The Reasoning Behind Complex Passwords

We have always gotten a lot of push back on enforcing complex passwords. Believe me as a person that works with a lot of passwords every day, I understand completely. But the data speaks for itself. In the picture below, note the difference between only lowercase and all characters.

What’s the most shocking of the statistics below? It’s that 4 digit pin number to your bank account, isn’t it? Absolutely insecure and under the best of circumstances broken in 1.36 minutes. See if they’ll let you use a longer one.

There is however, another very important take-away that you need to know about…

it’s the definition of All Characters. All Characters means that your password contains upper, lower, numbers and symbols and the letters do not form any known word.

So it’s something like !)@ftlgjsro2BB which is just awful to type and remember but it will take a hacker 154,640,721,434 millennia to break it. Perhaps it is worth committing to memory?

Still I have a easier solution to this problem. It’s the one that we use internally. It’s a formula and it goes like this: symbol symbol word word symbol symbol or symbol number word word symbol number

Here are a couple of examples of easy to remember complex passwords that do not contain any known word.

$$TreePhone))      ^6FlipHanger0)

But those are words, you say? Yes but No, they aren’t. They are two unrelated words that when put together make nonsense and aren’t found in the dictionary. Complex password don’t have to be difficult and we do have to enforce them. If it wasn’t important we wouldn’t harp on it so much.

Take 5 Minutes and Learn Something New

Each of these videos is 5 minutes or less in length.

OneNote is the most amazing application. Everyone that uses it, loves it. If you haven’t tried it yet. This would be a great way to kick off the new year.

How to create and use notebooks

 

New to the Ribbon interface in Office 2007 and Office 2010? Take a tour to learn how it’s organized. Once you learn it in one app, it’s the same in all of the others.

Tour the Windows 2010 Ribbon

 

Learn how to setup a Master Slide in PowerPoint. Once you have a master setup, you can standardize your templates across the company and have each new slide in your presentation automatically have the correct formatting.

How to Create a Master Slide in Powerpoint

To the Cloud, and Beyond!

The “cloud” is all the talk in computing these days. They talk about it as if it’s something new. I suppose in once sense it is. It is a new term in marketing and boy are they pushing it. Microsoft’s “to the cloud!” commercials have been a hit, a kin to Apple’s I’m way cooler than a PC commercials were a couple of years ago.

So what is this cloud thing? Well, as you know there are many different types of clouds and some clouds are more pleasant than others.

 

In IT marketing speak there are two types of Clouds that have formed. Public Cloud and Private Cloud. Both are very simple concepts and neither is new.

Public Cloud = The Internet

If you are reading this, then you are using a public cloud. The cloud allowed me to upload this document into Harbor’s blog. The cloud allowed me to tell my blog to send a copy of this blog post to the members of our client mailing list. Your email server received the message from the cloud and is displaying it to you right now. You’ve probably been using the public cloud for years.

Private Cloud = Virtual Servers in your Office

A virtual server is the same server software only it runs as a file and it uses virtual hardware. Because it uses virtual hardware, we can run multiple servers on one physical piece of hardware. It saves some money because we don’t have to purchase so much hardware anymore. We increase the efficiency of your hardware purchases. Several of our clients with multiple servers, are running a private cloud.

Cloud Computing = Applications that are housed on the Internet or that use the Internet for some of their function.

This one is tricky. It’s in the cloud – it must be good. The cloud IS good at some things, it is not good for some things, and it’s impossible for other things. That’s the uncertainty. The only certain thing about the cloud is that it requires compromise.

At Harbor we have moved in the direction of the cloud in our recommendations for some items, when it makes sense for our clients business needs. Our remote support tool that allows us to connect to your PC remotely, is one such example. We’re recommending a cloud version of Trend for anti-virus. We have some smaller client using Exchange in the cloud – it’s a great solution for small businesses that couldn’t afford Exchange otherwise. We’ve got phone apps integrated into Sharepoint using a cloud connection. The cloud is everywhere and we’re tuned into.

We can do almost anything in the cloud these days. The problem is that it doesn’t always make sense – or cents. Using the cloud isn’t free, it’s a lease. Using the cloud isn’t without risk, you give up control. Using the cloud isn’t without downtime, you just can’t do anything at all about it except wait and hope for the best when it happens.  Using the cloud isn’t secure – it’s not your building, not your server hardware, not your people maintaining it or configuring it, not your backup system, not your upgrade schedule, not your data security plan, etc.

Therefore, it’s best not to trust the cloud. But the good news is that we don’t have to trust it to use it. We only have to plan accordingly, make allowances for the lack of trust and the relinquishing of control over our own data and applications.

As always we need to be careful and make wise decisions. We can harness this cloud and make it work for us. We’re already doing it.

Part Two: Outlook Social Connector. Why you should care, even if you don’t use it.

This post is a continuation of this one: http://smalltechnotes.blogspot.com/2010/11/things-you-need-to-know-about-outlook.html If you aren’t familiar with the Outlook Social Connector then you should read that post first.

Here are few people that I am not connected to. Let’s see what they look like.

The above people are randomly pulled from mailing lists I belong to on Yahoo and ISAServer.org. They didn’t even send email to me directly. Rather they posted it to a mailing list and that mailing list gets delivered to folder in my Outlook mailbox.

This guy above didn’t email me either. He was simply copied on an email that someone else sent to me. There’s his photo.

At this date in history about 1/2 of the email I receive has a photo attached to it. I know what these people look like even though I am not friends with them on Facebook. I know this because they choose to allow basic information in their profile to be shared. This includes their profile photo.

So what if you don’t participate in any social media? Well then this is what you look like to me.

Is not participating in social media the way to go? I can’t see your photo, is this a good thing? Today you’ll be in good company in my inbox because only about 1/2 of the email I get has photo. But riddle me this…in the near future when your clients look down the list of people in their contacts and they see your ghostly outline instead of your smiling face, how are they going to feel about you? I’ll argue that they won’t be drawn toward you. They’ll probably pass you over.

So what does this mean for your business? It means that the profile photos you post ANYWHERE will be seen by your business contacts. It means that what you do in social media IS part of your business right now and that same goes for anyone in your company that has an email address. There is very little separation between private, public and work anymore and very soon there will be none at all.

Does this pose a bit of a human resources problem for your company? Oh boy, the times are a changin’.

Happy Holidays–Santa is on her way!

This is the time of year when we take an extra moment to appreciate all of you, for your business, for your friendship, for being the wonderful people you are.

Please enjoy the snacks that “santa” is about to bring you.

Headlines read malware attacks in 2010 greater than all previous years combined

From http://www.computerweekly.com/Articles/2010/11/17/243967/Malware-growth-reaches-record-rate.htm

Malware growth has reached its highest levels, with an average of 60,000 new pieces of malware identified every day, according to the latest threat report from security firm McAfee.

Cyber criminals are becoming more savvy and attacks increasingly more severe, said the threat report for the third quarter of 2010.

The Zeus botnet is identified as one the most sophisticated pieces of malware to plague users, with US small businesses losing $70m to Ukrainian cybercriminals.

Most recently, cybercriminals unleashed the Zeus botnet aimed at mobile devices, designed to intercept SMS messages to validate transactions. As a result, the report said criminals can perform the full bank operation, stealing funds from unsuspecting victims.

 

And the rates are just continuing to climb…

http://www.securelist.com/en/analysis/204792146/Monthly_Malware_Statistics_October_2010

First, a big congratulations for surviving and not getting more malware infections than all previous years combined. We did not spend more time fighting malware infections than in previous years. That means that we can all feel good that we’re going something right. Please keep it up.

As a refresher, here’s how you avoid letting the bad guys steal from you:

• Have a good properly configured firewall that is smart enough to catch malformed packets
• Have current anti-virus software
• Keep your PC’s' and Server operating systems current
• Keep all software fully patched
• Keep your eyes open for websites that don’t look quite right
• Don’t click on attachments in email
• Don’t click on ads in webpages
• Don’t believe everything you read in email or on the web

Things to avoid:

• Facebook – Be careful who you “like”. If you don’t know them don’t accept them as friends. There are fake user accounts out there whose sole purpose is to steal your account.
• Facebook – Who viewed your profile? This is malware. Once installed it will steal your account and start posting in your name. Beware of Facebook ads in general.
• Fake Updates – found mostly on porn and sports websites where videos are displayed, a fake update for the video player of your choice will pop up. This is not a update for your video player, it is malware asking you to install it.
• UPS, Amazon,  and other sites – After visiting you may receive an email with information about your “purchase” or shipment. It’s a fake. They are after your account information or credit card information.
• IRS – The IRS is going digital and the criminals are really coming out of the woodwork to try to redirect your dollars. They can only do this with your help. An email comes letting you know that there was a problem with your monthly deposit. Click the link and go to a VERY real looking website and resend it – to the criminals. 

You may have noticed that it’s no longer your computer that’s the problem. It has become very difficult for a virus to install itself. These things get installed and cause harm because they have fooled you into thinking that they are legitimate. They ask you to install them because they can no longer do it themselves. Small business is the main target of cyber crime today. Why? Because they know that most small business don’t take security as seriously as larger businesses do and so small business and home computers are viewed as the easily picked low hanging fruit. Sure, there’s not a lot of dollars to be had from any individual or small business, but that doesn’t matter because these guys don’t attack one person at a time, like a pick pocket. They use the power of the Internet to pick a million pocket simultaneously.

"With great power comes great responsibility." – Spiderman

If only they used their power for good. These malware writers are smart, it’s too bad they are also greedy. Be careful out there and call us if you see anything that you are unsure about.