitable happens. Hung Chow
Decades of reasearch and technical innovations... they come in a multitude of sizes... ( http://www.hovercraft.com/ ) And playing bumper cars on the freeways and waterways would make any commute more entertaining! HC
We haven't seen any specs yet, but they did give some guidance that is could be PocketPC based. I'll reserve judgement until we see some hard facts. Still loving my Sharp Zaurus!