Diary of a Network Geek

Yeah, yeah, happy New Year to you you, too, now, go change your passwords.

No, seriously, change your passwords.  Think about how long it’s been since  you either setup that account or changed the password on it.  Now, consider that there have been some significant security breaches in the past year, including the issues at Gawker and their family of popular websites, and think about how many places you’ve used that same password.  It’s your favorite one, right?  The one you use for all your accounts, because it’s so, so easy to remember?  Guess what, it’s also probably easy to crack and is probably in a database on some hacker/cracker website right now matched up with the e-mail address you used, too.  How long will it be, do you suppose, before someone gets into all your accounts?

Right.
So, go change your passwords.
Not sure how to pick a good one?  Well, if you trust the U.S. Government for security, you can go to their Computer Emergency Readiness Team (aka US-CERT) for advice on choosing a secure password.  If you’re like me, though, you categorically do NOT trust a government agency for your personal security, in which case I recommend that you check out premier security expert Bruce Schneier’s advice for picking a secure password.

I’ll offer two bits of advice on the topic.
First, if any system lets you, choose a password that includes numbers and special characters, not just letters.  The example I always use is “@2brutus”  And, yes, that means I will NEVER again use that as a password. *sigh*  I like to substitute numbers for letters which resemble them, like the number one instead of the letter L or the letter I.  In the example, I’ve taken a  whole word out “et” and substituted the “at” symbol, or “@”.
Secondly, try to use something that is not a single word, but a phrase.  Again, in the example, I took my bastardization of “et tu brute”, which I remembered as “et tu brutus” and mashed it up a bit.  I have known people who use short sentences, however.  One guy I worked with occasionally used lines from Lewis Carroll’s [amazon_link id=”0810911507″ target=”_blank” ]Jaberwocky[/amazon_link], which adds the extra security of words that will most likely never be found in any standard dictionary of any language.

So, trust me on this, if you haven’t done it, start the new year right and change your passwords.

Advice from your Uncle Jim:
"I know only that what is moral is what you feel good after and what is immoral is what you feel bad after."
   --Ernest Hemingway

I finished Little Brother by Cory Doctorow this weekend.

I cannot recommend this book enough. It is so, so worth braving the Young Adult section of the bookstore or library to get and definitely worth getting for your own young adults. Don’t be put off by the fact that it’s geared toward a younger audience, because there’s actually a bit more sex in it than most science-fiction I’ve read this year! Seriously!
Little Brother, in short, is about the Department of Homeland Security. Not quite the way it is now, but where it might be going if we’re not careful. The story is about a somewhat precoscious teen named Marcus who’s a bit of a geek. He plays live-action role-playing games and works with computers and subverts his school’s security measures to get out of class to play alternate reality games. But, he and several of his friends get caught up in a bad situation while doing this one day. In the story, terrorists blow up the Bay Bridge in San Francisco while Marcus and his friends are skipping school. And, the DHS sweeps them up with other questionable people and interrogates them.
Frankly, the interrogation techniques are probably what you’ve read about already. Simple humiliation by not being allowed to use bathroom facilities, sleep deprivation, isolation, aggressive and extended questioning sessions, you know, the usual. The kinds of things that are used all the time to get information out of alleged terrorists. Only Marcus isn’t a terrorist and he hasn’t even been charged with a crime. The DHS is only questioning him because he seems a little suspicious and out of the ordinary. You know, the usual. The usual nightmare that anyone in the wrong place at the wrong time just being a regular, normal citizen might go through because we’re handing over our freedoms with the idea that we might gain security in exchange.

Well, they release Marcus and two of this three friends. Marcus got the worst of the questioning, but all of them are worried about their missing friend. Only Marcus, he’s gotten angry at how he was treated. Much the way I imagine many otherwise innocent people have gotten angry at how they’ve been treated or “questioned”. So, Marcus decides he’s going to get back at the DHS. And, thanks to his talents as a young computer hacker, he does.

I won’t ruin the story by telling you all that happens, but it is a gripping read, not lessened by the fact that it’s something which could happen right here in our country. In fact, some people feel it is happening. One of the many things I liked about this book was how accurate the computer security was. Doctorow really researched this well and even called in contacts like the infamous Bruce Schneier to help get it right. As a matter of fact, they get it so right that I’d recommend this book to anyone interested in getting the basics of computer security. They explain public key cryptography, protocol tunneling, and several other key concepts in modern computer security that, frankly, are somewhat hard to explain.
If you’re worried about the future of your country, or just the future of your children, I encourage you to read this book. If you want to encourage the next generation to be politically aware and have a good understanding of the issues, buy this book for them.

I may not always agree with Cory Doctorow’s political agenda, but Little Brother is a great book and will provide many topics of discussion for interested classes and families.
Read this book!

No.

At least, not according to Bruce Schneier:

Q: All ethics aside, do you think you could make more money obtaining sensitive information about high net worth individuals and using blackmail/extortion to get money from them, instead of writing books, founding companies, etc.?

A: Basically, you’re asking if crime pays. Most of the time, it doesn’t, and the problem is the different risk characteristics. If I make a computer security mistake — in a book, for a consulting client, at BT — it’s a mistake. It might be expensive, but I learn from it and move on. As a criminal, a mistake likely means jail time — time I can’t spend earning my criminal living. For this reason, it’s hard to improve as a criminal. And this is why there are more criminal masterminds in the movies than in real life.

That has to be the best summarization of why I’m not a criminal that I’ve ever read. And, that’s not all he had to say. You can read the rest of the article at the New York Times “Freakonomics” blog.

Advice from your Uncle Jim:
"Aw, damnit, I left my spontaneous quips in my other pants."

A “new” technique that’s more than three years old.

Huh. So, there was this article on MSN recently titled Lock Bumping: A new burglary threat. Now, I remember reading about this in 2600, the Hacker’s Quarterly a really, really long time ago. And, I seem to recall it was a topic at DefCon a number of years ago, not to mention that Bruce Schneier talked about it in 2005.
But, what gets me is that the article itself mentions that the technique was mad popular by a video in Germany back in 2004.

So, how is this a “new” technique again?