Your email. Your bank account. Your address and credit card number. Photos of your kids or, worse, of yourself, naked. The precise location where you’re sitting right now as you read these words. Since the dawn of the information age, we’ve bought into the idea that a password, so long as it’s elaborate enough, is an adequate means of protecting all this precious data. But in 2012 that’s a fallacy, a fantasy, an outdated sales pitch. And anyone who still mouths it is a sucker—or someone who takes you for one.

No matter how complex, no matter how unique, your passwords can no longer protect you.. (Wired Magazine: Kill the Password: Why a String of Characters Can’t Protect Us Anymore)

In a shocking article written by a person who can only be called a computer superuser, he explains why Internet security has finally become a myth

First off, most of us commit fundamental mistakes with passwords. Some people even use "password" or "123456" as their password. This means the bad guys hardly even have to guess. They'll try those first and be correct often enough to make it worth their while.

We're told passwords need to be long and random and include upper- and lower-case letters, numbers, and even punctuation to be safe, but with the processing power available using today's personal computers, cracking even elaborate passwords is possible. 

And even where a password is long and effective at thwarting even automated guessing, the bad guys can simply get on the phone and trick a customer service person into giving it up. All they need is one or two facts about you. Sometimes the bad guys bluff their way into an account with no information at all! They change the password and then rummage around for information they can use to bluff their way in more easily to some of your other accounts.

One mistake many of us make (and sometimes are forced to make) is to log into some site using our Facebook or Twitter login. This linking of accounts has made it much easier for the baddies to take over or modify to their benefit everything you value online, obtaining credit card numbers, your bank account login and pin, If they are pranksters, they could log into your Facebook account and leave offensive racist or sexist posts.

Back to passwords for a sec. The usual advice was not to reuse passwords on multiple sites and to make them long and hard to guess. They also told us not to write them down. I'm reminded of that poster you often see in print shops: "You want it good and cheap and fast? Pick two and call me back." Even one long and elaborate password would be hard to recall without writing it down, but most of us have at least a half dozen sites requiring passwords. It's become impossible to follow the best password advice.

But what about fingerprint or iris scanning? They have a big problem. There are ways to copy and use them. If a crook or prankster figures out how to duplicate your fingerprint or iris pattern, you're screwed. At least you can change a password.

Even if all that stuff worked, there are so many ways to go around the front end straight to back end of a computer system. A baddie can install software to record information over a period of time that could be short or long and then use that information to the detriment of one or hundreds of thousands of people. For example, it could collect credit card numbers given to an online merchant and then sell them to the highest bidder or, if he's a prankster, dump them on any of the sites where password trading goes on.

You can find out more about this topic by pursuing the link following the italicized paragraphs at the top.

Tags: internet, password, security

Views: 555

Reply to This

Replies to This Discussion

Me too, Gallup's Mirror - I'd like to know anything I can understand (sorry to limit you in that way). 

That's not much of a limitation. ;)

However, if you need me to abandon Windows, then that will be a slow painful experience for us both!

The experience isn't as slow or painful as you might think. Indeed, with Linux as an existential threat, some big names in proprietary software have put a lot of money and effort into ensuring the public gets that impression. 

I've done a great many Windows-to-Linux migrations, professionally and for family and friends. The latter includes my mother-in-law and my aunt, both of whom are over 75 and previously were lifelong users of DOS and Windows. My daughter, who is ten, has been using Linux on her PC since she was five. 

I'll respond to this in more detail when I reply to Unseen.

Ugh! Please pardon the many repeated words, grammatical errors, and other typos. I wrote this on a smartphone in an internet cafe.

Meh, no worries. We all understood you! Thanks for the good information!

GM would I be able to run the programmes I use for CAD on Ubuntu if I migrated and thanks for the advice on password generation

GM would I be able to run the programmes I use for CAD on Ubuntu if I migrated and thanks for the advice on password generation

CAD programs fall outside of my expertise although I know there are several CAD programs available for Linux. To experiment before making the switch, you could try Ubuntu on a live USB stick without making any changes to your computer. I recommend doing this with the largest-sized USB drive you can find. If you need help making this work, the user support community for Ubuntu is truly outstanding.

If your CAD program doesn't run in Ubuntu, then Ubuntu may not be ideal for your situation. Or you could try running your CAD program using WINE, Parallells, or VirtualBox. I'm using the latter to run a copy of Windows XP under Ubuntu but you might find this approach less than ideal for your needs.

I like that Ubuntu is named after a humanistic philosophy. And apparently this originated in the culture and traditions of southern Africa.

I guess that phone ain't so smart after all. (snicker,snicker) :)

If someone wants your information badly enough, nothing short of the greatest security measures the world has to offer is going to stop them.

I, for one, really wouldn't care about having things stolen. I don't own a single credit card (debit only, even then my account's emptied quicker than its filled). My facebook is pretty meaningless, and I highly doubt anyone could post more offensive things to it than I already do (what can I say- I love trolling). Nudes? Not a problem, my body's sexy as hell and I'll probably be the one posting them before anyone else has the chance (hence my FetLife account). Maybe if you've got things to protect its an issue but me, I'm an open book lol

This is what I call a "pat me on the head" post. Consider your head patted on.


An attacker who compromises your computer is more likely to steal processor cycles, memory and bandwidth than your identity, although he'd gladly take them all.

Specifically, someone might use your computer to generate spam email, launch a denial of service attack, run a phishing site, store child pornography, be a money mule, attack other computers to take them over, or commit any number of other crimes. And then leave you holding the bag.

The first two items on that list are the most common uses if your machine is zombied. But none of the listed items are rare occurrences. Neither is the prevalence of the problem: the Mariposa botnet consisted of 12 million compromised Windows PCs. And there are many other botnets out there, known and unknown, consisting of many millions of other zombies. They're almost always made up of Windows PCs and few of the owners know their systems are compromised.

Stealth is the name of the game. If you detect problems or odd behavior in your PC, you're likely to add more security or get it serviced. If not, you'll never know you're helping to commit crimes or (if there's child porn on your computer) that you're actually committing the crime. 

That last point is one most people don't know. Being in possession of child porn is a crime against which there is no legal defense under a legal concept called "strict liability." A merciful prosecutor who isn't trying to be reelected might not prosecute you and a conscientious judge might make the effort to find a reason not to send you to prison, but basically any child pornography in your computer, no matter how it got there and no matter whether you even know it's there, exposes you to serious prison time and having to report yourself as a sex offender everywhere you go once you get out.

Basically, the burden of proof is reversed, if you're lucky. If you're unlucky, even proving your innocence wouldn't matter.

To make matters worse, there's the ambiguity of what constitutes child pornography. In effect, a nude or pornographic image of an underdeveloped skinny Russian girl—of which there are probably at least 10's of thousands if not 10's of millions on the Internet—who's 23 but looks 15 can be deemed child pornography on a prima facie basis. It would be up to you to figure out who she is and find a way to prove she isn't a minor. Now, if you're not a pedophile but you're into that body type and you have hundreds or thousands of such images on your computer, you better hope the FBI never comes to take a look. 

Perfect tool for governments to shut up and lock up undesirables then. Cleaner then lining 'm up against the wall and shooting them.

Would you mind putting up some reference material before I go rooting around on some people I don't like computers?


© 2015   Created by umar.

Badges  |  Report an Issue  |  Terms of Service