Jul 15

Yet again: Your wife’s name doesn’t qualify as a password!

Security 5 Comments »

You think I am exaggerating? Maybe I am for some people. But for the majority I am clearly not. This includes even big players on the Internet, who definitely should know better! And that really upsets me, because those careless people obviously have access (i.e. passwords) to many other peoples’ data — including customers.

Read here, what recently happened to many Twitter employees, including those dealing with confidential documents, which now have been published on Techcrunch.

The English translation of the original source can be found here.

These are the two lessons to learn:

  • Do not use third-party services to store confidential information!
  • Use passwords and security questions, which cannot be guessed easily!

A password must:

  • not be shorter than 8 characters
  • not contain only letters (better mix with numbers and special characters!)
  • not contain natural language (i.e. words which can be found in dictionaries)
  • not contain names, birth or anniversary dates, parts of (previous) home addresses, your favourite colour or hobby
  • not be re-used on a whole bunch of different web sites
  • not be stored in your email inbox (if a bloody stupid provider sends you non-temporary cleartext passwords, delete them instantly from any online media or computer, and change the password, unless you want the next worm or trojan to forward them to criminal parties)

Don’t think password hacking happens to the big players only. Those of you who have been running their own (web) servers for a while, shall have a look into the auth.log and access.log files (for a start). Hopefully that opens your eyes: Automated password cracking and site hacking attempts are no exception. They happen regularly to all of us. And they happen to all third-party services you use, but there you have no influence whatsoever, hence cannot do anything except making your passwords and security questions as difficult to guess as possible!

Please help making people aware of the necessity of strong passwords. Just share this post via Twitter, facebook, or whatever social network you are member of. Thank you!

Jul 06

Ubuntu or FreeBSD?

BSD, Linux, Operating Systems, general No Comments »

That’s one of the most stupid controversial questions I’ve ever read on Twitter. (Ok, I haven’t used Twitter for a long time yet, so I’m prepared for worse questions.) It shows that 140 characters cannot transport any substantial information really. The funny thing is that people indeed try to answer that question on Twitter — with 140 characters — recommending one or the other operating system to the one who asked. Total madness.

First of all, questions like this, which do not tell anything about the author’s aims and intentions, are not answerable. One could as well ask: Ferrari or Landrover? I’d suggest taking the Ferrari for the next cross-country rally, whereas the Landrover is definitely the best choice for the F1 track. Anyway, you got my point. :-)

This blog post has potential for flamewars between the lovers of BSD and Linux, and also between lovers of either of the Linux distributions. So let me emphasize that this is my personal opinion.

Continue reading »

preload preload preload