If you been using Ubiquity with Firefox, have a look at Quix. It combines a number of useful bookmarklets into one. You can then use them as commands to the browser. It is possible to add your own commands and override the existing ones. More details at quixapp.com
You might be aware that several high profile Twitter accounts belonging to people like President Elect Barack Obama, Britney Spears and Fox news being compromised had been compromised recently. This came to notice when tweets like the following began to appear.
This had been attributed to a phishing email initially but Wired.com provides a detailed account of how the hacker named GMZ was able to gain access to Twitter internal tools and compromise some big profile accounts. He was able to run a dictionary attack on a random Twitter user’s account who happened to have access to Twitter internals.
While this may sound like too much of a co incidence, it re iterates the number 1 rule of a strong password: NEVER USE A WORD THAT CAN BE FOUND IN A DICTIONARY AS YOUR PASSWORD. The account that was compromised had a pretty weak password: ‘happiness’ which is very easy to guess, let alone brute force.
Learning from this and the worst passwords of all times, you can easily create strong passwords.
That said, I know many people who just shrink back at the thought of remembering strong passwords and would rather use their dog’s name, often giving arguments like “Why would anyone want to hack into my account?”. Well apart from the fact that your account can be used in n number of ways against you, you should also realize that many people make a living out of getting personal data and their are plenty of buyers of such information. While in the Twitter case, you can argue why Twitter didn’t have an unsuccessful log ins limit, it goes to show that you have to be responsible not only for yourself but for others too (Think Social Networks). Moreover a well constructed password is not at all difficult to remember and yet secure.
Here are some tips you should follow to generate and use strong passwords:
Don’t use dictionary words
It’s a crime if you do so. And for that matter don’t even use combination of words like ‘prankfox’ or something similar formed by combination of two separate words. While more secure than a single word, these are not going to trouble a well written hacking tool.
Don’t attribute the password to yourself or your near/dear ones directly
This means you cannot use your Car chassis number (although pretty good, but better avoid), model number, your girlfriend’s name, your father’s name or birthplace as your password. While these may not feature in most dictionaries, these are some of the common attempts of a Social Engineer. Besides, you won’t want your seemingly friendly colleague who knows great deal about your life, having access to your accounts. Do you?
Don’t use repetition or sequences
This means you cannot use ‘abcdzyxw’ or ‘ggggggg3333’. Although these are not directly from the dictionary and might seem pretty secure but modern password crackers are good enough to take such things into account! The sequences also include consecutive keys on a keyboard. That is you should not use ‘asdfuiop’ or similar passwords that are easy to guess based on the keyboard layout. You can’t even imagine how easy it is for a casual person (let alone an adept shoulder surfer) looking over your shoulder to get your password if you violate this rule.
Those where the big DON’Ts. Now moving on to the DO’s:
Mix Upper case and Lower Case letters
I cannot emphasize this point enough. You know that the passwords are case sensitive, meaning that ‘happiness’ is different from ‘Happiness’ which is different from ‘HaPpINEsS’ when used as passwords. Just think about it, even if you are using ‘happiness’ as your password but you mix lowercase and uppercase letters and use something like ‘HAPpiNesS’ then a typical dictionary attack will not be able to figure out your password, unless it tries every possible combination for every possible letter in the word, for all the words in the dictionary, which would take months if not years.
Add in some numbers and special characters
We just say how mixing uppercase and lowercase letters makes your password difficult to crack. If you add some numbers and special characters (like %,#,_,; etc) in your password, you would not only avoid a majority of dictionary files but also increase the number of computations required to get a successful match
Use sufficiently long passwords
Use relatively large passwords. Most web applications fix a minimum length of 6 characters these days, but even when choosing passwords elsewhere you must not drop below this length. The longer the passwords the difficult it is to guess, unless it violates one of the above rules. Long passwords are also difficult to remember so you should figure out a nice length that is not too small and not difficult for you to remember at the same time.
Some Strategies for strong yet easy to remember passwords
- Start with a sentence. Say: “I had a BMW as my second car”
- Take first letter of each word ‘IhaBamsc’
- Password is already pretty strong, now reverse it ‘csmaBahI’
- Introduce some numbers. You can use 2 with s of second as ‘c2smaBahI’
- Make the password, easy to pronounce let’s say ‘c2EsmaBahIn’ i.e c2 – esma – bahin (makes no sense but can help you remember the password if you can pronounce it easily in your mind)
- Add a special character or two if you desire ‘c2Esma_BahIn’.
There you have it a pretty strong 12 character password originating from the second car you owned! Yes, indeed you should be using passwords like the one above. This is just one of the methods. The key is to devise your own method if you can and stick to it. It will be truly unique and most secure.
Passwords are important, really very important, sometimes I think there is too much depending on a password. For instance just imagine if someone had the password to your Google account? There is so much depending on that one password, use your imagination!
Stay tuned for part 2 of the post where we will have look on some tools you can use to create and manage passwords.
You can get notified automatically when it’s out by subscribing to the RSS feed.
It is said that a wise man learns from other’s mistakes (or something similar!). Here is a list of 500 lamest/worst passwords of all time I came across on the web. Hope yours is not on the list!
|Sr. No||Top 1-100||Top 101–200||Top 201–300||Top 301–400||Top 401–500|
via [What’s my Pass?]
Yep, you read it correct. New Year will be indeed one second late. If you just uttered WTF, you need to know about leap seconds. Righto! There are leap seconds just like there are leap years.
Remember as a kid you studied that a full revolution of earth around the sun is called a year and a full rotation of earth about its axis is called a day. And also that the solar year (time for one complete revolution) is 6 hours more than 365 days. So we have to add an extra day in February to compensate for this differential every 4 years.
Well leap seconds have a similar background. As you might be aware these days time is measured in terms of oscillations of Caesium-133 crystal. Now as it turns out, the crystal is more precise than earth’s rotation. Earth’s rotation is affected by a number of factors like solar winds, motion of masses inside earth etc. So we have a time differential, which keeps on accumulating with each day.
When this difference reaches a certain limit (i.e. close to 1 sec), it has to be corrected and this is when a leap second is added to the time. The total differential accumulated over the entire year is 0.6 so a leap second is generally added after 18 months.
The International Earth Rotation and Reference Systems Service takes care of all the complex mathematics and science for you and announces when a leap second is going to be added. Typically when a leap second is added the clock moves from 23:59:59 to 23:59:60 before striking 00:00:00. As it turns out a leap second will be added at 23:59:59 UTC on 31st December 2008. Here is the official announcement
So what do you need to do? Well computers and cellphones will adjust automatically via NTP and other means, and I suppose you wont be bothered adjusting your wrist watch to the closest second. So go and Party, just wait another second before you wish if you want to be precise and/or if your life depends on it!. If you are interested in catching the clock turn 23:59:60 these are some of your best bets or have a look here
Here in India we would have already wished new year, but people living in timezones that are behind UTC (and including UTC) would have to postpone the wishes for another second. Or you can countdown to -1 😉 or perhaps ..3, 2, 1, leapsecond, 0, Happy New Year!
Compressed files are common place on the Internet. More often than not the files you download from the Internet contain some form of compressed files. While ZIP and RAR are the most common formats in the Windows world, tar.gz is widely used on the Linux side.
As you might be knowing that you require special software to extract these files. WinRAR and WinZIP are the most common choices. However, these are not free and after the trial period is over you may be greeted with a nag screen or not allowed to use the product all together. So its time we go looking for some alternatives.
As it stands there is just a perfect alternative for all your archiving and extracting needs. Its 7-Zip. 7-Zip is free, open source and apparently performs better than its commercial counterparts. It is available for 98/ME/NT/2000/XP/Vista as well as for Linux. Let’s just see what 7-Zip has to offer:
As soon as you fire it up you are greeted by the powerful file manager. Using it is pretty intuitive. You can perform basic functions like extracting, testing, creating or copying/moving archives
I however like to utilise the integration with Windows Shell. I am sure you will like it this way as well. 7-zip integrates tightly with the right click menu. You can choose which menu options appear in when you click an archive, so it doesn’t clutter your context menu. Just click on file and choose the appropriate action and 7-zip does the rest, quickly and efficiently
7-Zip supports creating and extracting archives which are in 7z, ZIP, GZIP, BZ2 and TAR format while it can extract (not create) archives in ARJ, CAB, CHM, CPIO, DEB, DMG, HFS, ISO, LZH, LZMA, MSI, NSIS, RAR, RPM, UDF, WIM, XAR and Z formats. That’s more file formats supported than you would ever need. A downside can be that is doesn’t allow you to create RAR archives if you use RAR a lot. As for me that is not an issue because of all the other formats that it supports. In particular the 7z format offers better compression than other formats so you might want to look into that.
Don’t take my word for it, the 7-Zip site offers details on how 7-Zip(and the 7z format) compares performance wise with some of the commercial offerings out there:
Another 7-Zip feature that I simply adore is that you can encrypt your data when you are creating an archive in 7z or Zip format. Add in a password and you have got your data protected. Additionally you can choose to encrypt the filename as well if you think the name is giving away too much of information.
Developers can also get access to LZMA SDK that allows you to use compression in your applications. Visit the 7-Zip home page for more details.
7-Zip is perfect for your daily archival needs. Its free, its open source and its better, I have never looked for anything else since I started using it. Give it a shot and let us know how you liked it
Head on over to WebValuer to find out what is your site worth. WebValuer takes in the domain name, fetches some statistics and gives you the net worth of your website.
Techcrazy Blog is valued at $8,495. Hmm.. I am not too sure if this is accurate. Any comments?
Webvaluer claims that although not exact, but still the estimates are good enough to get a general idea. Anyways while you are there you can also have a look at your website’s rank. Online status, employees, demographics. You might already be knowing the stats but its nice and fun to look at what the world sees, and of course at the price
If you have a website and blog, hop over to WebValuer, you can also get a badge to put on your site letting the world know that they are on some precious teritorry. Let me know what your site is worth. Then may be we can arrange a meet up at some casino!