Lessfeet » passwords

Firesheep

Mark — Mon, 08 Nov 2010 18:24:27 +0000

Firesheep is a Firefox extension that monitors traffic on a network and records session information that is stored in a Web browser’s cookie. It was introduced last month at Toorcon (a hacker conference in San Diego CA” by Eric Butler of “codebutler” to demonstrate the danger of sites changing their sessions back and forth between secure and insecure.

Very simply Firesheep collects site login information so someone using it can login to those sites using the same credentials. What is so different about this tool is ease of use. You don’t have to be a skilled hacker. Any Joe of the street can use this to collect login information from coffee shop WIFI hotspots. You just manually install the add-on in Firefox(manually because it is not offered by Firefox as a official add-on), turn on the Firesheep sidebar and click “Start Capturing”. Now click on the icon of the site you want to login and your logged in to that persons account. It works with Amazon, Basecamp, bit.ly, eNom, Facebook, Foursquare, GitHub, Google, Hacker News, Harvest, The New York Times, Pivotal Tracker, Twitter, ToorCon, Evernote, Dropbox, Windows Live, Cisco, Slicehost, Gowalla, and Flickr. And coming soon is Yahoo!, eBay, LinkedIn, Digg, Reddit, Wikipedia, Blogger, GoDaddy, Posterous, Tumblr, Netflix, YouTube, Slashdot, MobileMe, PayPal, Salesforce, Craigslist, MySpace, Match, and AOL.

You may think this is a terrible thing and it is in the short term but in the long term it will make the internet much safer by forcing websites to be more security conscious.

Steve Gibson talks about Firesheep on Security Now.

Gina On Lastpass

Mark — Sat, 25 Sep 2010 08:40:19 +0000

Programmer extraordinaire and Lifehacker founder Gina Trapani and Leo Laporte talk about Lastpass the incredible cloud based password manger.

http://video.fastcompany.com/plugins/player.swf?v=a36aa96a78c7c&p=fc_social

You can see this and all of the “Work Smart“

You can find Gina and Leo on “This Week In Google” on the TWiT podcast network.

Create Secure Passwords

Mark — Sat, 17 Jul 2010 08:41:48 +0000

The longer your passwords are the harder they will be to crack. How long should they be and what sort of characters should you use? Steve Gibson on episode 256 of Security Now suggest ten characters. Both upper and lower case with numbers. This gives you 7.6×10 to the 17th power possible character combinations. You could also use twelve characters numbers and lower case alphabet (easier to type) to get a similar amount of randomness. Use Lastpass to generate and manage the passwords securely.

The Lastpast You’ll Ever Need

Mark — Tue, 13 Jul 2010 16:50:15 +0000

For the last six months I’ve been using Lastpass a password manager that is truely extraordinary. Lastpass is easy and safe. Lastpass is everywhere you are. It works on PCs, Macs, Linux and other operating system. It works with Internet Explorer, Safari, Firefox, Chrome and nearly any other web-browser. Adroid phones, iPhones iOS, Blackberry and many other smartphones are supported with apps included with the premium service, cost $12 per year.

Some of Lastpass features are…

Automatically fill forms! See Demo
Synchronizes across browsers!
Store secure notes. See Demo
Easily Import existing passwords form many different sources.
Secure password generator! See Demo
Access from anywhere on any platform.
Save to USB key for easy secure access anywhere.

There are so many features I can’t list them all in this post. The best thing to do is check out their website for a full description or listen to this excerpt from Security Now with security expert Steve Gibson. Steve tells you about the features and the its terrific security.

LastPass

Mark — Tue, 09 Mar 2010 14:30:01 +0000

I’m always saying use good passwords. Use upper and lower case letters and numbers. I do all of this but one has to have an algorithm to remember ones passwords. The problem is in order to use the password algorithm it has to be easy. Something you can do in your head. My algorithm is so easy that if you discovered one of my passwords it would be no problem to figure out the rest. An algorithm that you can do in your head must be more difficult and hopefully you have the gray matter to use it or you must try something else.

LastPass is the answer. LastPass generate pseudorandom passwords for you and store them on a secure website. Then LastPass can auto-fill passwords as you need them. It can even log you in automatically. It took me a while but I generated all new passwords for all of my logins, they are all different and they are saved securely on the LastPass site.

WPA Revisited

Mark — Thu, 11 Dec 2008 15:26:11 +0000

It is confirmed! What I said about WPA was correct. If you use a very strong password when using WPA-TKIP you are safe from everyone but the most determined hacker. They would have to really want to get in your network pretty bad to set in front of your house for days and may weeks with a very criptic password. Still they would not have full access. I still have not switched my wireless to WPA2 but I have a great password. Get your perfect passwords from GRC!