Security Now 4

From The Official TWiT Wiki
Jump to: navigation, search
Security Now
Episode 004


Security Now: 004

News & Errata

  • ShieldsUP! passes 38 million uses
  • You run a software firewall on networked computers to prevent worms from running around the network if it got in
  • Windows Firewall in XP Service Pack 2 does alert the user if a program wants to create a listening port
  • You can use a dedicated computer running SmoothWall [www.smoothwall.org] to act as a hardware router, for more experienced user

Topic

  • A senior Microsoft program manager said at a conference that telling employees not to write down their passwords is a poor security idea
    • Bruce Schneier agrees with this idea
    • If a user is forced to not write down their password, then they tend to pick a password that is easily guessable or is prone to dictionary attacks
  • Users should create a personal password policy
    • Create a system for creating passwords based off of something, like using every other letter of a domain name, adding in numbers or some random characters at the end
    • EXAMPLE: Alternate birth year with domain name and alter capitalization for nytimes.com, n1Y9i , etc.
  • Strong passwords are things that are not in dictionaries
    • There are dictionaries on the net that contain just about any word you can think of
    • These dictionaries are used to guess passwords to try to crack them
  • Another problem is password reminders where you give your information to sites where anyone who works there can access it and then use it try and get other passwords for you.
    • EXAMPLE: Steve had a problem with identify theft where someone got his mother's maiden name from some website then used that to retrieve his password from his bank and accessed his account


External Links

  • Steve's show notes [1]
  • Show transcripts [2]
  • Download this episode [3]
  • Download 16kb version of this episode [4]


Production Information

Info.png This area is for use by TWiT staff only. Please do not add or edit any content within this section.



Previous Show - Next Show