Cryptosmith

Another chuckle:

Someone picked up the domain ‘highsecuritypasswordgenerator.com‘ and has proceeded to implement a password generator on it. The generator applies a common technique (I described it in my book Authentication) wherein you choose two words from long lists and separate them with a special character of some sort.

The down side should be obvious to anyone who thinks about web security: the password is shared with the password generating site and with anyone who sniffs the web page as it travels across the Internet. Continue Reading »

Posted under Information Security | No Comments »

Bruce Schneier pointed out this cartoon. I’ll be looking for this booth at the Minnesota State Fair next month.

read more | digg story

Posted under Information Security | No Comments »

The City of San Francisco has just suffered what sounds like the nightmare scenario of an insider attack on their computing infrastructure.

The ‘disgruntled employee’ who reportedly was ‘disciplined for poor performance’ had enough access to critical system components to give himself exclusive control of the infrastructure and apparently lock out other administrators. The system is said to still be running, but administrators have little control over it.

So what’s the lesson here?

Continue Reading »

Posted under Information Security | No Comments »

A site called “Live Science” has posted a “Top 10 Revolutionary Computers.” This was obviously written by someone who doesn’t know a lot about what makes a computer significant, beyond advertising.

The TRS-80 (aka the Trash 80)? The latest IBM parallel monster? Give me a break. These were all reruns of well-understood concepts. Nothing new. They listed the Alto, so why list the Macintosh?

Continue Reading »

Posted under History of Technology | No Comments »