Anyone who has any kind of electronic account has a password. But what is that password protecting? For most people they have passwords protecting their private and financial information. If you work on a computer at all for your job you hopefully have a password to access your computer. That password is probably protecting much more than just your information, but also your employers information as well.
Just how secure are your passwords? Strangely most people still do not take their password security seriously. Once you have your accounts accessed, money stolen or just your reputation tarnished because someone used one of your accounts to do bad stuff, you will take password security much more seriously.
We all have heard of those that put their passwords on their monitors or on the bottom of the keyboard. Hopefully that is not you! There are some simple ways to keep passwords very secure and easy to remember.
Before I get into some quick ways to make your password secure I want to talk about the 2 methods that are used together to crack your password.
Most modern password crackers use a dictionary and the brute force method. The dictionary has the most common words used in passwords and will use the dictionary to generate many variations of the words in the dictionary. They also do some of the most common modifications to the dictionary words.
For example, lets say your password is cutePuppy1. The password crackers probably already have the words cute and puppy in them. In the process they will try every word and word combination and will try just about every variation of cutepuppy, for example: Cutepuppy, CutePuppy, cut3Puppy, Cut3Puppy, etc. In addition they will add modifiers like 1, 2 to the end of the combinations.
Seems like there would be millions upon millions of combinations right? Yes there are but you have to remember that a computer can do many millions of checks per second. And with a good dictionary the process takes no time at all.
If the dictionary cannot get a match then comes the brute force attack where it starts with a-z then aa-zz then aaa-zzz and so on until it finds a match. So how long would it take to break the cutepuppy password? About 56 seconds. By changing the P in Puppy to capital it takes 7.8 hours and the 1 on the end takes it to 3 1/2 months.
So now that you understand the methods to break a password, how can you make your password more secure? First, use no words that are in a dictionary. I am sure you have always heard not to use your kids names, birthday, your address, etc. Let's expand that to any word in the dictionary.
I understand that makes it hard to remember passwords because the password looks like rubbish. Here are some techniques you can use to make them easy to remember:
- Use acronyms, for example, I like the song from The Police called "Every Little Thing She Does Is Magic". So the base password would be "eltsdim". Add some modifiers to that like "!3ltsdiM!". Just remember the longer the better.
- Use a Pattern. For example, a simple pattern would be 1qaz2wsx#EDC which is the first 3 columns on the keyboard with the 3rd column being in shift mode. You could fo every other column, start at the 3rd column, etc. Mix it up. Just try to keep a good mix of upper and lowecase, numbers and special characters. My first pattern example would take 1.7 thousand centuries to bruce force.
- Use a password mangement program like LastPass or 1Password. These tools not only keep track of your passwords for you, they will also generate long and secure passwords.
Now that I have given you some ways to make an easy to remember and secure password, let me show you how you can check how good your password really is. First, remember no dictionary words. Go to https://www.grc.com/haystack.htm and put in your new password. Look at the "Offline Fast Attack Scenerio" for the amount of time it would take the average brute force attack.
I mentioned 2 password management programs above, here are the links to them as well:
I have used both and both are great. I am currently using lastpass with a yubico as an additional level of protection.
Please comment and ask questions if you have any, I love the feedback.
The Crisis financial malware that was recently found can spread using the capabilities in VMWare.
The malware is also known as Morcut or the malicious rootkit. Morcut is spread via an installer that is disguised as an Adobe Flash Player installer. It was first found by Kaspersky last month who found it attacking Macintosh OS X computers. The installer which is a Java archive (JAR) called Maljaba by AV vendor Symantec. The archive looks like is has been signed by VeriSign. The Java archive also has the ability to infect Windows macines that have the Crisis rootkit.
The Java Archive has two programs, one for OSX and one for Windows. The proper executable is dropped on the machine based upon which operating system it is running. The executable that is dropped on an infected machine open a back door into the infected computer.
The Crisis malware includes some Windows only features and proagation techniques. On Windows systems the threat makes a copy of itself and an autorun.inf file to an attached removeable disk (USB thumb drive, etc).
Another method it uses is to install itself onto a VMWare virtual machine. And the last method could be the most scary of them all, it tries to install itself onto windows mobile deivces.
There are many pieces of malware that will not run if they are running on a VM machine but this is the first one I have heard of that tries to distribute itself via VM's. According to research from Symantec, the malware does not jump into VM's via some security hole or flaw in VMWare, instead it writes directly to the files that make up the VM image.
As I learn more I will keep this post updated.
I have been getting a lot of questions about what is happening with Internet Marketing. For many people, their whole marketing engine has just almost come to a stop.
I agree, there have been over the last 6 - 8 months major changes in the IM world. I have some thoughts on why this is.
It seems the most affected are those that market to the actual Internet Marketing community and those that are looking for a way to make money online.
It was bound to happen... There are self proclaimed guru's re-hashing the same material over and over and at the same time selling thier "secrets" for pennies on the dollar. So, people looking to learn how to make money are getting more than anything junk which turns them off.
Plus, now we have PLR everywhere for just a couple of bucks. Low price equates to low quality in most people's minds.
Now, if you are not selling to the IM community, things are still good, not as good as they were but still making money. It is getting harder and hard though because there are some big companies now getting into just about every product. For example, say I am selling an ebook on dog training. I am sure amazon has much more on dog training than my ebook. Plus amazon has a great reputation already with just about everyone. However, I have no reputation with people just searching.
So what now? That is the 2nd most popular question I get. There is no single answer, it really depends on the niche you are in. If you are in the IM niche, get out. In my niche's I have done a number of things. I have created real books from some of my ebooks and they are selling on amazon now.
One of my niche's has a "kit" that is physical. In that case I have teamed up with other sites that in the niche to have them promote on an affiliate basis.
So are info products dead? No, but they are much more difficult to sell. Think about turning that info product into a video training and selling that as a DVD, on-line training or even a micro membership site.