Bytes of Security

What is a password? It’s that thing you must type to get into your stuff; It’s the bane of the Internet civilization. Per Dictionary.com, a password is a secret word or expression used by authorized persons to prove their right to access, information, etc. Passwords were created with good intentions, but they quickly became one of the weakest forms of security in existence on the Internet. Simply having a password is better than not having one, but pretty much no service will allow you to have an account without setting a password. Where did we go wrong? Imagine if all someone had to do to gain access to your bank account and siphon money out before you had a chance to notice was to know the name of your favorite childhood pet or your birthday or anniversary? That kind of knowledge would come with relatively minimal effort on the part of the attacker. Most people have their date of birth (DOB) publicly available through one means or another.  On another n

A couple of weeks ago I received an email that looked like this. This email went straight to my spam folder which I check occasionally to make sure I don't miss anything important. This particular email appeared to have come from one of my relatives. Let's see what's inside the email. I have obfuscated the actual email address because it is the first and last name of a relative. So the email came from someone[at]kkfi[.]org. I don't recognize that domain, but a quick lookup tells me it belongs to a radio station. Checking the hyperlink in the email body, I found that only one Antivirus vendor has the link categorized as phishing. But one bad verdict was enough for me to not visit the link. You can see the verdict  here . So why did someone at a radio station try to phish me? Well, actually it's likely that it wasn't an individual at the radio station but someone else who abused their domain and/or mail server. Let's dig so

The question has arisen many times in my profession, and my friends and family have even asked me:  "Is it safe to store this information in the cloud?"  To answer this question, we need to understand what the cloud is. Then we need to determine what kind of information you intend to store, and how important it is that the information remain private. The "cloud" - what does this nebulous term mean? Understanding the cloud Let's make sure we understand what the cloud is not . You're reading this article on a device such as a smartphone, personal computer, or tablet. Your device is not part of the cloud, but it is a client of a server that is part of the cloud. A word on client vs server Suppose you go to your neighbor's house and knock on the door, but no one answers. Your neighbor wasn't expecting anyone, and they don't let strangers in. On the other hand if you visit a restaurant, usually a host or hostess will greet you and