Gerry Schatte Computer Stuff


What in the world is a strong password? Simply put, a strong password is one that is very difficult to guess. Not just for a person to guess, but difficult for a computer to guess as well.

Everyone knows some of the simple rules for choosing passwords; don’t use your or your family’s names or birthdates, sequential letters or numbers like “abcd” and “1234”, your user name, etc. so a person cannot guess your password. That is a very simple thing to accomplish, and most of us have been doing it for years because people were guessing. Those times have changed. With so much information on-line and so much to be gained by breaking into systems, hackers have changed tactics. They now use sophisticated equipment to launch a new breed of attacks such as a “dictionary” attack.

A dictionary attack is just like it sounds. A computer will be used to try to guess the password by trying every word in the dictionary…not just the English dictionary, but other languages as well. It will also try combinations of words, numbers, common key sequences like adjacent keys on the keyboard such as “asdfghjkl”, etc. Sounds time consuming, doesn’t it? Well, it is, but if you consider the payoff from one timely, successful hack, a thief will gladly wait a month for his computer to guess the password. It is because of these types of attacks that you use a strong password – one with a combination of letters, numbers, and symbols.

Over the past few years, I’ve adopted the philosophy that there really is no such thing as a completely secure computer system. Given enough time and resources, a determined hacker can gain access almost to almost any password protected system. That doesn’t mean you should give up on protecting yourself. I just accept it and try to make it as difficult as I can for a hacker to break in. In doing so I am, hoping that they will move on to another less-protected computer. Using strong passwords is one of the methods I use in pursuit of that goal.

So how do you make a strong password? You feed it BBQ of course! (Just kidding) As I stated before, you will want to use a combination of letters (both upper and lower case), numbers, and at least one special character like these: “!@#$%^&*()_+”. The letters should not spell any word in the dictionary of any language, and the special symbol should be in the first eight characters. You also cannot simply substitute numbers and symbols for letters in words such as “S@nFr@ns!scO”. Hackers know those tricks too.

I don’t know about you, but I could BARELY keep track of all my passwords even when I was using simple, common words. How in the world can we now be expected to come up with something like “i8t#sor4s”? One way I’ve found that works for me is to use a “passphrase”. It is a phrase that I can easily remember, and then convert to a strong password. In my example, I started with the sentence “I ate two pounds of ribs for supper.” I then used all of the first letters to come up with the password “iatporfs”. That’s a decent password by itself, but I’ve made it stronger by using my own style of substituting the word “ate” with the number 8, “for” with the number 4, and “pounds” with the combination of “#s”.

That’s not too bad, but you probably have a dozen or more passwords to manage like I do and they are still hard to keep track of. You will have to decide how far to go with your efforts, but here’s what I do. I have a couple accounts that are critical to protect, like my bank account. I’ve made unique strong passwords for those accounts, and change them frequently. For the others, I use a couple different strong passwords that are a little easier to remember and type. Let’s face it…if someone breaks into my Club Photo account, I’m going to be inconvenienced at worst.

Those are the basics, and I hope you follow my advice. Everything you can do to make a hacker pass you up for an easier target will help. For more information, visit the following web pages:

From Microsoft:
Strong passwords: How to create and use them
Creating strong passwords

Other sites:
Simple Formula for Strong Passwords (SFSP) Tutorial
Choosing Your Password

Unfortunately, our ever-increasing use of computers in our life means security will be an issue we will always have to deal with. I recently read an article that explained why using passwords alone, even strong passwords, may not be enough. Sigh.

Safe computing and happy holidays everyone!

Gerry Schatte
ShoddyHog

I’d hoped to make my last Blog entry before Thanksgiving completely about fun stuff, but I do need to alert you to the latest e-mail scam. This one tries to make you believe that it comes from the FBI, they’ve caught you visiting illegal web sites, and that you need to open an attachment to answer some questions. You can find the details in this MSNBC article — FBI warns users against scam e-mails. They include a link for reporting internet crimes — the Internet Crime Complaint Center.

Very well, on to the fun stuff…

I stumbled across this link yesterday entitled Great grilling with gadgets, and there were a couple cool items listed. On page two, they show a portable, outdoor ice maker that makes 35 lbs of ice in 24 hrs! That sure would come in handy at times.

Here’s a few complete wastes of time if you’re stuck at the office trying not to think about the time clock. Just don’t blame me when the boss catches you!

The Blue Ball Machine is pretty cool. WARNING – check your speaker level before you click on this one. It plays a loud, annoying sound file. Are you wondering how they got it to be so huge? There’s a trick to it, do you know what it is?

My high score on The Grid Game was 837. Don’t ask how long I played.

Here’s a neat little memory game.

This one is processor intensive, and slows my machine down. You might want to save anything your working on before clicking this one. It is pretty slick though — String Spin.

While I think the concept behind Phoneswarm is somewhat amusing, I never hope I get so bored I join in 🙂 To get a description of what the site is about, click on the “faq” link at the top.

Happy Thanksgiving!
Gerry Schatte
ShoddyHog

Sony Installs Trojan Horse:

How upset would you be if I told you one of the largest electronics manufacturers may have installed a Trojan horse program on your computer?  What if you found out that it was secretly using your processor time and maybe even keeping your computer from going into power-save mode?  Yeah, me too.  Well, it appears as though Sony is doing just that with their latest attempt at copy protection, installing a type of Trojan horse called a “rootkit”.

You can read about it here in this MSNBC article, What’s on that music CD anyway?  A more technical description can be found at Mark’s Sysinternals Blog, and here’s a list of CDs that will install these on your computer.  Thanks to Lawhog for pointing out the word should be spread on this.  I don’t know about you, but I’m going to be very careful about the CDs I drop into my computer as well as which ones I buy. After publishing this I noticed another article. Looks like Sony is going to be in some hot water.

Critical Windows Flaw:

Anyone running Microsoft Windows should already be doing this, but I wanted to remind you it is time to go to Windows Update and install any security-related patches.  Microsoft just revealed a “Critical” security flaw and subsequent patch, so all users should install it immediately.  Here’s the MSNBC article, Microsoft warns of “critical” Windows flaw.

RATs – Follow Up:

In a follow-up to my first Blog about Remote Access Trojans (RATS), I wanted to post a link to this article by Bob Sullivan, Here’s How to Fight Off Rats.

A lot of available information on preventing RATs from infesting your computer are not tools or hardware, they are tips on using safe surfing habits.  You should already be using safe surfing techniques, but I’ll need to save that for a future article.

Gerry Schatte
ShoddyHog

It comes as no shock to me that my first real article on the BBQ Blog would be regarding "the latest" threat.  There’s always another one these days.  We’ve gone from viruses, to worms, and finally phishing.  Now, let me introduce the latest threat – Remote Access Trojans (RATs).  No, Trojans are not new to the computer security scene, but these are different. They exist to do one thing – steal your on-line banking information!

Trojan horse programs, ones that hide on your computer unknown to you, have been used in the past mainly to send out SPAM email, launch attacks against web sites, and other undesirable activities.  The recent round of RATs though, has one real scary new threat.  You could very well become a victim with no warning signs at all, even if you went to your on-line banking site yourself.  These RATs just sit there and wait until they can steal your username and password, then silently transmit them back to the author.  You can figure out the rest on your own, but just in case, here’s an excerpt from the Microsoft article.

"First, the ability to capture every screen and keystroke means that intruders can gather users’ passwords, directory paths, drive mappings, medical records, bank-account and credit card information, and personal communications. If your PC has a microphone, RATs can capture your conversations. If you have a WebCam, many RATs can turn it on and capture video—a privacy violation without par in the malicious-code world. Everything you say and do around the PC can be recorded"

Here’s a couple links to sites with more information.  I will be following up this article with more on how to secure your system, so stick
around.

MSNBC Article – RATs
Microsoft’s Article

Gerry Schatte
ShoddyHog

 

My name is Gerry Schatte, and I will be the BBQ Blog reporter on Computer Stuff. Since I purchased my first computer over 10 years ago, many things have changed. I first connected with a 14.4k modem with my state-of-the-art Pentium 90, now I connect via bi-directional satellite internet into my house that has six computers connected via a network! We’ve come a long way.

The internet has evolved so that places like The BBQ Forum can bring together people from around the globe, people with common interests. But with all the good, unfortunately, comes the bad. In recent years, it has turned personal computing into a seemingly endless struggle, constantly dealing with new viruses, worms, programs, patches, security holes, and hardware that becomes obsolete just a few short months after you buy it.

I hope to make some of those struggles a little easier to deal with. In those past 10 years, I’ve been employed as a programmer, and have been working on my own web site, The Shoddy Page on the side. The entire time I’ve been helping customers deal with an ever-changing computing environment. I’d like to think I helped a few people along the way, and I hope I might pay a few of you back for all the knowledge I have learned on The Forum. It may be just a few links here and there, tips on how to use the search engine, or something more in-depth. Feel free to drop me a line if you have any suggestions.

Gerry Schatte
ShoddyHog

BBQ Forum Blog copyright 2005 bbqblog.com and The BBQ Forum
Web page design and hosting by Ray Basso and bbqforumhosting.com Theme Downloaded from www.vanillamist.com