Time for some crypto fun. If you have been following my posts, you know that I’m a crypto freak. I have loved codes and ciphers since grade school days (and that is quite a long time…). Surely, I was a secret agent or a cryptographer in another life; it’s simply fascinating to me. Anyway, the internet makes simple ciphers and cryptograms trivial to solve, but it still takes some ingenuity to figure out how the ciphertext was generated. So, here’s a challenge for you: Decrypt a simple sentence using any means at your disposal, including tools available on the internet.
It won’t be as easy as you might think. The sentence is very short, and does not contain the standard distribution of vowels and consonants, so you won’t figure it out that way. Moreover, the sentence contains every letter of the alphabet (hint, hint <wink>). And for those of you who think it’s going to be ROT-13, think again – it’s not. I have preserved the spaces to make your job slightly easier. Here’s the sentence:
CQN ZDRLT KAXFW OXG SDVYB XENA CQN UJIH MXP.
Have fun and post your solution in the comments.
I simply love these Ask Mr. Wizard animations and illustrations of Steve Gibson’s Security Now! episodes. Here is the latest post, and it’s a good one. Note: There are several segments to this series and this video will refer you to them at the Ask Mr. Wizard site.
Twitter has introduced two-factor authentication for account access.
Users who opt in to the feature provide Twitter with a mobile phone
number, and whenever they want to log in to their accounts, they will
be required to provide their regular passwords along with a verification
code which will be sent to the specified phone. The introduction of this
feature comes just weeks after several high-profile Twitter accounts
were compromised and misused.
It’s fairly straightforward to set this up on Twitter. Simply log into your account, go into settings, select Password and you’ll see this message at the top:
Click on the link and follow the instructions to set it up on your mobile phone. Once you do, there is a complete range of settings that allow you to customize text notifications. Do what you want with that. My main interest is in the two-factor authentication.
After you get the preliminaries completed, you’ll have to go into your Account menu and activate the option. Here’s what that looks like:
Once you do this, you should be good to go and Twitter will require a code every time you log in.
Sidenote: Twitter is now more secure than my bank which only asks for username and password. Go figure. But more on that in another post.
Data gathered by Microsoft’s antimalware products has identified a list of common infected PDF files and they are listed on the Microsoft MSDN blog. Here they are:
- 5661f.pdf 7927
- 9fbe0.pdf 7065
More information is available at the Microsoft Malware Protection Center.
Thanks to techchunks.com for lightening my otherwise stressful day. What would you do if you saw this?
Height of security! This error message was generated when Windows 2000 users logged into an MIT Kerberos realm and got a shock of their lives on attempting to change their password. They were given a seemingly impossible task of setting a password with 18,770 characters that was different from the last 30,689 passwords. Thankfully, this uncommon error was fixed with the release of SP3 for Windows 2000.
I guess the goofiness runs in cycles or waves. Variations of this hard-drive-burning-most-destructive-virus-that-ever-existed hoax have been floating around in email since email went public. Makes me want to tear my hair out. This one was recently seen floating around on Facebook:
!!!!!!!!!! RED ALERT for YOUR COMPUTER
Please circulate this notice to your friends, family and contacts!
In the coming days, warning: do not open any message containing an attachment called Archive (Windows live) regardless of who sends you. This is a virus that burns the entire hard disk. This virus comes from a known person you have in your mailing list, which is why you should send this message to all your contacts. If you receive a message called "UPDATING WINDOWS LIVE", even if is sent by a friend, do not open it and stop immediately. This is the worst virus announced by CNN. It has been classified by Microsoft as the most destructive virus that ever existed. The virus was discovered yesterday afternoon by McAfee, and there is no chance of repair for this type of virus. Simply destroys Sector Zero of the hard disk. Just copy and paste..
C’mon, people! A simple check of snopes.com would reveal any such virus hoax.
A study by Ofcom, the UK communications watchdog…, “Adults’ Media Use and Attitudes Report 2013″, [comprising] a poll of 1805 adults aged 16 and over discovered that 55% of them used the same password for most – if not all! – websites.
Unbelievable! Will they ever learn? It’s precisely this kind of thing that gives us Network Administrators nightmares, especially when these same people are given access to resources on our networks. Don’t they realize that if one site gets compromised, the hackers have access to all of them?
This is compounded by the types of passwords people tend use, i.e., easy-to-remember passwords such as birthdays, pet names, etc. The study found that 26% of the people polled do this.
If you are one of these people, or if you know someone who is, please see to it that the passwords get fixed as soon as possible.
Are you one of those people who leave their computers logged into everything all the time? If not, then good for you, but I bet you know someone who does. It’s a bad idea. Even if you run with a limited user account, you’re at risk. An XKCD cartoon does a fine job of illustrating.
In one of his famous “propeller head” episodes, Steve Gibson of Security Now! podcast fame describes an algorithm that thwarts even the most powerful super computers’ attempts at cracking passwords. Episode 388 [MP3] in January, 2013 describes an ingenious method of requiring huge amounts of memory for each hash function iteration, effectively crippling even the best tools that cyber-criminals can deploy.
The podcast is nicely summarized in this AskMisterWizard video:
Hats off to Ellen DeGeneres for exposing a useless and insecure product–Internet Password Minder–and doing it in an amusing way while helping to raise awareness of password security issues.
And thanks to Naked Security for bringing it to my attention. Seriously funny.