ETL Newsletter 8/06

Some Myths about Passwords.
	A very interesting article in Security Focus last month focused on 10 of the myths surrounding passwords. Its aim was to bring you closer to understanding passwords in Windows 2000 and XP by addressing common password myths. However hard we try to push stronger and more difficult password selections to our staff, we will always come up against the human "problem". Here are three of the more interesting myths: Passwords Should be Changed Every 30 Days Although this sounds like a good policy, it is not so good for the users. Frequent changes allows the users to develop predictable patterns in their passwords and so decreases the effectiveness of the passwords. It would better to concerntrate on the strength of the passwords than the length of their life. Perhaps changing them every 120 days might be a compromise. You cannot have spaces in passwords Most of us do not appreciate the fact that Windows XP and Windows 2000 allows for spaces to be incorporated into passwords. It is better not to have spaces at the begining or end of the password, but they are valid characters. Allowing spaces enables the user to develop more complicated passwords and phrases. One drawback is that the space bar makes a unique noise when pressed, when all the other letters make the same noise, thius malking it audibility detectable. Dj#wP3M$c is a Great Password Most people think that random passwords are the strongest ones to crack. They are, however the most difficult to remember and the slowest to type. They are sometimes vulnerable to attacks against the password generating algorithm. It is easy to create passwords that are just as strong but much easier to remember by using a few simple techniques. For example, consider the password "Makeit20@password.com". This password utilizes upper and lower-case letters, two numbers, and two symbols. The password is 20 characters long and can be memorized with very little effort; perhaps even by the time you finish this article. Moreover, this password can be typed very fast. The portion "Makeit20" alternates between left and right-handed keys on the keyboard, improving speed, decreasing typos, and decreasing the chances of someone being able to discover your password by watching you. For an interesting, if not unbelievable story about passwords then click here. To see the article about password myths click here
The latest Wacky item for Sale on eBay
	The decommissioned Sea Harrier Jump Jet, that saw service in the Faulklands War, is currently on sale on eBay with 122 bids for Ł65,512.34 with 1 day and 2 hours still to go (on the day this was written). The company selling the jet acquired it from the Royal Navy without any weaponary, in a swap for a Scania lorry. Unfortunately it has proved to be too large for the company, Keltruck, to keep, hence the sale on eBay. Reference
Voice Over Internet Protocol (VoIP) Security Threats
	There is no doubt that switching to VoIP can save a company much off their telephone bills, but is this at the expenses of the secuirty of the calls? SecureLogix CTO Mark Collier and David Endler, director of security research at 3Com declared at the Black Hat security conference in Los Vagus last week that the frequency and severity of hacking attacks will increase as the adoption of this technology increases. The Collier's and Endler's presentation accompanied the release of 13 security tools designed to illustrate generic flaws on insecure VoIP systems. The tools all target systems using Sessions Initiation Protocol (SIP), which is the preferred technology that most large companies are now adopting. In April at the INFOSEC conference, most security professionals voted against the motion supporting VoIP. Even though there are good financial savings to be made, in the opinion of those at the conference, security issues far outweigh the cost savings. Reference top
If you do not wish to receive this newsletter any more click here August 2006
Copyright Evidence Talks Ltd.