Thursday, December 31, 2009

The Passwords Twitter doesn't want you to use

The Wundercounter blog has a list of all of the passwords embedded in Twitter's signup page. The list is a pretty broad list of bad passwords that Twitter users probably use more than we might like to hope after years of explaining the need for good passwords. Old favorites like 123456, abc123, and password show up, as does computer, many first names, and of course, twitter.

It seems like most organizations have at least one common password that users tend to gravitate to. At colleges and universities, it tends to be a school spirit oriented password, and for websites, it often involves the name of the site. What's your organization's oft joked about common password?

(flickr Creative Commons attribution licensed image courtesy 7son75)

Tuesday, December 29, 2009

Digital Photo Forensics

HackerFactor's Sec-C blog has a great writeup and analysis of a Photoshop Disasters image. There are a lot of useful techniques to learn here if you're ever asked to check if an image was Photoshopped.

Tuesday, December 15, 2009

Anti-Forensics Tools - DECAF to your COFFEE

Anti-forensics tools meant to counter mainstream forensics packages aren't new, but DECAF, a response to Microsoft's COFFEE tools are a pre-packaged forensic toolkit looks like an interesting entry into the field. Those worried by COFFEE's described capability to "decrypt passwords and analyze a computer’s Internet activity, as well as data stored in the computer" appear to have at least one possible way to counter it.

Fans of The Big Hit are likely wondering when the anti-anti-forensic device will be released...

Monday, December 14, 2009

The Importance of Background Checks

The Department of Homeland Security recently learned the importance of background checks the hard way, as a fugitive wanted on a national arrest warrant for insurance fraud was found to be working for a DHS office. This serves as a great reminder that background checks are a really inexpensive way to make sure that staff working in potentially sensitive positions (or with access to sensitive data) are worth reviewing.

Thursday, December 3, 2009

Free Security Software - A Checklist for Setting Up Your New PC

The explosion of new, inexpensive PCs has resulted in a lot of systems that didn't come with pre-packaged software, or that simply come with a trial antivirus package. Is it possible to build a capable security suite for your new system without spending money?


Antivirus and Anti-Spyware

Get a copy of AVG's free product. It is relatively lightweight, runs well even on netbooks, and it receives good reviews.

Windows Defender is increasingly capable, and is a good second choice to install.

I also continue to recommend SpyBot as a good general purpose anti-spyware tool.

Virus Recovery and Malware Removal

MalwareBytes remains my default recommendation for those who need to recover from a virus infection.

Password Storage

I continue to use Password Safe for most of my password storage needs, but LastPass's online storage system is an excellent option as well. You can find my previous LastPass article here.


Start with Firefox, and if you're comfortable with it, add plugins such as NoScript. Firefox's autoupdate capability as well as the wide variety of security controls available make it a great choice as your default browser.

With these free tools, you'll be well on your way to secure computing - for free!