Category: security strategist

The Perfect Pin Password! How to not be predictable!

Paul

Customer Service? What's My Pin Number?

Predictability is the Key!

It isn’t like we have a lot of imagination, I was looking around and saw this blog post post about PIN number analysis.   Let’s just say after I read this, I got chills and it went down my back.   No one person can come up with a easy to remember PIN number and it be safe.   So the problem with this and other passwords are that people tend to make them easy.  This is where the problem lies, if it was easy to come up with a PIN number that is can be predictable then someone else can figure out the pin quite easily.

What throw out and what to keep!

Here are a few things that I saw on the analysis that you should be throw out for sure:

  • Birth dates and years — This seems to be a very popular way to go to remember a pin number.   People are either using their year they are born or their month and date they are born to make a pin number for banks an other institutions.  Just throw those out the door.  If I could think of them so could a hacker who wants to get your money!
  • Don’t just go down PIN #2580 — Here’s another that seems be a common ploy, looking at your phone and just going straight down.   Which seems to indicate no imagination on the part of  people making the pin.
  • Don’t Use only one or two numbers like 1212, 6969, 2000, 1122 — It isn’t hard to figure out what numbers you use will make it easier to remember but it will always make it easier for the the hacker or the bank thief to get your money.
  • Don’t try to be cleaver — Something like 42069 is one that is spoken really well on the analysis and thus it comes as a interesting pin.   He didn’t know why but I suspect I know why, and here it is.   420 is common for elight speak for smoking illegal sustances and we know what 69 is.  So you tried to be cleaver but I figure it out and I am sure someone else could easily.

 

Picking a Good Pin!

Now since we talk about the analysis of the pin numbers, a little and I do hope you checked out the Analysis.   I thought it would be a good idea to at try to guide you into coming up with a less predicable PIN and thus making it that much harder for a Hacker and would be bank thief to get access.   Here I will describe what you might want to do to make it almost unpredictable and still make it remember able. 

  • Use the Random Number Generator — Come up with Four numbers you may want to use and use them as your PIN.   (Remember the rules, No repeating numbers, and nothing guessable.)
  • After you find a PIN — try to come up with a four letter word that will allow you to remember the number.   You might also go backwards such as starting at the end and create a word for it using your phone.

Use your phone keypad to basically associate the pin with a letter so you can remember it or if you can come up with other ways that will help you in the long run.   You shouln’t write it down but if you do have to, I suggest using something like Lastpass password database and keeping it secure for your eyes only.

This is one way to do it but I am sure someone somewhere has a much better way but at least this way you have control of who or what will know your password.   You want to keep your money safe, and yes I am sure hackers are going to try to use this to figure out your new PIN but it is much harder for them to know which number you picked and when you did it.   So the ball is in your court and not theirs.  Hope this helps!

Library administrators just don’t get it and that just bugs me!

Paul

Blocking Proxpm

At the Library!

You hit the road for your favorite library and you decide you want to protect yourself from all those snooping people who like to watch what you do.   The problem is you have an unprotected and unencrypted network.   You try as you might to get a VPN setup and you just can’t connect.  So you try to find other VPN’s that woul work and your instantly blocked.  They’ve installed websense into their serves to prevent people from using a VPN.  

Not all VPNS are bad!

When I found this out, I was really irked by them preventing me from visiting such website.  I suspect they are worried someone will use a VPN to visit porn sites or research something bad.  It wouldn’t be so bad if they woul allow people to use VPN or ones they trust but this is a blacket attempt to prevent people from using them.  

Ways they can help people wit h security!

If they want to prevent this an still monitor traffic.   That is also fine with me, I understan this.   I just don’t feel comfortable using a public wifi without some privacy protection.   What if somone gets my credit card while I am using their public wifi.  Would they be liable?  More than certain, they have some clause to prevent this.

All they would have to do is make all open wifi spots encrypted with a way for guest to login to.   They wouldn’t have to have a different password for every person login in.   A simple guest password would suffice and make every wifi connection secure to prevent someone from snooping over the air transmissions.   libraries probably won’t do this but I am asking they look into this problem and come up with a solution to help us security minded people.   If they do nothing, then nothing will be solved.  

Paul Sylvester 

 

How to disable autorun the easy way!!!

Paul

I read a report from Cnet about USB devices spreading Virus and I will quote:

The bad guys are intentionally developing new flavors of malware designed to propagate through USB devices,” said Gunter Ollmann, chief security strategist for IBM’s ISS security division. “They are today’s floppy drives.”

[ad#ad2-right]An infected computer can spread a virus to a clean USB thumb drive that is inserted. That USB drive will then be spreading the virus onto other computers if the operating system on those machines has an AutoRun-type feature enabled. The AutoRun function in Windows launches installers and other programs automatically when a flash drive or CD is inserted. The Mac has an equivalent function, according to Ollmann.

[Via Cnet]

In order to disable “autorun“, which in Vista is called Autoplay. In order to disable Autoplay from starting when you insert media into your computer here is how you do it:

You will need to be Logged in as Administrator before this can be done:

Next click start and type “Autoplay” without quotes. It will bring up a screen but all you have to worry about is this:

Vista autorun

You will need to make sure there  is no check mark for “Use AutoPlay for all media and Devices”.   Click save and close.

[ad#ad2-left]Once that is done, you will have no more Autoruns from USB devices.  If you want to disable Autorun in XP, I’d suggest reading some of these articles for XP.

These are just a few and are really nice to articles but there are others out there that might be more to your liking.  I suggest searching Google for them.   I hope this helps you out!!!