How to Frustrate Password Crackers: 8 TipsWritten by Mike Delaney
Some time ago, I was one of most prolific contributors to one of most popular newsgroups on Usenet. The newsgroup's purpose was to provide fraudulently-obtained, but valid, passwords for websites.The process there is fairly straightforward: someone posts web site address of a site that they want (free and illegal) access to. Several group members with colorful nicknames then "run" site. If a valid username/password is found, it is emailed to requestor, who in turn publicly heaps praise on grantor, thus inflating his or her ego. My colorful nickname was "PassBandit". Here are some tips to ensure that your account is not weak account that other "PassBandit"s of world compromise: 1. The password is more important than username. Do not assume that because you have an unusual username (including e-mail addresses), you can choose a simple password. 2. Make your reminder question tough and unique -- something such as "What was my first pet's name?". 3. Do not use your username as password. Similarly, do not use a password that "fits" with username. The may be cute, clever, and easy to remember, but username:password combinations such as intel:inside, moody:blues, hewlett:packard, or foghorn:leghorn will be compromised very quickly.
| | WildfireWritten by Bob Osgoodby
No, we're not talking about wildfires in western part of U.S., or not even something that can harm your computer.Some times you will get an E-mail with a virus warning like one that recently circulated on web about "A Card for You" virus. Without checking to see if virus is real, many people immediately forwarded note to everyone they know, and urged them to do same. Many of them did so, and false information spread like wildfire around web. This particular virus was exposed as a HOAX. If anyone had bothered to take time and do a search on "A Card for You", they would have found web page at Symantec which clearly reports it as a HOAX. The only thing you are accomplishing is to frighten people and cause unnecessary concern. In point of fact, you could unwittingly cause problems for people you send them to, like SULFNBK.EXE Warning did. This hoax urged people to search for "sulfnbk.exe" file on their computer, and if it was found to delete it. Sulfnbk.exe, is a valid Microsoft Windows 95/98/Me utility that is used to restore long file names, and if you use any of these Windows systems, you will find it. This caused a lot of people to delete it, and then they had to scramble to restore it. I recently received an E-mail outlining a persons experiences with viruses, and he urged everyone not to accept any E-mails with an attachment. He has set his mail reading program to automatically delete any message with an attachment. This is an over reaction. One of advantages of web is wealth of information available on net. Much of information available includes files that are too large to read as E-mail, and are automatically converted to a file. These are text files and cannot hurt you, and neither can an image file.
|