It’s nice to hear about some new online scam or phishing method, worry slightly because it’s really clever, but then realize that I’m actually not exposed to it. Well, not as exposed as I could be.

Here’s an explanation of a new type of phishing attack. Basically a tabbed malicious page can tell when it’s not in focus, and when you’re not looking it will change itself to look like a familiar login screen, Gmail for example.

You know, it really pisses me off when services make me jump through hoops when setting up a password. Hey site whose name I won’t disclose, I just gave you a 20-character password using a random combination of letters, symbols, and numbers, but you won’t accept it because I didn’t include an uppercase letter?

Maybe sites need a check box saying, “I am capable of assessing the risk of my own password.” Or, “I know I shouldn’t use my middle name as a password.” Or, “I do not need a babysitter at this particular time in my life.” I understand why Facebook might want to enforce a certain level of password security, because my grandma uses Facebook and she also trusts every pop-up and banner ad she reads. This site I’m registering at provides advanced services for web administrators, something that requires a certain level of knowledge about the technology being used and it’s security risks (yeah, that doesn’t guarantee a lack of stupidity, but shut up, I’m being angry).

I also understand that using uppercase letters along with lowercase letters increases the number of possible characters by 26, from 66 to 92 (roughly, just looking at my keyboard). Meaning that with a 20-character password, using lowercase letters only means there’s a frighteningly small number of possible passwords:

1,353,669,535,298,323,102,197,037,856,681,569,026,048

But using uppercase letters, too, you get a large, safe, un-guessable number of possible passwords:

1,886,933,291,627,965,536,395,870,951,737,944,702,976

Wow, that safeguard kept my ass out of the fire, for real. Look how exposed I would have been had they not forced me to use uppercase letters! Thanks, web service that will remain anonymous, now fuck off.

Lark

(BTW I got the numbers ’66′ and ’92′ by counting the number of characters available on my keyboard, it was a quick count, and it’s probably wrong)

It’s no secret I’m a fan of Google and the services they provide. I don’t even mind that they use my information serve me better ads–I’ve actually started coming across more and more ads that help me find things I’ve been looking for. However, there are lines that need to be drawn. The more and more services Google provides, the more important it is that we ensure that Google protects our privacy.

The EFF (Electronic Frontier Foundation) has an interesting article about this, with a form you should fill out to let Google know how they need to handle your private information. The EFF writes:

You shouldn’t be forced to pay for digital books with your privacy. Tell Google it needs to develop a robust privacy policy that gives you at least as much privacy in books online as you have in your neighborhood library or bookstore.

Security used to mean keeping your important personal documents in a safe. Now all our personal information is sent through emails, internet voice services, or to online backup utilities. All this redundancy is great–if you’re careful, a fire doesn’t mean you lose copies of documents, or photos, or music. And it’s a lot easier to search files on a computer than files in a cabinet. However, digital information is exponentially harder to keep track of. As more of our information becomes digital, it becomes increasingly important that we have more effective privacy policies.

Google is collecting such information. We need to make sure this information is safe. Go to the website. Fill out the form.

Lark

In defense of connecting most computers to the internet, even MRI machines and those with sensitive information, Cory Doctorow wrote this interesting article for the Guardian, comparing teen sex and computer networking. As always, abstinence isn’t much of a solution.

Operating systems are getting more promiscuous about net connections, not less: expect operating systems to start seeking out Bluetooth-enabled 3G phones and using them to reach out to the net when nothing else is available.

Later, he wrote:

In the era of cheap and easy virtualisation and sandboxing, there’s no reason users shouldn’t be able to partition their computers into “dirty” public-facing sides and “clean” private sides. Of course, a user might subvert this separation deliberately, but the only way to comprehensively prevent that from occurring is to make it possible for a user to get the job done without needing to do so.

It’s a very interesting article, definitely worth a read. One thing he barely touches on is how IT employees (in my experience) are the most abusive of security policy. They feel like since they know the reason for the rules, they can safely break them. Like they’re above it. Above it–wait, where have I heard that before?