Vista Security

PCWorld has a decent transcript from an interview with Microsoft’s Ben Fathi at the RSA Conference on computer security this week in San Francisco. The topic? Windows Vista security and Microsoft’s aims to have half or less then half the number of bugs that XP had in its first year of release. Seemingly, they’re still on track for it, despite the recent flurry of patches and bug reports.

I had another go at Vista today, this time on a new AMD-based Dell Inspiron with a half gig of ram - if you’re thinking of a laptop solution, do yourself a favour and get AT LEAST a gig of ram if not more. If not, I reckon security issues aren’t going to be your only concern.

If you're new here, you may want to subscribe to my RSS feed to keep up to date with kenmc.com. Maybe some of my earlier posts will interest you too! Thanks for visiting kenmc.com!

Finger-printing Is The New Pub ID

Forget your passport, forget your age card, forget your drivers license - finger-printing is going to be all the rage, or so it seems, in the UK in an attempt to “reduce drunken disorder by fingerprinting drinkers in the town centre.”

The one question I have to ask… are they for real??

Full story via TJ McIntyre

Electronic Passports Issued Today

Today is the day the passport office start issuing the new ePassports, (electronic biometric passports) after successful testing independantly in the Netherlands (to meet EU standards) and Viriginia in the US (to meet US standards). The deadline was October 26th but looks like they’re set to start rolling out from today, October 16th. (See older Department of Foreign Affairs press release here)

While the new biometric passport will look much the same as its predecessor, it will have a microchip embedded in it which contains the digitised facial image and personal details of the passport holder as they appear on the data page. The microchip can be read electronically at border controls. The Government has no plans, at this stage, to include a citizen’s finger prints. Ireland is internationally recognised as having one of the most advanced passport documents in the world. The proposed legislation will further augment the trust that the international community places in our passports.

As biometric passport reading facilities are progressively introduced at overseas airports, the new technology will strengthen border security and streamline the movement of passengers through airports.

The biometric passport incorporates a number of important security features designed to protect the identity of the bearer. A special code is used to write data to the microchip, the chip is protected by a secure electronic “key”, and an additional access code guards against electronic eavesdropping or “skimming” of information on the microchip.

The project was estimated to have cost around €8.8m for 2006.

Stopping (Or helping to curb) Blog Content Theft

If you’re a Wordpress user, you might be interested in this….

Digital Fingerprints is the launch of a new plugin for Wordpress aimed at tracking blog content theft. It won’t prevent people from copying and pasting material directly from your blog, but it will surely annoy those who republish others RSS feeds into their own blog for the sake of content.

The plugin injects a “digital fingerprint” manually into your posts which is seen only in your feeds, not in the post itself.

Maxpower.ca has the full post and all the details.

When Data “Goes Missing”, You’ll Want To Know

Busy day today, or maybe I’m in a good blogging mood.

Thinking back to last year or maybe a bit earlier, when I got a letter in the mail telling me there was a chance that my personal information had possibly fallen into someone elses hands. This letter of course had arrived from Time Warner (AOL being my former employer at the time, having spent some of my college life working for them in Waterford), informing myself and over a half million other current and former employees of what we could do if our data was stolen - at least informing us that it might have been stolen, never mind the additional protection.

In working for the company, whose main global operation lies in the US, you have to sign a few papers allowing your data to travel outside of the EU, in order to have your employee records processed, passwords and security IDs issued and all that.

So when the news breaks in the US that the data storage company accidentally misplaces 40 backup tapes with records of 600,000 employees you think… ah sure that’ll have nothing to do with me - until the letter arrives that is. So we were offered protection and ways to monitor credit reports and accounts. But the fact is, we were kindly told about it, even though it wasn’t then judged to be a major risk, and were offered ways to work around it.

Which brings up this afternoon’s post on the DRI blog entitled “Support a right to be warned if your personal information is exposed“.

The EU Commission is now proposing something similar to the Californian law, though more limited. The proposal applies to “electronic communications services” (such as telephone or internet services) and would require providers to “notify their customers of any breach of security leading to the loss, modification or destruction of, or unauthorised access to, personal customer data.”

While the initial process sounds limited in its capacity, I for one would bloody well want to know if someone got a hold of any personal data on record and have sent my email to the EU Commission and the Department of Communications.

What AOL users like to browser for?

I keep a strong interest in what my former employers are up to, whether on the European front or the American front but this news over the weekend has hit me a little for six.

Why, why, why would you release data to the public domain about your customer’s search patterns? Why would you scramble their screennames with ID numbers and why would you then try to cover your ass by removing the incriminating data a few hours later?

Seen as they actually pulled down the information, you can now download it all here (just shy of the 450mb mark).

Wordpress.com hosted blog, Plenty Of Fish, has some great details on this too including an explanation from AOL’s Andrew Weinstein on what actually happened. Staggering in fairness!

Big Windows Security Update

Second Tuesday of the month and seemingly today’s Microsoft security update for Windows is the biggest one for a long time…. So why are they only getting around to it now?

My Documents Held To Ransom

Not exactly my own person documents, but this woman had her ‘My Documents’ folder held to ransom in an attack quickly becoming known as ‘Ransomware’. Hackers raided her computer in the UK and encrypted her My Documents folder in Windows containing coursework, photographs, personal letters and more.

From the BBC…

A message had appeared on her computer screen telling her she had contracted an unnamed virus.

It is thought the message was part of the scam and she inadvertently downloaded it.

The virus is known as Archiveus and victims are told to buy pharmaceutical drugs from an internet chemist thought to be based in Russia.

Buying drugs from an online pharmacy was going to give her access to the 30 character password she needed to decrypt her files.

You have been warned! Read on at the beeb…

Thinking About Passwords

Following an earlier post on how secure ones password is, I came across this interesting article. Whatever about fingerprinting, or retina scanning for user-logins, there’s something just damn interesting about biometrics and its advances when it comes to ultimate security. But what if your thoughts could be your password? The concept is based on using brain-wave signatures as “pass-thoughts” to allow access to secure devices.

Possible? Certainly something to think about for the future….

How Good Is Your Password?

Over recent years I’ve gone from 5 letter passwords, to 6 and 8 letters, to a combination of letters and numbers to my current 12 character hybrid of letters and numbers. Yet no matter how big or strong you think your password is, or how you feel nobody could possibly guess the date of birth of your late great grandmother, or the nickname your best friend’s sister had in primary school - its always good to see how fast that password can be broken.

Password recovery speeds looks at timing for Brute Force attempts on your password… definitely interesting reading! Having studied various security attacks and methods of password protection and encryption, if you find it interesting, you’d do well to give it a read.

Next Page »