|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: Consumer Security Web Site
From: Mike (mike
superiorholidayadventures.ca)
Date: Wed Jun 30 2004 - 07:32:13 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
I agree, but it's a very good start and that's what it's intended for.
Here's a snippet from the site:
"The best way to use this generator is to take its output it in ways
known only to you. Make some letters capital, or insert punctuation and
numbers."
"Note also that static or reusable passwords are obsolete. If you have a
choice of authentication methods, look for a stronger method than
passwords."
The author of this software knows that the passwords generated are
insecure and has explicitly stated his thoughts on *directly* using the
passwords generated by this program.
If the user of this software can create an easily pronounceable, and
therefore easily remembered, password and then mixes in some numbers and
capitalization you will end up with a relatively secure password.
For example, replace letters with hax0r sp33k and capitalize the last
letter and underscore the beginning. We'll do this with 'seedonth',
which was generated from the site. Using the above method you end up
with "_s33d0n7H" which fits your requirements for brute force attack
resistance. If a user uses *their own* method of obfuscation with an
easily pronounceable password, the password can both be (relatively)
secure and easily remembered.
I'm sure the code supplied on that webpage could easily be extended to
use 10 character passwords and to use similar methods of password
obfuscation.
Sincerely,
Mike Fetherston
> -----Original Message-----
> From: Sullivan Tim P [mailto:timnativemode.com]
> Sent: Wednesday, June 30, 2004 2:03 AM
> To: Mike; focus-mssecurityfocus.com
> Subject: RE: Consumer Security Web Site
>
> Hi Mike,
> The link below does not generate the greatest of passwords, from a
> security standpoint.
>
> When I tried the link, it generated passwords that were simple, all
> lowercase characters. As a rule of thumb, you want passwords to have
> uppercase, lowercase, numbers, and special characters, and be at least
8
> characters long.
>
> Passwords like the one that tool generates would take literally
minutes
> with a bruteforce cracker on todays standard hardware.
>
> Just my thoughts.
>
> Thanks,
> Tim
>
>
> -----Original Message-----
> From: Mike [mailto:mikesuperiorholidayadventures.ca]
> Sent: Tuesday, June 29, 2004 11:52 AM
> To: James D. Stallard; David Harper; focus-mssecurityfocus.com
> Subject: RE: Consumer Security Web Site
>
> I find this resource:
>
> http://www.multicians.org/thvv/gpw.html
>
> generates the easiest to remember random passwords. I can still
> remember passwords that I've generated with this tool.
>
> Mike.
>
> > -----Original Message-----
> > From: James D. Stallard [mailto:jamesleafgrove.com]
> > Sent: Monday, June 28, 2004 5:25 PM
> > To: 'David Harper'; focus-mssecurityfocus.com
> > Subject: RE: Consumer Security Web Site
> >
> > David
> >
> > Top Idea, this certainly qualifies as 'A Good Thing'.
> >
> > My 2 cents is "how to pick a decent password"
> >
> > There are lots of myths out there on what qualifies as a good
password
> and
> > while all us techies would love our users to pick something really
> complex
> > (read "nasty") the fact remains that they would rather pick the name
> of
> > their dog or football team. So, a few tips on choosing something
easy
> to
> > remember and hard to crack, and obfuscating their dogs name might be
> nice
> > :)
> >
> > Most of my work is Active Directory design related, so a few tips on
> using
> > GPOs for improving security and securing DNS services would be nice.
> > Perhaps
> > you couls really push the boat out and put in some stuff about
> Delegation
> > of
> > Administration!
> >
> > Cheers
> >
> > James D. Stallard
> > Active Directory and Infrastructure Technical Architect Leafgrove
> > Limited
> >
> >
> > -----Original Message-----
> > From: David Harper [mailto:david.harperthermon.com]
> > Sent: 28 June 2004 16:50
> > To: 'focus-mssecurityfocus.com'
> > Subject: Consumer Security Web Site
> >
> > All,
> >
> > I'm putting together a web site for home and small office computer
> users
> > to
> > address computer and small network security. I'm hoping to
eventually
>
> > have a one-stop site where non-technical consumers can get all the
> information
> > they need to protect their home and small office systems.
> >
> > So far I'm planning sections on Viruses/Worms/Trojans, Spam,
Identity
> > Theft, Cyberstalking, Hacking, Spyware and Adware. Each section is
to
>
> > cover
> the
> > basics (what it is, how to remove/prevent it, etc.) in a
> non-technical,
> > friendly-to-the-average-home-user way. I'll also include links to
> sites
> > like Windows Update and other free tools, with a strong admonition
> that
> > their computer be checked and patched - now.
> >
> > I'd like to get input from the list on any other sections to include
> on
> > the
> > web site. What do you see as the most glaring gaps in end-user
> knowledge?
> > What information, tools, links, etc., would best enable them to
secure
>
> > their systems easily against the most common threats? Also, I'm
> > gearing
> this
> > toward Microsoft simply because 1) Microsoft runs the vast majority
of
>
> > home/small-office computers, 2) Those using Linux are already pretty
> > computer savvy, and this site is for the novice. Should I expand
the
> > focus?
> > Include MACs? What about the buzz on cell phone viruses? Should
cell
>
> > phone security and privacy issues be included, as well?
> >
> > Please keep in mind that this site is for the novice, so
explanations
> of
> > elliptical curve cryptography probably won't fly. I just want to
make
> it
> > as
> > easy as possible for the non-technical user to stay up to date.
> >
> > Your input is greatly appreciated!
> >
> > Thanks,
> > David
> >
> >
>
------------------------------------------------------------------------
> --
> > -
> >
>
------------------------------------------------------------------------
> --
> > -
> >
> >
> >
> >
> >
>
------------------------------------------------------------------------
> --
> > -
> >
>
------------------------------------------------------------------------
> --
> > -
>
>
>
------------------------------------------------------------------------
> ---
>
------------------------------------------------------------------------
> ---
---------------------------------------------------------------------------
---------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]