Security
Airline Security
Fri, 07/27/2007 - 12:45 — jbrelandI usually refrain from posting about such stuff on my site, mostly because I tend to work myself up into a rant and I just don't have the time and energy to deal with that these days, but this was a really good read. While responding to a question about a certain aspect of airline security, a pilot provided his thoughts on the industry as a whole. This is a very insightful point of view, and covers a lot of what's just plain wrong with the state of affairs today.
I highly encourage anyone interested in this sort of stuff (and if you ever have reason to fly on a plane, you should be interested) to read the full article. It only takes a few minutes.
http://hotair.com/archives/2007/07/16/a-pilot-on-airline-security/
(as found on Bruce Schneier's blog)
Which file types are actually executed during extraction by Universal Extractor?
Sun, 07/01/2007 - 13:49 — jbrelandJST posted a good question a while back in the Universal Extractor forum. He wanted to know if any executable files (such as installers) were actually run during the extraction process. For the vast majority of files, UniExtract will "rip" the contents out of the file using a extraction/decompression utility. For example, Inno Setup installers are handled by innounp, self-extracting Zip files are handled by 7-Zip or Info-ZIP, etc. However, there also cases where some files simply must be executed in order to extract the contents.
JST was concerned about this because he sometimes uses Universal Extractor to investigate malicious files. Obviously you want to be very careful when examining malicious files, so his concern was well justified. He asked for a list of file types that UniExtract will actually execute when extracting. It took me a while to get around to documented this, but I've finally done so. You can read the full list in this forum thread:
Are any files executed during extraction?
This is good information to know, especially if you ever work with suspicious files. I'm probably going to add this information to the main UniExtract page as well, and will look into possibly adding a warning message to UniExtract itself before executing any untrusted files.
How to Create Truly Obscure Passwords
Wed, 03/21/2007 - 16:09 — jbrelandI recently came across an interesting article on Irongeek.com (which itself is a pretty interesting security site that I'll probably add to my list of news feeds) entitled, "ALT+NUMPAD ASCII Key Combos: The α and Ω of Creating Obscure Passwords." The author suggests the idea of using non-standard (ie, not defined on standard keyboards) special characters as part of your password. It's common knowledge that adding special characters to your password greatly increases the difficulty of guessing or brute forcing the password. This extends the idea by adding normally hidden (and often unthought of) characters to the mix. So, while something like abCD1234%^&* might be a good example of using special characters in a password (though obviously you'd want something more random than that sequence), consider this password: äßÇн²¶╔¥¢. I'd love to see the password cracker that can crack that one. :-)
Of course, as the author mentions there are downsides to this. Increased complexity notwithstanding, its strength is also its main weakness; these are non-standard characters, and as such not all applications and operating support them in the same manner (or at all). While this may work great as a Windows user password, for example, it may not be possible to use it as a Linux user password.
Regardless, it's still an interesting concept that deserves some attention. Check out the article for more details on the subject, as well as a tutorial and reference charts for entering special characters. The Wikipedia article on Windows Alt keycodes (also referenced in the article) is another good resource.
Secure Password Analysis and Recommendations
Thu, 01/11/2007 - 14:09 — jbrelandSecurity guru Bruce Schneier has written a rather fascinating article on password composition and cracking. Security professionals in general would be interested in this, but in truth anyone using computer systems (read: you) should read and pay attention to this article.
Interesting statistics from the article: 24% of all analyzed passwords are recovered within minutes; up to 65% are cracked within one month.
You can read the full article at this link:
http://www.schneier.com/blog/archives/2007/01/choosing_secure.html
Password Management Concerns with IE and Firefox
Tue, 12/12/2006 - 08:01 — jbrelandSecurityFocus recently published a two-part article by Mikhael Felker covering security concerns with the password management functionality in both Internet Explorer and Mozilla Firefox. It's a pretty good read for anyone interested in such topics.
Here are the links:
http://www.securityfocus.com/infocus/1882
http://www.securityfocus.com/infocus/1883
The comments are property of their posters; everything else ©2007 by Jared Breland.
This website is syndicated with an RSS 2.0 newsfeed.
