Month: March 2012
Think that a passphrase of multiple, random dictionary words is as unguessable as long strings of gibberish, but easier to remember?
Research from the Computer Laboratory at the University of Cambridge suggests that this might not be so.
While passphrases using dictionary words may not be as vulnerable as individual passwords, they may still be cracked by dictionary attacks, the research found.
Security researcher Joseph Bonneau reports, in a recent paper written with Ekaterina Shutova, that his team studied the problem by turning not to the theoretical space of choices but rather the real-life passphrases that people actually string together.
To find such a selection of passphrases, his team used data crawled from the now-defunct Amazon PayPhrase system, introduced last year for US users only.
The goal wasn’t to evaluate the security of the scheme as deployed by Amazon, Bonneau says, but rather to learn more about how people choose passphrases in general.
Amazon’s was “a relatively limited data source”, he writes, but the research results do “suggest some caution on this approach”.
In the original version of the Amazon site, passphrases had to be at least two words long. Error messages indicated when a passphrase was already in use.MORE
Internet security is a hot political topic at the moment. Governments are instrumenting changes to protect key infrastructure from both foreign and domestic network attacks.
During the UK Prime Minister’s visit to the US last week, both David Cameron and Barack Obama pledged a closer partnership on internet security issues. A joint fact sheet, released on March 14 last week, states:
As the United States and the United Kingdom continue developing joint capabilities that support our national security interests in cyberspace, we are sharing more and more incident data to help us and our allies counter advanced persistent threats.
Against the backdrop of wider internet security discussions, concerns about cyberwarfare often arise. However, thanks to liberal use of the term, and a big dollop of hype, it is very difficult to work out what cyberwar actually encompasses.more
Stop press! The art of computer viruses may not be dead, after all.
Vancouver-based artist Bratsa Bonifacho says his latest collection of paintings has been inspired by computer malware.
One of Bonifacho’s virus paintings is titled “Horty MyParty is Weird and Coolnow”.
An unusual name, you might think, but it is apparently inspired by a number of viruses from yesteryear including VBS/Horty (which claimed to offer pornographic content of adult film star Jenna Jameson), 2002’s MyParty email worm, and the CoolNow MSN Messenger worm.
According to the Daily Mail an undercover investigation in India has uncovered that some call center workers have been selling confidential information on nearly 500,000 Britons.
Undercover reporters from The Sunday Times met with two individuals who claimed to be IT workers who offered to provide them with 45 different types of data gathered from the victims.
Information offered up included names, addresses, phone numbers and credit card details (including CCV/CVV codes and expiration dates).
The reporters allege they could purchase the records for as little as 2 pence apiece ($0.03 USD). One of the
IT workersthieves bragged:
"These [pieces of data] are ones that have been sold to somebody already. This is Barclays, this is Halifax, this is Lloyds TSB. We’ve been dealing so long we can tell the bank by just the card number."more
http://sophosnews.files.wordpress.com/2012/02/conference-call-spy-170.jpg” alt=”Conference call spy image from Shutterstock” align=”right” hspace=”10″ vspace=”10″ />
Last month, we reported how a conference call, between the FBI and Scotland Yard, discussing their investigation into Anonymous hackers had been secretly recorded by the hacking collective and published on the net.
We surmised at the time that the unknown hackers might have secretly accessed the call by compromising a police investigator’s email account, as the call-in details and passcode were posted by Anonymous on their usual dumping ground – the PasteBin website.
http://sophosnews.files.wordpress.com/2012/02/fbi-email1.jpg” alt=”Conference call email, republished by Anonymous” />
Yesterday’s announcement by the FBI about the prominent LulzSec hacker Sabu, and other alleged hacktivists, has revealed more details about what actually happened.
According to an FBI press release, a Garda (Irish police) officer who was invited to attend the conference call about ongoing hacking investigations forwarded the message to a personal email account.
Unfortunately, that personal email account was compromised by a hacker.MORE