Tag Archives: computer

A computer can guess more than 100,000,000,000 passwords per second. Still think yours is secure?

Posted on by


Paul Haskell-Dowland, Author provided

Paul Haskell-Dowland, Edith Cowan University and Brianna O’Shea, Edith Cowan University

Passwords have been used for thousands of years as a means of identifying ourselves to others and in more recent times, to computers. It’s a simple concept – a shared piece of information, kept secret between individuals and used to “prove” identity.

Passwords in an IT context emerged in the 1960s with mainframe computers – large centrally operated computers with remote “terminals” for user access. They’re now used for everything from the PIN we enter at an ATM, to logging in to our computers and various websites.

But why do we need to “prove” our identity to the systems we access? And why are passwords so hard to get right?



Read more:
The long history, and short future, of the password

What makes a good password?

Until relatively recently, a good password might have been a word or phrase of as little as six to eight characters. But we now have minimum length guidelines. This is because of “entropy”.

When talking about passwords, entropy is the measure of predictability. The maths behind this isn’t complex, but let’s examine it with an even simpler measure: the number of possible passwords, sometimes referred to as the “password space”.

If a one-character password only contains one lowercase letter, there are only 26 possible passwords (“a” to “z”). By including uppercase letters, we increase our password space to 52 potential passwords.

The password space continues to expand as the length is increased and other character types are added.

Making a password longer or more complex greatly increases the potential ‘password space’. More password space means a more secure password.

Looking at the above figures, it’s easy to understand why we’re encouraged to use long passwords with upper and lowercase letters, numbers and symbols. The more complex the password, the more attempts needed to guess it.

However, the problem with depending on password complexity is that computers are highly efficient at repeating tasks – including guessing passwords.

Last year, a record was set for a computer trying to generate every conceivable password. It achieved a rate faster than 100,000,000,000 guesses per second.

By leveraging this computing power, cyber criminals can hack into systems by bombarding them with as many password combinations as possible, in a process called brute force attacks.

And with cloud-based technology, guessing an eight-character password can be achieved in as little as 12 minutes and cost as little as US$25.

Also, because passwords are almost always used to give access to sensitive data or important systems, this motivates cyber criminals to actively seek them out. It also drives a lucrative online market selling passwords, some of which come with email addresses and/or usernames.

You can purchase almost 600 million passwords online for just AU$14!

How are passwords stored on websites?

Website passwords are usually stored in a protected manner using a mathematical algorithm called hashing. A hashed password is unrecognisable and can’t be turned back into the password (an irreversible process).

When you try to login, the password you enter is hashed using the same process and compared to the version stored on the site. This process is repeated each time you login.

For example, the password “Pa$$w0rd” is given the value “02726d40f378e716981c4321d60ba3a325ed6a4c” when calculated using the SHA1 hashing algorithm. Try it yourself.

When faced with a file full of hashed passwords, a brute force attack can be used, trying every combination of characters for a range of password lengths. This has become such common practice that there are websites that list common passwords alongside their (calculated) hashed value. You can simply search for the hash to reveal the corresponding password.

This screenshot of a Google search result for the SHA hashed password value ‘02726d40f378e716981c4321d60ba3a325ed6a4c’ reveals the original password: ‘Pa$$w0rd’.

The theft and selling of passwords lists is now so common, a dedicated website — haveibeenpwned.com — is available to help users check if their accounts are “in the wild”. This has grown to include more than 10 billion account details.

If your email address is listed on this site you should definitely change the detected password, as well as on any other sites for which you use the same credentials.



Read more:
Will the hack of 500 million Yahoo accounts get everyone to protect their passwords?

Is more complexity the solution?

You would think with so many password breaches occurring daily, we would have improved our password selection practices. Unfortunately, last year’s annual SplashData password survey has shown little change over five years.

The 2019 annual SplashData password survey revealed the most common passwords from 2015 to 2019.

As computing capabilities increase, the solution would appear to be increased complexity. But as humans, we are not skilled at (nor motivated to) remember highly complex passwords.

We’ve also passed the point where we use only two or three systems needing a password. It’s now common to access numerous sites, with each requiring a password (often of varying length and complexity). A recent survey suggests there are, on average, 70-80 passwords per person.

The good news is there are tools to address these issues. Most computers now support password storage in either the operating system or the web browser, usually with the option to share stored information across multiple devices.

Examples include Apple’s iCloud Keychain and the ability to save passwords in Internet Explorer, Chrome and Firefox (although less reliable).

Password managers such as KeePassXC can help users generate long, complex passwords and store them in a secure location for when they’re needed.

While this location still needs to be protected (usually with a long “master password”), using a password manager lets you have a unique, complex password for every website you visit.

This won’t prevent a password from being stolen from a vulnerable website. But if it is stolen, you won’t have to worry about changing the same password on all your other sites.

There are of course vulnerabilities in these solutions too, but perhaps that’s a story for another day.



Read more:
Facebook hack reveals the perils of using a single account to log in to other services


The Conversation

Paul Haskell-Dowland, Associate Dean (Computing and Security), Edith Cowan University and Brianna O’Shea, Lecturer, Ethical Hacking and Defense, Edith Cowan University

This article is republished from The Conversation under a Creative Commons license. Read the original article.

Travelling overseas? What to do if a border agent demands access to your digital device

Posted on by


File 20181005 52691 12zqgzn.jpg?ixlib=rb 1.1
New laws enacted in New Zealand give customs agents the right to search your phone.
Shutterstock

Katina Michael, Arizona State University

New laws enacted in New Zealand this month give border agents the right to demand travellers entering the country hand over passwords for their digital devices. We outline what you should do if it happens to you, in the first part of a series exploring how technology is changing tourism.

Imagine returning home to Australia or New Zealand after a long-haul flight, exhausted and red-eyed. You’ve just reclaimed your baggage after getting through immigration when you’re stopped by a customs officer who demands you hand over your smartphone and the password. Do you know your rights?

Both Australian and New Zealand customs officers are legally allowed to search not only your personal baggage, but also the contents of your smartphone, tablet or laptop. It doesn’t matter whether you are a citizen or visitor, or whether you’re crossing a border by air, land or sea.



Read more:
How to protect your private data when you travel to the United States

New laws that came into effect in New Zealand on October 1 give border agents:

…the power to make a full search of a stored value instrument (including power to require a user of the instrument to provide access information and other information or assistance that is reasonable and necessary to allow a person to access the instrument).

Those who don’t comply could face prosecution and NZ$5,000 in fines. Border agents have similar powers in Australia and elsewhere. In Canada, for example, hindering or obstructing a border guard could cost you up to C$50,000 or five years in prison.

A growing trend

Australia and New Zealand don’t currently publish data on these kinds of searches, but there is a growing trend of device search and seizure at US borders. There was a more than fivefold increase in the number of electronic device inspections between 2015 and 2016 – bringing the total number to 23,000 per year. In the first six months of 2017, the number of searches was already almost 15,000.

In some of these instances, people have been threatened with arrest if they didn’t hand over passwords. Others have been charged. In cases where they did comply, people have lost sight of their device for a short period, or devices were confiscated and returned days or weeks later.



Read more:
Encrypted smartphones secure your identity, not just your data

On top of device searches, there is also canvassing of social media accounts. In 2016, the United States introduced an additional question on online visa application forms, asking people to divulge social media usernames. As this form is usually filled out after the flights have been booked, travellers might feel they have no choice but to part with this information rather than risk being denied a visa, despite the question being optional.

There is little oversight

Border agents may have a legitimate reason to search an incoming passenger – for instance, if a passenger is suspected of carrying illicit goods, banned items, or agricultural products from abroad.

But searching a smartphone is different from searching luggage. Our smartphones carry our innermost thoughts, intimate pictures, sensitive workplace documents, and private messages.

The practice of searching electronic devices at borders could be compared to police having the right to intercept private communications. But in such cases in Australia, police require a warrant to conduct the intercept. That means there is oversight, and a mechanism in place to guard against abuse. And the suspected crime must be proportionate to the action taken by law enforcement.

What to do if it happens to you

If you’re stopped at a border and asked to hand over your devices and passwords, make sure you have educated yourself in advance about your rights in the country you’re entering.

Find out whether what you are being asked is optional or not. Just because someone in a uniform asks you to do something, it does not necessarily mean you have to comply. If you’re not sure about your rights, ask to speak to a lawyer and don’t say anything that might incriminate you. Keep your cool and don’t argue with the customs officer.



Read more:
How secure is your data when it’s stored in the cloud?

You should also be smart about how you manage your data generally. You may wish to switch on two-factor authentication, which requires a password on top of your passcode. And store sensitive information in the cloud on a secure European server while you are travelling, accessing it only on a needs basis. Data protection is taken more seriously in the European Union as a result of the recently enacted General Data Protection Regulation.

Microsoft, Apple and Google all indicate that handing over a password to one of their apps or devices is in breach of their services agreement, privacy management, and safety practices. That doesn’t mean it’s wise to refuse to comply with border force officials, but it does raise questions about the position governments are putting travellers in when they ask for this kind of information.The Conversation

Katina Michael, Professor, School for the Future of Innovation in Society & School of Computing, Informatics and Decision Systems Engineering, Arizona State University

This article is republished from The Conversation under a Creative Commons license. Read the original article.

Computer Issues

Posted on by

The latest Windows 10 update has basically trashed my computer. The update was installed automatically, so I wasn’t expecting it to happen. I had just turned the computer on and when I returned to it after allowing it to boot, there it was ‘installing.’ Anyhow, it failed and the computer is now unusable.

So what this means is that I will not be able to post in the ‘usual’ way for some time – very disappointing.

Life on Hold for Egyptian Christian Arrested for his Faith

Posted on by

Unresolved charge of ‘defaming religion’ leaves him in perpetual limbo.

CAIRO, Egypt, December 16 (CDN) — An Egyptian who left Islam to become a Christian and consequently lost his wife, children and business is waiting to see if the government will now take away his freedom for “defaming” Islam.

Ashraf Thabet, 45, is charged with defaming a revealed religion, Article 98f of the Egyptian Penal Code. The charges stem from Thabet’s six-year search for spiritual meaning that eventually led him to become a Christian. During his search, he shared his doubts about Islam and told others what he was learning about Jesus Christ.

Local religious authorities, incensed at Thabet’s ideas, notified Egypt’s State Security Intelligence service (SSI), which arrested and charged him with defamation. If found guilty, Thabet would face up to five years in jail. But because prosecutors have made no move to try the case, Thabet lives in limbo and is subject to a regular barrage of death threats from people in his community in Port Said in northeast Egypt.

“I don’t know what is going to happen in the future,” Thabet said. “They’re making life hard for me. I can’t get back my computer. I can’t get back anything.”

 

Searching

Thabet said that before his search began he was a committed Muslim who did his best to observe its rules, including those for prayer and fasting.

“I wasn’t an extremist, but I was committed to praying and to reading the Quran,” Thabet said. “I went to the Hajj. I did the usual things. I followed the Quran for the most part.”

Despite his efforts, Thabet admitted that his understanding of God was based on fear and routine, nearly rote obedience.

“There was no spiritual relationship between myself and God,” he said. “In general I was always cautious about my relationship with God. I didn’t want to do anything wrong.”

Thabet started looking at Christian Web sites, but his real interest in Christianity began when he watched the film, “The Passion of the Christ” in 2004.

“When I watched ‘The Passion of the Christ,’ I was very touched by Jesus’ story, and I wanted to read more about Him,” Thabet said. “So I asked a friend how I could know more about Jesus, and he told me, ‘The Bible.’”

His friend, a Christian Copt, did not get him a Bible until a month later because, Thabet thinks, he was afraid of being accused of proselytizing. Thabet began reading the Bible, which had a powerful impact on him, especially the Sermon on the Mount.

“I felt inside myself that these were the words of God,” he said. “The Bible tells people to give and to give out freely, so these words couldn’t be the words of a human being or a [mere] person, because human beings are inherently selfish.”

Thabet was also struck by the lives that the early followers of Jesus led, especially their willingness to lose everything, including their lives, for Christ.

The final factor that led Thabet to become a Christian came from Islam’s “Ninety-Nine Names of Allah,” attributes of God according to the Quran and tradition. In the names, God is called a “healer” a “resurrecter” and “just.”

“I started to compare all these characteristics with the characteristics of Jesus, and I saw that Jesus had a lot of the characteristics that God had, not only the human characteristics, being just and being kind, but there were similarities in the supernatural characteristics, like that He raised people from the dead,” he said. “In the Quran only God could raise people from the dead. I noticed that Jesus could raise people from the dead, and that He could heal people. Once I started to notice
the similarities between God and Jesus, I started believing that Jesus is the Son of God.”

Thabet said he cared about others “going the right way,” so he started having conversations with Muslim friends.

At first, people respected Thabet or tolerated what was seen as an awkward curiosity. But after he told his friends they were “only Muslim by inheritance,” they started to turn against him. They asked him what he was going to be if he wasn’t going to be a Muslim.

“I told them I started to read about Christianity, and I was starting to believe in it, and that’s when they brought the elders to talk to me,” he said.

The meeting didn’t go well. The Islamic leaders were unable to answer his questions and ended up yelling at him. Then they reported him to the SSI.

 

Arrest

The SSI summoned Thabet and questioned him on his doubts about Islam.

Thabet said by the time he was done with the interrogation, the SSI officer looked almost sick and told him not to talk to anyone else in Port Said about religion.

“I don’t encourage you to talk about these things with people or to open up these types of discussions, because it will just provoke people and make them angry,” the officer told him, according to Thabet.

Two days later, Thabet said, the SSI ordered him to report for more questioning, this time with an officer who specialized in religious issues and countering missionaries. The officer wanted to know what made him start to doubt Islam. He asked specific questions about what Web sites he had been on and what books he had read, and whether he had been baptized.

Thabet said that at the time of his questioning, he was still struggling with his new beliefs. Part of him wanted something that would restore his faith in Islam, so he went to Internet chat rooms for religious discussion.

“A part of me wanted to feel that I was wrong, that there was an answer to my questions,” he said. “I was looking for someone who would say ‘No, no, this is how it is,’ and that I would regain my trust back or not have any more doubts. But none of the people I talked to could answer me. They didn’t say anything to any effect.”

Thabet said he was always respectful, but Muslims found his questions provocative and became increasingly angry.

Eventually police came for Thabet. On March 22 at 3 a.m., he said, 11 officers from the SSI cut the power to his home, kicked down his front door and assaulted him in front of his crying wife and children.

Thabet quickly pulled away from the fight, once he realized they were officers from the SSI. The men swarmed over Thabet’s home, seizing his computer and every book and CD he owned. They took him to jail.

Authorities interrogated Thabet non-stop for 12 hours, took a break and then interrogated him for seven more, he said.

Initially he was held for 15 days. Then authorities ordered he be held for another 15 days. Then they extended it again. Thabet said he spent the entire time in solitary confinement, and he wasn’t informed of the “defamation of religion” charge against him until the end of 132 days in jail. He said he was not tortured, however, and that his interrogators and jailers were largely civil.

There was more hardship waiting for him at home. Muslim leaders in his neighborhood convinced his wife to divorce him and take his 10-year-old daughter and 6-year-old son.

“They gave her the money to file for a divorce, a car and another person to marry,” Thabet said, adding that the Muslim leaders had offered him money too if he would stay in Islam. “In the beginning they tried to bribe me to come back to Islam, but I refused.”

Thabet has only had a few brief moments with his children since he was arrested, mainly when his soon-to-be ex-wife came to their home to gather a few belongings. If she goes through with the divorce, according to Egyptian law it is likely Thabet will lose all parental rights to his children, including any right to see them.

In Egypt and most other Muslim-majority countries, leaving Islam is considered ample grounds for termination of parental rights. Thabet said the religious leaders consider him “lost to Islam” and are trying to “save” his wife and children.

He filed a report with police about the Muslim leaders bribing his wife – and about another man who swindled money from him – but police ignored both reports, he said.

Kamal Fahmi of Set My People Free to Worship Me, a group headquartered in Cairo dedicated to raising awareness about the problems faced by Muslims who become Christians, said that under Islam, “Muslim converts don’t have the right to exist.”

Arrests like Thabet’s are common in Egypt.

“It is a tactic used to intimidate people and scare them from leaving Islam and taking alternative beliefs or moral codes,” Fahmi said.

In Islam as it is most often practiced in Egypt, merely expressing doubt about Islam is considered wrong, Fahmi said. Questioning any of its claims is considered blasphemy and is punishable by imprisonment under a variety of charges in Egypt; it is punishable by death in some other countries.

“Saying, ‘I don’t believe in Muhammad,’ is considered defaming Islam,” Fahmi said. “Saying, ‘I don’t believe in Islam as it is not true,’ can lead to death [murder], as you are considered an apostate,” Fahmi said. “Even rejecting the Islamic moral codes can lead to the same thing. Criticizing any of the sharia [Islamic law] is considered blasphemy.”

 

The Future

Thabet said he is uncertain what the future holds. He was released on Aug. 1 but, because he has the defamation of religion charge over his head – with no indication of when the case could go to court – he is unable to work and cannot even obtain a driver’s license.

His savings are almost depleted, forcing him to borrow money from a Muslim friend. He is concerned about re-arrest and receives death threats on a regular basis. He is too afraid to leave his apartment on most days.

“There are a lot of phone threats,” Thabet said. Noting he had been baptized three years ago, he said he has received phone threats in which someone tells him, “We are going to baptize you again with blood.”

On numerous occasions while talking in Internet chat rooms, he has been told, “Look outside the window, we know where you are,” Thabet said.

In recent days Muslims are angry at converts and at Christians in general, he said. “They’re very worked up about religious issues.”

He said he wants to leave Egypt but admits that, at his age, it would be very hard to start over. And if he stays in Egypt, he said, at least he will have a chance to see his children, however brief those encounters may be.

Since Thabet was released from jail on Aug. 1, authorities have seized his passport and summoned him four times for questioning. He said he thinks the SSI is trying to wear him down.

“Everyone is telling me that they [the government] want to make my life hard,” he said. “The problem here in Egypt is the religious intolerance that is found in government ministries. The intolerance has reached a point where they can’t think straight. Their intolerance makes them unaware of their own intolerance.”

Report from Compass Direct News

Plinky Prompt: Your House is on Fire. Which Keepsake Items do You Grab, and Why?

Posted on by

Lap Top Computer and Portable Drive
My memories are stored on these items – as well as the ability to reach them via online stored locations like Flickr, etc. These would be my main concern.

Powered by Plinky

Plinky Prompt: 10 Things That Make Me Happy

Posted on by

These are not necessarily on order.

Jesus
He saved me.

Coke
I just love this drink.

Bible
The book of Jesus – see point one.

Friends
Good Company helps bring a good life and experience of it.

Work
I enjoy my work.

Internet and Computer
Enjoy my various pastimes with these – websites, Blogs, etc.

Wilderness and Camping
I just love getting away and enjoying the bush.

Reading
I love to learn.

Music
I love a good modern ballad.

Photos
I love to remember good past experiences.

Powered by Plinky

Unknown condition of an Iranian Christian detained in Ahvaz

Posted on by

Members of a home-based church in the city of Ahvaz are very concerned about their detained member and have reported that after more than a month from his arrest there are no precise information about his condition, reports FCNN.

According to the reports received by the Farsi Christian News Network (FCNN) from the city of Ahvaz, the capital city of the rich petroleum province of Khoozestan in the Southwestern part of Iran, members of a home-based church have informed this news network that more than a month ago one of their members, Neshan Saeedi, has been detained and there are no specific information regarding his condition. This has caused serious worry and concern for the members of the church as well as his family and friends.

The 27 years old Mr. " Neshan Saeedi" , on July 24, 2010 at 9:00 pm, while spending a quiet evening with his wife and young daughter at their home at the Golestan neighborhood of Ahvaz, was attacked by plain-clothes security forces that had entered his house and was arrested.

The security officers searched the home and seized personal belongings such as a computer, CDs containing films of Christian seminars and teachings, Christian books and Bibles, and family photo albums.

Following a rude and intimidating encounter with the security personnel the entire family was then taken to Chaharshir detention center in Ahvaz where after several hours of questioning and harsh interrogation the wife and the 6 years old daughter of Mr. Saeedi were released, but no one has been given permission to contact Mr. Saeedi himself.

The security officers not only insulted the wife of Mr. Saeedi, but indicated that they were apostates and not worthy of raising their 6 years old daughter. They threatened her that if they continue in their Christian activities they may lose their right to her daughter.

They were also accused of threatening the national security of the country and anti-government activities. They were told that they were spies of foreign powers and were leading people to pro-Israel ideology.

The members of the home-based church who fellowshipped with Mr. Saeedi and his wife, out of fear for their lives and the possibility of further arrests and persecution, have since scattered and dismantled the fellowship. It seems that the security agents are desperately seeking two other leaders of this church by the names of Ebi and Omid and are following all leads to pursue and arrest them. Members of this church, who call themselves Unity Church (movahedin) , in their contact with FCNN indicated that not only they are worried about the arrest of their assistant pastor, Neshan Saeedi, but fear further arrests and detentions.

One of the members of the church told FCNN that Mr. Saeedi is one of the older Christians in Ahvaz and he accepted the Lord Jesus as his savior many years ago. During all these years he has been a man of prayer and a worshipper in the house church in Ahvaz. Now, a month after his arrest and detention there has been no permission granted to him to retain a lawyer or contact his family. Moreover, he is under extreme pressure to reveal the names of his church members and to admit his affiliation with foreign powers and his acceptance of financial and other forms of help from them.

The members of the Unity Church (movahedin) not only deny any affiliation and connection to any external organization and foreign powers, but have resorted to exposing this news through FCNN to international media in hope that through prayers and other humanitarian efforts Mr. Saeedi would be released and rejoin his worried and hopeful family.

Report from the Christian Telegraph

Offline Getting New Computer Set Up

Posted on by

Just a quick comment to apologise for not posting a Blog for a while – I have been organising my new computer, getting the software loaded, etc. Back now and hopefully the Blog can go from strength to strength.

Chinese Rights Lawyer Gao Zhisheng Missing Again

Posted on by

Two weeks after release, Christian vanishes while in police custody.

DUBLIN, May 7 (CDN) — Gao Zhisheng, a Christian human rights lawyer released by Chinese officials on April 6 and missing again since April 20, is “definitely in the hands of Chinese security forces,” Bob Fu of the China Aid Association (CAA) told Compass.

“We’ve heard the reports and we’re investigating this closely,” Fu said. “Right now nobody has been able to locate him. The Chinese security forces need to come up with an explanation.”

Gao, initially seized from his home in Shaanxi Province on Feb. 4, 2009 and held incommunicado by security officials for 13 months, was permitted to phone family members and colleagues in late March before officials finally returned him to his Beijing apartment on April 6.

In a press conference held in a Beijing teahouse the day after his return, Gao said he wanted to be reunited with his family, who fled to the United States in January 2009, and he claimed he no longer had the strength to continue his legal work. He also said he could not comment on the treatment he received while in captivity.

Gao also told a reporter from the South China Morning Post (SCMP) that he expected to travel to Urumqi within days of his release to visit his in-laws.

Witnesses saw Gao leaving his apartment sometime between April 9 and 12 and getting into a vehicle parked outside his building, SCMP reported on April 30. Gao’s father-in-law reportedly confirmed that Gao arrived at his home with an escort of four police officers but spent just one night there before police took him away again.

Gao phoned his father-in-law shortly before he was due to board a flight back to Beijing on April 20. He promised to call again after returning home but failed to do so, according to the SCMP report.

Fu said he believes that international pressure forced authorities to allow Gao a brief re-appearance to prove that he was alive before officials seized him again to prevent information leaking out about his experiences over the past year.

During a previous detention in 2007, Gao’s captors brutally tortured him and threatened him with death if he spoke about his treatment. Gao later described the torture in an open letter published by CAA in 2009.

Gao came to the attention of authorities early last decade when he began to investigate the persecution of house church Christians and Falun Gong members. In 2005 he wrote a series of open letters to President Hu Jintao and Premier Wen Jiabao accusing the government of torturing Falun Gong members.

When the letters appeared, authorities revoked Gao’s law license and shut down his law firm, sources told CAA.

He was given a suspended three-year jail sentence in December 2006, following a confession that Gao later claimed was made under extreme duress, including torture and threats against his wife and children. Gao was then confined to his Beijing apartment under constant surveillance – forbidden to leave his home, use his phone or computer or otherwise communicate with the outside world, according to a report by The New York Times.

A self-taught lawyer and a Communist Party member until 2005, Gao was once recognized by the Ministry of Justice as one of the mainland’s top 10 lawyers for his pro bono work on human rights cases, according to SCMP.

Report from Compass Direct News