The need for privacy-enhancing technologies continues. If all our communications are routinely intercepted and scrutinized, some of us will need the assurance that our good work is done without observance. Certain countries don’t like human rights workers “poking around,” for instance, or want to closely observe the movements of aid agency observers.
With that in mind, Phil Zimmermann, the original brain behind PGP, expects to launch Silent Circle later this year. The company’s main offering is a $20-a-month encryption service for voice, SMS, videoconference and e-mail traffic.
“The Drupal Security team has concluded that this does not constitute a valid vulnerability. The attack depends on a ‘Man In the Middle’ attack or sniffing software, which is outside of Drupal and presents a much bigger problem.
The Drupal Security team provides an easy way to report issues by sending emails to firstname.lastname@example.org, and we will credit researchers with all issues they report in this manner. No formal report of this issue was filed directly with our team. We encourage all researchers to follow the practice of responsible disclosure, and report directly to our team to ensure both that we can provide public credit for authentic vulnerabilities, and keep our users as secure as possible.”
Have you ever heard the saying, “passwords are like underwear?” Yep. That’s because
- you shouldn’t leave them lying around;
- you should change them often; and
- it’s best if you don’t share them with your friends.
You’ve heard the advice about choosing good passwords. They should be long — like sixteen characters (!) — contain at least one number, a mixture of capitals and lowercase, and at least one symbol. They shouldn’t contain the name of your pet or loved one, or the date of your anniversary of starting at your place of employment, et cetera.
Then there’s the other bits of advice. For one thing, you’re supposed to use different passwords for different accounts. Your Yahoo e-mail password should never be the same as your bank password, for example.
Also, you’re not supposed to write out your password and put it on a piece of paper in your drawer, or worse, on a sticky note on your monitor.
So, you might ask, “If they tell me to make my passwords basically unreadable and difficult to memorize, change them every 45 days or so, use different passwords for everything I ever sign up for, and never write any of them down in a visible place, will I be spending my life memorizing and creating passwords?”
The answer is… yes, you will.
At present I have over 400 passwords, and actively use maybe twenty or thirty of those. How am I supposed to remember all of them?
The answer: I don’t. I use a password manager to keep all my passwords in one place, and keep them secure. I have created a strong password to protect that database, so I don’t have to remember 400 passwords, I just have to remember one.
Try this out. I can recommend several good utilities if you’re interested.
I personally like KeePass Password Safe. This generates secure passwords for me and allows me to categorize them in an encrypted database. I synchronize that password database between several different computers by saving it in my Dropbox. Dropbox gives you a synchronized folder. When you save files to your Dropbox folder, you can access any of those files, from any of your devices. You can install a 2GB Dropbox for free from https://www.dropbox.com/ (or get an extra 250MB by using my Dropbox referral link).
A buddy of mine at work recommends RoboForm, and has used it for years with success. They have a Pro version (very affordable at $9.95 for unlimited devices), or a free trial you can use. I heard from her recently that with your purchase, they also offer a sync service, which you can use to keep all your passwords synchronized between different devices.
Another friend of mine likes LastPass, the online password manager and form filler. You’ve no doubt heard about their widely publicized security breach earlier this year. However they appear to have remedied the issue quite promptly, and to have learned from the issue.
"Richard Handl told The Associated Press that he had the radioactive elements radium, americium and uranium in his apartment in southern Sweden when police showed up and arrested him on charges of unauthorized possession of nuclear material."