Rob's Homepage

The otherday I watched episode 303 of Security Now and Steve has a very interesting take on passwords. Essentially assuming we don't have a dictonary word then it's all about using as many different types of characters as possible. Yes length still matters but entropy (randomness) doesn't.

Further to my blog post on FireSheep, I figured I'd share these links. FireSheep is a firefox plugin designed to allow anyone on the same wireless access point as you to evesdrop on your connection, seeing what you see (when browsing the web) and to impersonate you to social networking sites you're logged on to. It turns out that it's really simple to protect yourself:

Ever wondered why you shouldn't screw with a hacker's machine, here's why:

A Primer

Authentication is the process of proving to a computer (or other system) that you are who you claim to be. There are several methods of doing this, of which the most common is a password.

The Factors [Reference 1.1.]

A password is in fact just one method of authenticating yourself. There are several methods available, each with their own strengths and weaknesses. These can be combined into a single login process in order to increase security. The commonly accepted factors are:

Several of the scripts used by the script kiddie varity of crackers assume a large amount about the system(s) they're attacking. Some simple changes to the configuration of SSH make sure that other machines are an easier target, thus making their fruit hang lower than yours. All that needs done is to change the port you use for SSH, so follow these steps to make SSH listen on another port, simply replace <PORT> with whatever number you want to use, for extra piece of mind keep it above 1024. It looks like there's a lot of steps but it can be done in under 2 minutes.

These new contactless credit cards are just so convenient. I mean you don't even need to slide it into a machine just wave it near. Or have the machine waved near the card. Add in a directional antenna and you don't even need to be close to the person.

If you're ever sitting on an open wifi hot spot, wondering what he people around you are looking at then you need the new FireFox extension FireSheep.

Not much more to say on this other than to point you over to Steve Gibson's blog:

• Instant Hotspot Protection from "FireSheep"
• Why Firesheep's Time Has Come

http://xkcd.com/792/

Seriously folks if you're going to use the same password on multiple sites you need to be REALLY REALLY CERTAIN you can trust ALL of them.

Just a few useful reference links so I can find them:

Entropy (ie the source of random numbers) is generated by keeping an eye on such things as mouse/keyboard use, hardware interupts. However on VPSs some of this is unavailable, so here's the process for using the bitfolk entropy service.