Author Archives: mike

The Dangers of Storing Passwords

Posted on 2012-12-13 by mike

In the latest in a long line of compromised password databases, we hear that the University of New South Wales has had a password database compromised. This is interesting for several reasons :- UNSW is an HE-sector institute so the level … Continue reading

Comments Off on The Dangers of Storing Passwords

Three Steps To A More Secure Server

Posted on 2012-11-20 by mike

There is no such thing as a secure server, but it is almost always possible to make a server more secure than it currently is. By following the recommended steps for a more secure server regularly it is possible to run … Continue reading

Comments Off on Three Steps To A More Secure Server

Password Cracking and Password Hashes

Posted on 2012-10-31 by mike

With all the noise about password security going around, there is bound to be some accidental leakage of the phrase “password hashes”. This post is about what they are, and how password cracking works with password hashes. What Is A … Continue reading

Comments Off on Password Cracking and Password Hashes

Password Audit Procedure

Posted on 2012-10-31 by mike

This blog entry is intended to document a technical procedure used to perform a password audit. This is mostly intended for future use by security analysts who may be called on to perform a password audit, but is published here for … Continue reading

Posted in Passwords, Technical | Comments Off on Password Audit Procedure

Creating “Long and Strong” Passwords

Posted on 2012-10-29 by mike

This blog entry is one of a number of blog entries on the IS Security Blog on password security. The entire category can be visited at the URL: http://securityblog.port.ac.uk/?cat=9. If you are just looking for advice on choosing an appropriate … Continue reading

Comments Off on Creating “Long and Strong” Passwords

Email Encryption with PGP

Posted on 2012-10-15 by mike

This post will not tell you how to do email encryption and digital signing with PGP (or GNU PGP), but why and to introduce some of the concepts of PGP. Hopefully without making the mistake that most documents talking about encryption make which … Continue reading

Comments Off on Email Encryption with PGP

Distributed Password Guessing

Posted on 2012-10-05 by mike

It is often the case that whenever weak passwords are discussed, it is assumed that these are always attacked by “obtaining” password hashes and using a tool such as John the Ripper (there are plenty of others) to ‘crack’ weak passwords. … Continue reading

Posted in Passwords | Comments Off on Distributed Password Guessing

The Only People Who Ask For Your Password …

Posted on 2012-10-05 by mike

… are people who wish to abuse your account(s). We are constantly bombarded with spam, and whilst the existing defences protect us against most of it some still gets through. And quite a bit of that spam is intended to … Continue reading

Comments Off on The Only People Who Ask For Your Password …

Full-Disk Encryption On Non-Standard Builds

Posted on 2012-10-02 by mike

Everyone should be aware that laptops (at the very least) should be setup for full-disk encryption. This is to ensure that any laptops that go missing – stolen or lost – are not causes for potential leakage of restricted data. … Continue reading

Comments Off on Full-Disk Encryption On Non-Standard Builds

Auto-Forwarding University Emails

Posted on 2012-08-21 by mike

To be more precise, this is about forwarding all of “your” email from your University mailbox to an unapproved mail service (i.e. Hotmail, an individual Google Mail account, etc.). The very short summary of all of this is: Don’t. We … Continue reading

Comments Off on Auto-Forwarding University Emails