eHam

eHam Forums => Misc => Topic started by: N9LCD on September 10, 2018, 06:47:44 AM



Title: COMPUTER SECURITY????
Post by: N9LCD on September 10, 2018, 06:47:44 AM
USER ID:

Recently I was trying to set-up a new "online account" to make a purchase.  I entered my user ID as I write it: XyXyXyyyy.  Hit enter and got a confirmation that my account was ready to use.

I tried to log-in with my user ID xyxyxyyyy.  No luck.  I called the user support line.

Guess what.  THE USER ID IS CASE SENSITIVE -- BUT THE NEW ACCOUNT PAGE DOESN'T SAY THAT!!!!!

PASSWORD:

I frequently log into a business / professional website.  A couple of weeks ago I received an email saying that their website had been upgraded and users could now enter a password of up to 128 characters.

USING THE JUST THE ALPHABET AND TEN NUMERALS, THAT'S SOMETHING LIKE 3.62 * 10 TO THE 48th POWER PASSWORDS WITH JUST 62 POSITIONS!

Heck, eight-position passwords are hard enough to remember, but a 128 position one?  That's almost a Tweet!!!

I wonder how long it would take a hacker to crack a 128 position password using random combinations of alphabet and numerals?  Heck, if it takes long enough, it might "blow" their computer!

N9LCD  ??? ::)


Title: RE: COMPUTER SECURITY????
Post by: PU2OZT on September 10, 2018, 07:01:00 AM
A piece of cake to crack... provided you cool the machine with liquid nitrogen...

Now... let's settle up two-factor authentification via FT8, and hackers are on the dole.

Oliver


Title: RE: COMPUTER SECURITY????
Post by: KC4ZGP on September 10, 2018, 07:14:55 AM

A tweet?

Kraus


Title: RE: COMPUTER SECURITY????
Post by: DL8OV on September 10, 2018, 09:34:50 AM
If the 'password' can be up to 128 characters then it's not a password, it's a pass phrase. This is a good thing. Make use of the facility, maybe practice your skills in other languages. As an example the motto on the coat of arms of my old school would probably foil most dictionary attacks as it's in medieval Latin, and as we all know:

Te audire no possum. Musa sapientum fixa est in aure.

Peter DL8OV


Title: RE: COMPUTER SECURITY????
Post by: N9LCD on September 10, 2018, 06:57:41 PM
I had A FSC that was a fanatic on Latin.  He managed to teach us almost three years of Latin in only two.  CENSORED!

Unfortunately the Church quit using Latin in '63 -- just when our studies finished.


Title: RE: COMPUTER SECURITY????
Post by: G4LNA on September 11, 2018, 03:52:01 AM
I've given up trying to remember any passwords now-a-days, it's just getting ridiculous, I use a password manager and remember just the one password now.


Title: RE: COMPUTER SECURITY????
Post by: NA4IT on September 11, 2018, 04:00:10 AM
I still like my password... password.


Title: RE: COMPUTER SECURITY????
Post by: KC4ZGP on September 11, 2018, 04:50:54 AM

I use asterisks.

Kraus



Title: RE: COMPUTER SECURITY????
Post by: N9LCD on September 11, 2018, 07:33:23 AM
Having trained as a specialist in the detection, prevention and investigation of fraud, I can say one thing:

THERE IS NO SUCH THING AS AN ABSOLUTELY INVULNERABLE SYSTEM.  ANY SYSTEM DEVISED BY ONE MAN CAN DEFEATED BY ANOTHER WHO WANTS TO BAD ENOUGH AND TRIES HARD ENOUGH.

There are much more attractive and lucrative targets than the users of this site.


Title: RE: COMPUTER SECURITY????
Post by: N8YX on September 11, 2018, 07:38:51 AM
There are much more attractive and lucrative targets than the users of this site.
Unless said users are high profile and well-known in the ARC.

Think along the lines of gear flippers who move volumes of stuff, or the owners of online equipment dealerships. Etc.

For purposes of war gaming, I can think of a couple of social engineering exploits off the top of my head involving such people.


Title: RE: COMPUTER SECURITY????
Post by: KC4ZGP on September 11, 2018, 09:35:56 AM

N8YX,

You're right. There are hidden dangers within.

Bwaaa!!!

Kraus


Title: RE: COMPUTER SECURITY????
Post by: W3WN on September 11, 2018, 11:58:19 AM
I still like my password... password.
#2 on the 2017 "25 Most Commonly Used Passwords" list.


Title: RE: COMPUTER SECURITY????
Post by: G3RZP on September 11, 2018, 01:12:36 PM
How good is something like GKA42deMTXZ? Ship MTXZ calling Portishead Radio on 4 MHz. Especially since Portishead radio no longer exists. OK, IF you know that the guy whose password you are trying to break was a marine radio officer or was involved with marine radio, you might have a clue, but you have an awful lot of possibilities for the coast station call sign alone, let alone the ship station one. Especially if as a  Brit you chose something like FFBdeFNVG1....(French ship's lifeboat calling Boulogne Radio)


Title: RE: COMPUTER SECURITY????
Post by: KD0REQ on September 11, 2018, 01:53:30 PM
the only really secure computer, as was told to me in the days of the VAX 11/785, is one that has no connections and no power, encased in reinforced concrete 60 feet down.

that said... never click on pop-ups, do all your patches the day after release to avoid ones that delete critical OS files (most AV programs have done that at least once,) don't surf dicey sites, and use complex passwords.  begin typing all browsing links with https:// not just www. keep the AV current. have backups.  get a master OS disk for your machine if you can, in case you have to rebuild from scratch.


Title: RE: COMPUTER SECURITY????
Post by: SOFAR on September 11, 2018, 03:23:18 PM
the only really secure computer, as was told to me in the days of the VAX 11/785, is one that has no connections and no power, encased in reinforced concrete 60 feet down.

that said... never click on pop-ups, do all your patches the day after release to avoid ones that delete critical OS files (most AV programs have done that at least once,) don't surf dicey sites, and use complex passwords.  begin typing all browsing links with https:// not just www. keep the AV current. have backups.  get a master OS disk for your machine if you can, in case you have to rebuild from scratch.

How many people type www, or https://?






Title: RE: COMPUTER SECURITY????
Post by: N8YX on September 11, 2018, 05:10:41 PM
...don't surf dicey sites...
It isn't the "dicey" site that gets you as much as the (compromised) "popular" site.

See 'watering hole attack'.


Title: RE: COMPUTER SECURITY????
Post by: G4LNA on September 12, 2018, 12:05:39 AM
British Airways is not a dicey site, they didn't try and get passwords, but some little oik manage to get a script on the site and nick credit card details.

https://www.bbc.co.uk/news/technology-45481976


Title: RE: COMPUTER SECURITY????
Post by: KG4RUL on September 15, 2018, 04:48:14 AM
I had a co-worker who went to a naval radio station in northern California to perform a software upgrade on one of their systems.  The equipment was located in a 'TEMPEST' certified, secure facility.  She happened to notice sunlight on a wall and looked up towards the ceiling and noted a fairly large hole in the building wall with clear plastic taped over it.  That was where some cables had previously been routed into the building through a filter panel.  The panel was redundant and had been removed.  The facility was awaiting a contractor to patch up the hole and had been waiting for several weeks!  Huge amounts of money spent to make the classified data secure had been wiped out in one stupid move.


Title: RE: COMPUTER SECURITY????
Post by: N8YX on September 17, 2018, 07:00:08 AM
I had a co-worker who went to a naval radio station in northern California to perform a software upgrade on one of their systems.  The equipment was located in a 'TEMPEST' certified, secure facility.  She happened to notice sunlight on a wall and looked up towards the ceiling and noted a fairly large hole in the building wall with clear plastic taped over it.  That was where some cables had previously been routed into the building through a filter panel.  The panel was redundant and had been removed.  The facility was awaiting a contractor to patch up the hole and had been waiting for several weeks!  Huge amounts of money spent to make the classified data secure had been wiped out in one stupid move.
Did the facility lose any data as a result?