kurt wismer's Comments

Naked Security : LulzSec, Anonymous and other hacks - should I change my password?

Tue, 21 Jun 2011 19:54:17 +0000

sucks to be me, then. i have nearly as many email addresses as i have passwords - somewhere in the low triple digit range. using this sort of service would be entirely impractical for me.

Naked Security : LastPass forces users to change master password after network traffic oddity

Thu, 5 May 2011 16:35:18 +0000

your browser can be tricked into divulging the passwords it has stored - in some cases even if it's protected by a master password. frankly, anything that automatically responds to page content by inserting a saved password (whether it's the browser itself or a plug-in) has the potential to be tricked.

Naked Security : Facial recognition software that blurs your sensitive data when you're not looking at it

Thu, 7 Apr 2011 16:23:51 +0000

the john malkovich on a stick one would probably work. having worked with facial recognition technology in the past it's been my experience that photos are generally good at fooling the system.

Naked Security : Opinion: Thief punished through YouTube and Facebook's Social Ad campaign

Fri, 25 Mar 2011 19:54:30 +0000

if i'm not mistaken, the laptop owner did not actually record the thief - the thief recorded himself (why else do that right in front of the computer's camera while looking into the camera - i've seen the video) and the laptop owner simply gained access to the recording through the online backup facility (the video got backed up). if i'm correct then that changes the character of what happened significantly and this case no longer serves as a good example of the deeper point carole was trying to make. as to carole's point, though, society cannot function if we have to involve the authorities for each and every interpersonal conflict. authorities do not scale up all that well so we have to try to work out these sorts of minor differences for ourselves if we can.

Naked Security : Coin Lock, an end to MMOG account hacking?

Wed, 23 Mar 2011 14:24:03 +0000

using different passwords is certainly a good idea. might i also suggest the use of forwarding disposable email addresses when signing up to services like this? that way your "username" doesn't actually give an attacker any information about where the true inbox containing the coin lock email is.

Naked Security : DarkComet RAT author denies BlackHole Mac Trojan is his

Tue, 1 Mar 2011 15:19:55 +0000

bizarre arguments against the trojan label are bizarre. it's creator labeled it a trojan, intended for it to be one, and succeeded.

Naked Security : Westboro Baptist Church and Anonymous come to internet blows

Mon, 21 Feb 2011 17:18:19 +0000

"To be honest, my feeling is that Westboro Baptist Church probably revels in feeling persecuted, and probably gets a perverse kick out of receiving the attention of the world's media and groups such as Anonymous." in other words, what we have here is a troll-fight. troll vs. troll and the one that gets the most attention wins.

Naked Security : Microsoft says 'Good riddance' to USB Autorun

Thu, 10 Feb 2011 15:22:10 +0000

i humbly submit that if autoplay automatically runs things, and autorun pops up a dialog that lets you play audio/video/whatever from the removable storage medium, then the names are completely backwards. not that i'd put it past microsoft to name things like that, however. hmm, this page ( http://www.microsoft.com/whdc/connect/usb/usbfaq.... ) seems to suggest that they actually named things intelligently (if you scroll down to the question "What must I do to trigger AutoRun on my USB storage device?"

Naked Security : Microsoft says 'Good riddance' to USB Autorun

Wed, 9 Feb 2011 17:04:43 +0000

as vesselin pointed out to me some years ago (complete with microsoft documentation) autorun didn't automatically launch programs when inserting a standard flash memory drive into the USB port (CDs, DVDs, and U3 capable flash drives are a different matter). they can automatically launch programs when you double click on the drive in windows explorer, however.

Naked Security : Did Anonymous 'spokesperson' rickroll The Alyona Show?

Mon, 31 Jan 2011 20:21:05 +0000

TL;DR. a rick roll is as good as a handshake to an identity-blind man. no insult intended, just a quirk of the culture. that about sum it up?

Naked Security : Did Anonymous 'spokesperson' rickroll The Alyona Show?

Mon, 31 Jan 2011 17:26:19 +0000

"i am in lesbians with this question" reminds me of scott pilgrim vs the world ("i am in lesbians with you").

The Ashimmy Blog : Do You Really Need Desktop AV Anymore?

Fri, 21 Jan 2011 20:14:56 +0000

intense debate has always hated me, it seems. i tried to reply to this before and at the time it seemed to show up but now it only shows up in my intense debate profile and not here. maybe i'll try again. while i'm aware of multiple free products, i can't say i've come across any free suites. most free products are just scanners with a few bells and whistles thrown in (like USB innoculation or a web guard or something). this, unfortunately, reinforces the misconception that all AV is is known virus scanners. most free products are part marketing gimmick. they give the minimum amount of protection for free so that you'll be more familiar with the brand name if/when it comes time to pay for something more. there's little point in putting all the protective capabilities into those free offerings.

The Ashimmy Blog : Do You Really Need Desktop AV Anymore?

Thu, 20 Jan 2011 05:46:00 +0000

while i'm aware of multiple free products, i can't say i've come across any free suites. most free products are just scanners with a few bells and whistles thrown in (like USB innoculation or a web guard or something). this, unfortunately, reinforces the misconception that all AV is is known virus scanners. most free products are part marketing gimmick. they give the minimum amount of protection for free so that you'll be more familiar with the brand name if/when it comes time to pay for something more. there's little point in putting all the protective capabilities into those free offerings.

The Ashimmy Blog : Do You Really Need Desktop AV Anymore?

Wed, 19 Jan 2011 22:23:34 +0000

the essential question - what does a pay for AV get you? depending on the product you select, it gets you a suite of technologies above and beyond what most outside the anti-malware domain would consider AV. you want whitelisting? some of the products have it. you want application sandboxing? some of the products have it. parental controls? some of the products have it. anti-spam? some of the products have that too. the list goes on and on. generally you don't get that sort of stuff with the free products (not that you can't cobble something together on the cheap if you really want to).

The Ashimmy Blog : Do You Really Need Desktop AV Anymore?

Wed, 19 Jan 2011 22:15:41 +0000

stuart is right. even considering clam, you get what you pay for.

Naked Security : Sophos report reveals increase in social networking security threats

Wed, 19 Jan 2011 21:11:00 +0000

"Because 500+ million users are going to find it very difficult to wrench themselves away from the world's most popular social network." I suspect wrenching is not how things will happen. Weaning (due to the 'souring' of the social environment) seems a more likely mechanism.

Naked Security : Mozilla accidentally publishes user IDs and password hashes

Tue, 28 Dec 2010 17:40:38 +0000

yes, they *could* have prompted users to switch over to thenew method, OR they could have switched them over silently as theusers logged in, OR they could have simply combined the existinghash method with the new salted hash method (ex. HASH{final} =SHA512(SALT + MD5(PASSWORD)) ) and migrated all accounts withoutinput from the users at all.

Naked Security : SHA-1 cracked for $2. Or a load of rubbish?

Sat, 20 Nov 2010 00:00:28 +0000

i don't doubt there are similarities between SHA1 and MD5, but the use of MD5 has been deprecated for the past 15 years due to pseudocollisions found in the mid-nineties. if those similarities were going to shake the trust people had in SHA1 i would have expected it to happen much sooner. the interest in a new standard hashing algorithm is more likely a consequence of relatively recent cryptographic results against SHA1 itself (whereby an attack can be mounted successfully that is, while still outside the realm of practicality right now, somewhat better than brute force). see these two posts on schneier's blog for more details http://www.schneier.com/blog/archives/2005/02/cry... http://www.schneier.com/blog/archives/2005/08/new...

Naked Security : SHA-1 cracked for $2. Or a load of rubbish?

Fri, 19 Nov 2010 05:54:24 +0000

SHA1 needs to be replaced because MD5 has problems? something seems a little off about the cause and effect relationship there.

The website of Andrew Hay : Done Something Illegal? Swap Out Your Finger Prints!

Thu, 10 Dec 2009 16:56:37 +0000

i would have to agree - if the mythbusters foiling fingerprint readers with photocopies hasn't already killed fingerprint biometrics (and it hasn't), then fingerprint alteration certainly won't. when it comes to biometric authentication, people always want non-invasive techniques (like fingerprints) in spite of the fact that biometric data that can be captured non-invasively is inherently easy to capture and reuse fraudulently. when it comes to biometric identification, fingerprints are one of the easiest and most likely things to get damaged. heck, they can even be temporarily modified with a bic lighter (which i found out quite by accident when i was younger).