Archive for the ‘Security’ Category

FreeEnigma – webmail encryption extension for Firefox

Big thanks to  to iSpider.pl for pointing me towards FreeEnigma, a Firefox extension which can encrypt/decrypt webmail messages on the fly:

FreeEnigma brings cryptography to webmail, with an ingenious set of free and open browser plug-ins that work with Yahoo, Gmail, and others. The plugins implement a version of GPG (the free/open version of Pretty Good Privacy) and scramble and de-scramble the text in your webmail before you send it and after you receive it, reducing the amount of information that webmail providers have on your communications.

Those who know me know that I am a big proponent of encryption. My reasons are mainly philosophical. Email is normally sent in plain-text, which means anyone between the sender and the recipient can read that email. Add in the fact that our current administration seems to truly believe it is legal to snoop on all communication within and without this country, and you have the possibility for a very bad situation. Encrypting email might make using email a little more difficult, but it is worth it to help enhance one’s privacy.

FreeEnigma is currently doing a roll-out by invitiation. If you are interested, you can sign up for an invite on their website.

WTF? “Tor: Freedom for whom?”

David ‘cdlu’ Graham apparently was trying to make some kind of point about freedom or privacy or… well, I have no idea what his recent post on NewsForge (“Tor: Freedom for whom?”) was trying to say. See if you can parse this bit:

Schneier states that the debate is wrongfully categorised as a debate between privacy and security. I agree — it is not privacy versus security, it is privacy versus freedom. When one person’s privacy restricts someone else’s freedom, we have a problem.In the real world, every country has a legal system with a set of rules by which everyone must live. If someone breaks one of those rules, a police force and judicial system exists to prevent them from continuing to do so. In some cases, the rules are unjust, but generally, rules are designed to protect the freedoms of others. Take the police force and judicial system out of the equation, and you end up with anarchy.

That’s what Tor brings to the Internet. If everyone on the Internet used Tor, and no one could figure out where anyone was coming from anymore, the Internet would be a complete anarchy, even though most people would still attempt to continue their normal, honest behavior.

Whatever point Graham was going for, I think he’s 100% wrong. It is not Tor’s fault that some internet services rely on IP addresses for security. They shouldn’t. IP addresses are spoofable as it is. It is up to those internet services to figure out security models. Tor has a legitimate use: provide privacy.

Passwords secure? HAH!

Security Blog has an article pointing out that most passwords are insecure:

Vu, who is a assistant professor in the Psychology Department at California State University, Long Beach, goes on to say that the average password is easy to crack, but access to biographical data makes guessing that much easier with favorites being birthdays and children’s names. “My colleagues and I use an easily obtained cracking device called LC4 to crack passwords,” she said. “It sources a dictionary to try words and combinations of words. It often cracks a password without knowing anything about the user. My research says that 60 percent of passwords can be cracked within a few hours, and some in less time than that.”

One of my job functions is assisting people with creating/resetting passwords. And I am continually amazed at how poor some people’s passwords are. It would be relatively easy to guess someone’s password just by knowing a little about that person. Know that Frank’s dog’s name is Kemosabe? There’s a fair chance that is his password, too. Know that Judy is a knitting nut? Her password is probably something along the lines of woolyarn or luv2knit.

I once was personally guilty of this same thing, normally using girlfriend’s names. Over the years, though, I’ve gotten much better ’bout this. Thanks to a password vault and constant access to it, I’ve abandoned the idea of creating passwords, and instead use a random password generator. I keep all my passwords in a password safe, and have a super-strong passphrase protecting the password vault. But I’m weird that way. Most people are not going to be.

Profile picI am a 40-ish uber-geek, Daoist and family man. Blessed to have one incredible wife and three wonderful kiddos. Dao has been kind to me.

Archives
November 2019
S M T W T F S
« Sep    
 12
3456789
10111213141516
17181920212223
24252627282930
QR Code
Top categories