Lockdown.co.uk - The Home Computer Security Centre

LockDown is the source for security information and resources for the home computer user.




Web www.lockdown.co.uk   

How elite security ninjas choose and safeguard their passwords

Filed under: July 11, 2013

Dan Goodin at Ars Technica has a helpful article about keeping your passwords safe:

“I recently checked in with five security experts to learn about their approach to choosing and storing crack-resistant passwords. They include renowned cryptographer Bruce Schneier, who is a “security futurologist” at BT and recently joined the Electronic Frontier Foundation’s board of directors; Adriel T. Desautels, CEO of Netragard, a firm that gets paid to hack large companies and then tell them how it was done; Jeremiah Grossman, founder and CTO of WhiteHat Security; Jeffrey Goldberg, “defender against the dark arts” at AgileBits, a company that develops the popular 1Password password manager; and Jeremi Gosney, a password security expert at Stricture Consulting.”

[Read the full article] at Ars Technica

Critical Steps When Your Email Is Breached

Filed under: October 12, 2009

These are extra steps everyone should take at least once a year, or during situations where an account may be compromised:

[Read the full article] over at http://information-security-resources.com

Passwords Are Not Broken, but How We Choose them Sure Is

Filed under: February 20, 2009

Bruce Schneier has posted some interesting thoughts (well, everything he posts is interesting, but this is especially so to me) about passwords and their role.

“[...]As computers have become faster, the guessers have got better, sometimes being able to test hundreds of thousands of passwords per second.[...]“

“[...]My advice is to take a sentence and turn it into a password. Something like “This little piggy went to market” might become “tlpWENT2m”. That nine-character password won’t be in anyone’s dictionary. Of course, don’t use this one, because I’ve written about it. Choose your own sentence – something personal.[...]“

Bruce Schneier from an article published in The Guardian.

Read the full article on Bruces blog

Vista, XP Users Equally At Peril To Viruses, Exploits

Filed under: June 01, 2007

From CRN Test Center: (via Slashdot)

“After a week of extensive testing, the CRN Test Center found that users of Windows Vista and Windows XP are equally at risk to viruses and exploits and that overall Vista brings only marginal security advantages over XP.”

Read the full article at CRN Test Center

OpenOffice.org Password Cracker is what you make of it

Filed under: May 01, 2007

From linux.com:

“What do you do if you forget the password to your OpenOffice.org files? The simplest solution is to download OOo Password Cracker, a macro for opening protected documents in any OpenOffice.org application. Using a brute force dictionary attack, OOo Password Cracker provides a slow but reliable method of document recovery. However, the macro requires some preparation if you want to use it effectively.”

Read the full article at Linux.com

0wning Vista from the boot

Filed under: April 27, 2007

From The Register:

“Just after vbootkit takes control, it hijacks the interrupt 13, then searches for Signature for Vista OS. After detecting Vista, it starts patching Vista, meanwhile hiding itself (in smaller chunks at different memory locations). The patches includes bypassing several protections such as checksum, digital signature verification etc, and takes steps to keep itself in control, while boot process continues to phase 2.

Phase 2 includes patching vista kernel, so as vbootkit maintains control over the system till the system reboots. Several protection schemes of Vista were analyzed such as the famous PE header checksum (every Windows EXE contains it), the Digital Signature of files.”

Read the full article at The Register

Program Names govern admin rights in Vista

Filed under: April 24, 2007

From The Register:

Developers have discovered that the name given to a Vista executable affects whether or not it will require admin rights to run.

Read the full article at The Register

Russinovich: Malware will thrive, even with Vista’s UAC

Filed under:

From Zero Day:

“Despite all the anti-malware roadblocks built into Windows Vista, a senior Microsoft official is lowering the security expectations, warning that viruses, password-stealing Trojans and rootkits will continue to thrive as malware authors adapt to the new operating system.”

Read the full article at Zero Day

Vista’s UAC Warnings Can’t Be Trusted, Symantec Says

Filed under: February 26, 2007

From PC World:

Hackers can trick Windows Vista’s User Account Control to hide malware, researcher found.

The process to spoof a UAC dialog is roundabout, but doable, said Whitehouse. It would start with a user falling for any one of the current hacker tricks. “The most likely scenario is that a user gets compromised by malicious code, from a Trojan [horse] or a vulnerability in a third-party application like Office or a browser,” he said in an interview.

Read the full article at PC World

Vista security overview: too little too late

Filed under: February 21, 2007

From The Register

So, what have we got here? An adequately secure version of Windows, finally? I think not. We have got, instead, a slightly more secure version than XP SP2. There are good features, and there are good ideas, but they’ve been implemented badly. The old problems never go away: too many networking services enabled by default; too many owners running their boxes as admins and downloading every bit of malware they can get their hands on. But MS has, in a sense, shifted the responsibility onto users: it has addressed numerous issues where too much was going on automatically and with too many privileges. But this simply means that the owner will be the one making a mess of their Windows box.

Read the full article at The Register