Archive for the ‘Hacking – Hackers’ Category

NIST’s new password security rules beg a question …..

August 16, 2017

How long does it take to hack a 16-character password?

=======

Last week, NIST ((the National Institute of Standards and Technology) issued new guidelines for password security.

After a review, NIST concluded that its former rules — passwords to include upper and lower case letters, numbers, special characters — made logins more complicated but didn’t materially improve online security.

Now, NIST is recommending using long, easy-to-remember phrases instead of relatively short strings of mixed letters, numbers and characters.

The rationale: the longer the string, the harder it is to crack.

For example some researchers concluded that it would only take 3 days to crack a password like “Tr0ub4dor&3” —  but over  550 years to crack the password “CorrectHorseBatteryStaple”

computer hacker

Oh really?

The story reminded me of a prior HomaFiles post that reported on a hacking test.

Hackers were given 1 hour to crack more than 16,000 cryptographically hashed passwords.

Her are the (frightening) results …

 

(more…)

About the hyperventilation over Russia…

June 1, 2017

Some key points are being overlooked.

=====

Fueled by rumors and “secret intel assessment”, election-deniers are having a field day blaming Queen Hillary’s loss on the Russians and alleging that Trump is in Putin’s back pocket.

Beyond the hypocrisy of the Dems hissy fit over Trump’s  refusal (in debate #3) to commit to accepting the election results if they seemed tainted (<= ironic, isn’t it?), the deniers seem to be overlooking a couple of key points.

(more…)

More Disney: Why is Mickey fingerprinting me?

March 29, 2017

A plausible “why” and a very interesting “how”.

========

In a prior post Seriously, why not outsource TSA ops to Disney? , I gushed over the technology applications at Disney World … the Magic Bands than let me into my hotel room & the park, Fast-Passed me to the front of lines, and “personalized” my family’s experience with real-time greetings and photos.

I noted that I was digitally fingerprinted when I entered the park and asked if anybody could tell me why.

clip_image002

A couple of loyal readers clued me and provoked some digging.

Here’s what I learned …

(more…)

Hack alert: Don’t be so quick to “unsubscribe” …

March 24, 2017

The obvious became evident to me …

==========

Everybody gets more email solicitations than they want, right?

So, how to stop them?

Easy answer: click the Federally required “unsubscribe” link.

clip_image001

Err, not so fast … might cause a problem bigger than an overflowing email box …

How so?

(more…)

Departing AG Lynch’s opens investigation of Comey & the FBI …

January 18, 2017

Her action might prompt re-opening of the Clinton server investigation.

=======

Departing AG Lynch lobbed a clock-winding-down grenade … unleashing the DOJ’s inspector general to review “broad allegations of misconduct involving FBI Director James B. Comey and how he handled the probe of Hillary Clinton’s email practices.”

Center stage are Comey’s July 5 non-sequiturial press conference (lots of evidence, but issue a stay-out-of-jail free card anyway), his re-opening of the case when classified emails were spotted on Anthony Weiner’s laptop and Comey’s last minute pronouncement for every to fuggitaboutit.

clip_image002

There are a couple of ways that Dem-loyal Lynch’s ploy might backfire.

First, beyond Comey, the IG said that he’ll be investigating “whether Peter Kadzik, the Justice Department’s assistant attorney general for legislative affairs, improperly disclosed non-public information to the Clinton campaign” and whether “FBI Deputy Director Andrew McCabe should have been recused from the case since his wife, Jill McCabe, ran for a Virginia Senate seat and took money from the political action committee of Virginia Gov. Terry McAuliffe, a fierce Clinton ally.”

Said differently, the IG is likely to find more influence peddling and tampering from the Clinton side than from the Trump side.

Second, while Lynch has narrow-scoped the investigation to exclude her not-so-secret tarmac meeting with Bill Clinton, an in-coming AG might broaden the scope to dig into the “event” that forced Lynch to punt the ball to Comey … setting the stage for his press conference and letters.

Her improprieties certainly contributed to the mess.

Third, and most important, while the IG said that he’s not going to relitigate the findings in the Clinton case, the IG review is likely to rip off some scabs at the FBI and prompt a re-look at the case.

And, there are a couple of plausible motivators for re-opening Clinton’s file …

(more…)

Flash: Presidential campaigns were hacked by the Chinese.

January 10, 2017

More precisely, I should have said “flashback” to 2008.

=======

Lots of attention on the alleged Russian hacking of the DNC and Clinton campaign.

Less attention on the Intelligence Community’s assessment that the RNC was hacked, too.

More surprising, there have been no references by Intelligence Agencies or the MSM to China’s hacking of the 2008 Presidential campaigns.

clip_image002

=======

So, let’s take a stroll down memory lane …

(more…)

Intel Report: Like a typical Chinese meal …

January 9, 2017

Fortune cookie was the best part … and I’m hungry again.

=======

Over the weekend, we posted : Intel Report on Russian hacking … my take.

Now that the dust has settled, I’m getting that “where’s the beef feeling”?

Best I can do is:

Key points: Russians were more #NeverHillary than pro-Trump … no evidence that the election was impacted …  none of the purloined emails were fakes or forgeries … Russians held back some of the juicier information-bombs to drop during Clinton’s expected presidency (and, they still have those morsels stockpiled).

clip_image001
click to view report

========

My questions:

1) How were the sleuths able to able to find cyber-prints in this case but came up empty on the Clinton server (though the FBI reported that there was a high probability the enemy agents hacked that server, too)?

2) Wasn’t there any evidence of other foreign forces hacking into the same information bases, say the Chinese or North Koreans? Or, did our spies succumb to “fixation bias” (with a little “confirmation bias” thrown in) and only looked at a Russian connection? Maybe the problem is bigger and broader than reported.

By the way, what’s up with the Feds failing to haul in the suspect computers & servers and analyzing them for clues and evidence? Geez, on every episode of American Greed, the cops haul off the perp’s computer …

3) What info are the Russians holding in storage, waiting for an opportune time to cause some real havoc? Hmm. Maybe they have some of the classified material that was held safe (?) on Clinton’s and Weiner’s computers. Isn’t anybody worried about that?

Those are the questions that I’d like to see answered.

I’m not holding my breath …

========

Though it was generally superficial and disappointing, I did ID one useful part of the report (seriously) …

(more…)

Intel Report on Russian hacking … my take.

January 7, 2017

Some interesting assertions … that raise some interesting questions.

========

Here’s my take:

First, the non-classified report isn’t very compelling.

For openers, the 25-page report isn’t really 25 pages of report … it has a 3-page summary of a 5-page report … with 17 pages of filler on the front and back (the media “annex”).

Hope my students don’t get a whiff of that report-writing strategy.

And, the report contains mostly top-line assertions with virtually no new news or supporting data.

That’s understandable since the evidence is classified and can’t be revealed to us minions.

clip_image001
click to view report

=========

Despite the above, I stipulate that the Russians hacked the DNC and John Podesta’s emails … and fed the info to WikiLeaks and RT media.

Here’s my take on the key points (and the questions that the report leaves unanswered):

(more…)

About the alleged Russian email hack …

December 19, 2016

Some key points are being overlooked.

=====

Fueled by a “secret CIA assessment”, election-deniers are having a field day blaming Queen Hillary’s loss on the Russians.

clip_image001

Beyond the hypocrisy of their post-debate-3 hyperventilation over Trump’s refusal to commit to accepting the election results if they seemed tainted, the deniers seem to be overlooking a couple of key points.

(more…)

Maybe the Russians didn’t hack the DNC …

December 13, 2016

I’ve got an alternative scenario for you.

========

Last week, focus shifted from fake news to Russian hacking intended to help Trump get elected.

There’s hand-wringing and outrage that the Russians might have tried to impact a U.S. election by revealing Hillary’s emails..

President Obama has ordered that an investigation be done and a report on his desk by the time he leaves office (i.e. right before President-elect Trump gets sworn in).

clip_image002
=======

Most recently, U.S. intelligence officials fingered the Russians but have conceded that (1) they are basing their views on deductive circumstantial reasoning and not conclusive evidence and (2) they are uncertain as to motive. Source

I’ve got an alternative deduced scenario for you.  Let’s connect some dots on this one …

(more…)

Gotcha: How long does it take to hack a 16-character password?

August 4, 2016

First, how many of us have a 16-character password?

If the over-under is 1, I’m betting the under.

 

image

Still, let’s pretend that that your passwords are 16-characters long – a mix of capital and lower case letters, numbers and special characters.

Here’s how long it takes to crack it …

(more…)

Maybe the Russians didn’t hack the DNC …

July 28, 2016

I’ve got an alternative scenario for you.

========

DNC operatives are trying to shift the conversation from the substance of the purloined DNC emails … to the hackers … blaming the Russians for being pro-Trump and releasing the emails to spoil Hillary’s campaign.

There’s hand-wringing and outrage that the Russians might be trying to impact a U.S. election.

Even President Obama has weighed in.

clip_image002
=======

But,  U.S. intelligence officials have conceded that they are basing their views on deductive reasoning and not conclusive evidence. Source

I’ve got an alternative deduced scenario for you.  Let’s connect some dots on this one …

(more…)

Did Comey outsource Hillary’s prosecution to Putin?

July 27, 2016

Did Comey punt to American voters: let them decide if Hillary is guilty and whether it matters?

The DNC email flap has given rise to another possible adjudicator- designate: the Russians.

clip_image002

=======

For the record, HomaFiles was early on to this one.

The day after Comey dished Hillary her stay-out-of-jail-free card – we posted:

The Russians claim to have Hillary’s emails in their possession.

What if they release a couple of damning ones?

See Why did Comey choke on the biggest decision of his career?

========

Let’s flashback …

(more…)

So, did Apple win or lose?

March 30, 2016

In case you haven’t been paying attention …

The FBI snagged the government-owned cell phone that was being used by one of the San Bernardino killer-terrorists … but, couldn’t get at the data because of Apple’s security and encryption technology … which vaporizes the data if you enter a wrong password 10 times.

So, the FBI asked Apple to to provide a custom-cobbled hack to get at the data.

Apple said “no”, ostensibly to protect the privacy and security of its users.

So, the FBI sued Apple, and the case was working its way through the courts.

That is, until yesterday when the FBI withdrew its law suit.

Victory to Apple, right?

 

image

Not so fast.

Here’s why the FBI withdrew its law suit ….

(more…)

Smacked: FTC charges LifeLock (again) …

August 3, 2015

Loyal readers know that I’m attentive to identity theft issues ever since I got nailed.

I tend to be a proponent of the identity theft services.

I buy mine through Costco (good place to save a few pennies, right?) …  in part, because I’ve been suspicious of all the advertising done by industry leader LifeLock.

 

image

Turns out that the FTC was – and continues to be suspicious of LifeLock and its hyped up claims …

(more…)

Uh-oh: Hacker hits on Ashley Madison …

July 21, 2015

This may be bigger than the Feds having 20 or 30 million digital personnel files tapped by hackers.

Ashley Madison got hacked and over 37 million customer files have been taken hostage,

Just in case you’ve been living under a rock, Ashley Madison is a sleazy, Canadian based “online dating and social networking service” that “discretely” hooks up folks who are already in a relationship, i.e. married.

Some background:

The name of the site was created from two popular female names, “Ashley” and “Madison” … the site’s slogan “Life is short. Have an affair.”

The site has been around for about 15 years and gets about 125 million hits each month (pun intended).

Reportedly, 70% of the site’s members are guys … no surprise there.

clip_image002

That’s the back-story … now for the “so what?” …

(more…)

Hack Alert: That Grande Latte may cost you even more than you thought …

May 19, 2015

Hackers have figured out that anybody who is willing to shell out 5 bucks for a cup of coffee have money to burn.

So, shouldn’t be a big surprise that hackers are going right after Starbucks frequenters.

 

image

Here’s the scoop on the hack  …

(more…)

Hacked: File early to beat crooks to your tax refund …

March 31, 2015

A couple of years ago I jumped on the bandwagon and e-filed my first ever tax return.

 

clip_image001

A couple of weeks later I was an identity theft victim.

Coincidence?

I can’t prove the connection … I also can’t shake the suspicion.

Now, crooks have a new online hack: filing online returns that claim other folks refunds.

I good friend just got burned on this specific new tax hack.

Here’s what’s going on …

(more…)

Hacked: File early to beat crooks to your tax refund …

February 11, 2015

A couple of years ago I jumped on the bandwagon and e-filed my first ever tax return.

 

clip_image001

A couple of weeks later I was an identity theft victim.

Coincidence?

I can’t prove the connection … I also can’t shake the suspicion.

Now, crooks have a new online hack: filing online returns that claim other folks refunds.

Here’s what’s going on …

(more…)

How long does it take to hack a 16-character password?

January 15, 2015

You gotta start scratching your head a bit when the Dept. of Defense gets its Twitter account hacked and issues an internal directive to change social networking passwords.

Not obvious to me why the DOD even has a Twitter account, and laughably frightening that they didn’t already have a policy for frequent password changes.

The fiasco reminded me of a competition to see how long it would take uber-hackers to crack 15,000 15-character passwords

 

image

 

Let’s pretend that that your passwords are 16-characters long – a mix of capital and lower case letters, numbers and special characters.

Here’s how long it takes to crack them …

(more…)

Gotcha: Forget malware, now it’s “ransomware”

January 5, 2015

Let’s start the New Year on high note …

Just kidding.

NY Times ran a scary story yesterday on the latest online thievery.

clip_image001

It’s called “ransomware”, and here’s how it works …

(more…)

Hacks: ObamaCare exchanges are “target rich environments” …

October 9, 2013

Couple data points converged for me …

First, loyal readers may remember that  I was an identity theft victim.

Started a couple of weeks after my first e-filing of a tax return to the IRS.

Coincidence?

=====

Being sensitized to the ID theft issue, I noticed a couple of recent articles about “ripe pickings” …

(more…)

Hacked: “Criminals huddled over computers all over the world.”

July 30, 2013

This is going to be “hacked” week”

Computer hacker

First, the national story …

(more…)

Gotcha: How long does it take to hack a 16-character password?

June 3, 2013

First, how many of us have a 16-character password?

If the over-under is 1, I’m betting the under.

 

image

Still, let’s pretend that that your passwords are 16-characters long – a mix of capital and lower case letters, numbers and special characters.

Here’s how long it takes to crack it …

(more…)