Unlike some readers, I wouldn’t call Sam Harris a ‘racist’ (religions or ideologies aren’t races) or even a bigot. He thinks he’s actually got a good argument when he calls for profiling by the TSA. On face value, his arguments might seem sound, perhaps even nearly convincing – even though there’s a nagging feeling that what he’s saying just isn’t right. One of the problems is that it’s sometimes hard to tell if that nagging feeling is simply an emotional reaction to something due to our need to be politically correct (which I would argue is rarely a good reason to make these sorts of decisions) or if it’s because his argument is inherently flawed. Fortunately, Bruce Schneier makes it very clear that it’s the latter, and that profiling is A Bad Idea™. Security in general (computer or otherwise), is often a more difficult problem than most people will admit. […]... Read More

In my previous blog post, I wrote about choosing good passwords. However, most hack attempts don’t involve password hacking/guessing at all. Even dictionary attacks — which are far more common that brute force attacks — are not the most common way that criminals get at your account information and private data. In this blog post, I’ll mention some of the more common attacks, and how you can protect yourself against them. Throughout this post, I use the word criminal instead of hacker to distinguish between the two senses of the word that hacker has. In the media, hacker is synonymous with ‘computer criminal’ — the bad people who steal money from banks or who use computers to defraud people. In IT communities however, hackers are a sub-culture of software/hardware developers and enthusiasts who are simply interested in technology, software and security. The vast majority of them are not criminals, and in […]... Read More

One of my pet peeves about security are people who advocate for ‘strong’ passwords. Everyone knows these people, they’re the tech support person who tells you your password must have a minimum number of characters that you only use when censoring expletives. Even worse, some of them use a random password generator to assign a password to you that you’re unable to change. The argument for this is that if you have a wider range of characters in your password, you have greater entropy and therefore it is harder for your password to be hacked. Now, while there is some truth to that, there are numerous flaws in the logic when using it to determine a good security policy: 1. Most hack attempts are not ‘guesses’ High entropy is great when there is a brute force attempt to gain access. This is where the attacker uses an automated mechanism to […]... Read More