Password Mistakes Crooks Hope You'll Make
I saw an article this week on the 25 most commonly used useless passwords. For a long time, the most common bad password was the word itself -- "password". It has been superseded by "123456". The security firm SplashData compiles the top 25 list every year. That reminded me of a white paper from Bitium, a provider of single-sign-on (SSO) systems for businesses, on the subject of password mistakes that the bad guys hope you'll make.
SSO systems are services that allow users to sign on to a dashboard aplication and the dashboard then provides your user name and password to the various systems that you need to use during the day.
The Bitium Dashboard
Rank | Password | Change |
---|---|---|
1 | 123456 | +1 |
2 | password | -1 |
3 | 12345678 | ±0 |
4 | qwerty | +1 |
5 | abc123 | -1 |
6 | 123456789 | New |
7 | 111111 | +2 |
8 | 1234567 | +5 |
9 | iloveyou | +2 |
10 | adobe123 | New |
11 | 123123 | +5 |
12 | admin | New |
13 | 1234567890 | New |
14 | letmein | -7 |
15 | photoshop | New |
16 | 1234 | New |
17 | monkey | -11 |
18 | shadow | ±0 |
19 | sunshine | -5 |
20 | 12345 | New |
21 | password1 | +4 |
22 | princess | New |
23 | azerty | New |
24 | trustno1 | -12 |
25 | 000000 | New |
Bitium's white paper discussed common mistakes people make with passwords and I talked with the company's CEO, Scott Kriz, about the report. One trend we're seeing is that has people bring smart phones, tablets, and notebook computers into the workplace. Sometimes these devices are allowed to operate on the corporate network and, as a result, usually contain the user's credentials for corporate assets.
If your browser doesn't support flash, you can listen here. and if you'd like to read the white paper, you'll find it here.
For home users, services such as LastPass provide similar kinds of functionality. With a password manager such as LastPass, you need to remember the password for the service, but it remembers all of your other passwords.
The stupid 25 are shown at the right.
In large part, the change in ranking was the result of a break-in at Adobe that exposed nearly 50 million passwords, some of which were used for test accounts. That also explains the presence of some of the other passwords that are new to the list this year.
Will the FCC Appeal the Net Neutrality Decision?
And should you care? To answer those questions in reverse order, Yes, you should. And I certainly hope so. There are dire predictions about what cable companies will do now that a federal appeals court has given them permission to do anything they want to, but as I've pointed out before, there's a difference between what's possible legally or technically and what works as a business model.
If the cable companies decide to take some of the actions that have been predicted, they will be sowing the seeds of their own destruction.
Although the appeals court struck down the Net neutrality rules on a technicality, the court affirmed the FCC's poisition as the regulator of broadband services. The court said that the FCC improperly classified service providers.
So the FCC could immediately fix the problem by properly classifying cable operators. Or it could appeal the decision to the Supreme Court.
What Net neutrality means is that everyone has equal access to the network. In other words, the TechByter website should load just as quickly as one from the New York Times or Amazon. Good network management requires control of the data flow, but should not include intentional slowing of data if the stream is from an organization that competes with the cable operator.
Somehow this has become a political argument instead of a techical discussion and that seems to be the best possible way to ensure a bad outcome. The GOP says the providers should regulate themselves, that net neutrality will stifle competition, and that the market will regulate bad behavior.
Democrats cite the near-monopoly position of cable companies and say that customers are already being treated unfairly. Removal of FCC rules, they say, would only make things worse.
The debate began in 2007 when users accused Comcast of blocking peer-to-peer services such as BitTorrent to manage its network traffic. A year later, the FCC released a decision against Comcast.
This is a technical issue and politics has no place here. The FCC could decide to re-classify Internet service providers, but FCC Chairman Tom Wheeler has not been forthcoming with guidance about what the agency will do.
Congress could pass legislation to set the rules, of course, but given the gridlock in Washington, that's about as likely as a moon landing by the Taliban.
So it seems that we are faced with the possibility of having two separate and unequal Internets, one for organizations that have enough money to pay for faster service and another for everybody else. Needless to say, this would automatically favor large, rich corporations and it would stifle start-ups that couldn't pay enough to buy the bandwidth that would allow their sites to perform well.
It's likely that the FCC will appeal the ruling and that the Supreme Court will make the final decision.
At a time when many countries are doing everything they can to provide high-speed Internet access to all citizens and at reasonable prices, the recent court decision poises the United States to embark on a path in the opposite direction, where the richest people have exellent service and the rest of us have slow service that's not usable for more than e-mail.
Will that happen? I'd like to think that the owneres of cable systems are smart enough to know that if they render streaming music and streaming video unsuable, customers will abandon the service. The business model for Netflix and Amazon won't work if their only customers are member of the one percent.
Today, the Internet is a utility like water, gas, or electricity. The rich may use more of these utilities, but access to the services is the same regardless of where you live or how much you have in the bank. That's the model the Internet should follow.
Gas, water, and electricity are all regulated. The Internet should also be regulated.
Short Circuits
Working Around Your Cellular Provider's Data Limit
Some cellular providers have promised "unlimited" data plans. Trouble is that cellular providers don't define "unlimited" the way most people define "unlimited". And then, most of the "unlimited" data plans (which had limits) went away. To say that data caps are not the most popular feature associated with cell phone plans is probably a bit of an understatement. If the websites you visit use a lot of graphics, Google has a plan to help you beat the cap.
What's the trick? You have to use Chrome. This trick probably worked with Chrome 31, which I told you about last week, but Chrome is already at version 32. It's not just for smart phones and tablets, though. If you have a desktop system, the feature is enabled by default in Chrome. It's also used by default on desktop systems by Firefox 13 and above, Internet Explorer 11 (avaialable only on Windows 8.1 systems), and Opera.
So if you have a smart phone (either Apple IOS or Android), you might want to make Chrome your default browser. Then, you'll need to set Chrome to use the new feature.
It's easy. Start by making sure you have the latest version of Chrome. Because updates are automatic, you probably do. If not, obtain the current version. Then open Settings and navigate to Bandwidth Management.
You'll see a screen similar to the one shown here. Just turn the feature on.
Google says that this can help you reduce your data consumption by up to 50%. [Weasel word alert: 49% is in the "up to 50%" range. So is 1%. Your mileage will vary.]
The feature is made possible by an SPDY proxy connection that transcodes all images to the WebP format. This makes them smaller (in bytes) so the website will load faster and use less of your data budget.
You've probably already worked this out, but SPDY is pronounced "speedy". It's an open networking protocol developed primarily at Google for transporting web content. SPDY does not replace HTTP, but it modifies the way HTTP requests and responses are sent. A SPDY-compatible translation layer can be inserted without any adverse effect on standard operations.
When sent via SPDY, HTTP requests are processed, tokenized, simplified, and compressed. The result is faster downloads and fewer bytes charged against your data cap.
Your Phone or Tablet Can Control Your Television
An older television in my office decided to stop working, so I went from a 20-inch CRT (seemed big at the time) to a 40-inch LCD. It's a "smart" TV, so it connects to the Internet via my Wi-Fi router. This means that I can watch TED talks and Amazon Prime videos, too. My younger daughter took a look, said that she didn't like the remote control, and suggested that I take a look at Android apps to control the TV.
I don't dislike the remote. In fact, I appreciate the minimalist approach. Instead of having 3947 buttons, this one has only 16 and a glide pad. The manufacturer has done an excellent job when it comes to providing a tool that is functional.
Still, using the built in remote control to gain access to the channels I'm most likely to watch was a challenge. The solution was simple: The television is a Wi-Fi device. The Android tablet is a Wi-Fi device. Certainly somebody has created an application that allows the tablet to talk to the television.
I still need to use the Samsung remote control to turn the television on, but after that I can use the Android Nexus 7 to do everything else.
The programs that I'm most likely to watch are on this screen.
Another option appears as an overlay if I touch the Text Input link on the previous page.
Bottom line: If you have a SMART-enabled television, there's probably an app for your smart phone or tablet that will help you use it.
Many Bank ATMs Won't Be Ready When Windows XP Expires
If you think that banks treat security as a top priority, maybe it's time to reconsider that. An article by Nick Summers in Bloomberg Business Week says that most of the automatic teller machines (ATMs) operated by banks run on Windows XP. As you know, Microsoft will no longer support XP starting in April. And only a small percentage of machines will have been upgraded by then.
We can forgive the banks, I suppose. After all, they had only about 5 years to prepare for this. The machines could have been upgraded to Vista or Windows 7 or Windows 8. Vista was released in 2006. Windows XP dates to August 2001, so it will be expiring a few months before its 13th birthday.
The article by Summers says that as of April 8, 420,000 ATMs will no longer receive regular security patches and won’t "be in compliance with industry standards." Banks are moving to upgrade the machines to Windows 7, an operating system that was released 5 years ago in October.
Summers also points out that some of these ATMs are actually running "a stripped-down version of XP known as Windows XP Embedded, which is less susceptible to viruses." And Microsoft support for that version continues for 4 more years.
The article says nearly all (95%) ATMs run Windows XP. ATMs were introduced 40 years ago and some of the machines currently in service are more than 20 years old. They can't be upgraded beyond Windows XP and will need to be replaced.
Summers says that there's another deadline coming. By 2015, ATMs in the United States will have to be able to support the more secure debit and cards with embedded microchips, as ATMs in Europe already do.
Check the full account on the Business Week website and there's a follow-up article, too.
Farewell, LogMeIn
Once or twice per month, I need to use my home computer from some other location and my preferred tool has been the free version of LogMeIn. "As of January 21, 2014, LogMeIn Free will no longer be available. To continue using remote access, you will need to purchase an account subscription of LogMeIn Pro." That's the message I received on January 21, 2014.
That's right: Zero warning.
I can sign up 2 computers for just $50 per year (half price), but the deal is good for only 1 year. After that, it'll be $100 per year and there's no option for just one computer. So it's time to find another provider.
The most likely replacements are RealVNC, Mikogo, and ImPcRemote
- RealVNC works with any operating system and that's a plus. It's available in a free version as well as paid personal and enterprise versions. The paid versions add a options to print documents remotely and to open a chat window on the remote computer. So the price would probably be $0, but it could be $30 (not per year -- one time) if I decide that I need to be able to print remotely or run a chat session.
- Mikogo is a free option that works with Windows systems, Macs, or Linux computers. There's also the ability to share what's on your screen concurrently with up to 25 locations, so it's handy for someone who needs to run an online presentation, but my primary need is the ability to control the remote computer. That's included, too, but it works in a way that requires people to be at both computers when the connection is established.
- ImPcRemote also runs on Windows, Mac, and Linux operating systems and provides the ability to place remote computers into "groups" and makes connections to multiple desktops possible. This would seem to be overkill for what I need, but I plan to look at it.
That's my short list of potential replacements. I'll be trying them out in coming weeks and I'll let you know how things work out.
New Streaming Music Beats is Ready for You
Beats, the headphone company, has launched its new streaming music service. Unlike many of the competing services, users can also download music. After the first 30 days, there's no free option and any music you've downloaded will disappear if you stop paying the monthly fee.
The monthly fee is $10 for single users or $15 for a family of 5 who can listen on any combination of up to 10 devices.
Beats says that it will use algorithms to help select music for users. That's what competing music streamers do, but it will also offer the services of "tastemakers" who will hand-pick music.
The Beats blog puts it this way: We wanted to build a music service that combined the freedom of an on-demand subscription service – unlimited, uninterrupted streaming and downloads of tens of millions of songs – but layer on top features that would give you that feeling only music that moves you can give.
If you'd like more information, you can find it on the Beats website, beatsmusic.com, where you can download apps for Apple, Google, and Windows devices.