In one such recent attack, Robert Graham, the CEO of Errata Security, came to a few startling conclusions based on the passwords published showing what should not be your password:

• 16% of passwords matched a person’s first name
• 14% of passwords were patterns on the keyboard
• 4% are variations of the word “password”
• 5% of passwords are pop-culture references
• 4% of passwords appear to reference things nearby
• 3% of passwords are “emo” words
• 3% are “don’t care” words
• 1.3% are passwords people saw in movies/TV
• 1% are sports related

You can read the complete report here.

Password management is a big hassle that every Internet user has to deal with today. Apart from the regular ones that I use, I try out new products and services all the time and have over 50 different accounts as I speak. So I use a password management software called KeePass, which is open source. In the past, Jesse suggested several others like Billeo, Vidoop and Passpack. These softwares usually are also capable of generating strong passwords or you can use an online service like the Strong Password Generator to generate a password for you.

The most basic rule is to use a long combination of small and capital letters, numbers and symbols. Read this Microsoft Security article about how to create and use strong passwords.

Post from: EveryJoe

Strong and Weak Passwords

Post from: EveryJoe

Read My Guest Posts

On this occasion, the super blog has two interesting posts: Our Best Posts From 2005 to 2009, and Weirdest and Most Controversial Posts.

I am especially thankful to Gina Trapani, the blog’s founding editor, for introducing me to Cygwin and the todo.sh. She used to make frequent posts but has been writing only a weekly column on the blog these days. She released a book, Upgrade Your Life: The Lifehacker Guide to Working Smarter, Faster, Better, which consists of all the best hacks from Lifehacker.com’s archives, and her personal manifesto on working more efficiently in the digital age. Check out the official web site of Upgrade Your Life to browse the table of contents and download a sample chapter.

Happy birthday, Lifehacker! Many happy returns of the day. I am a regular visitor of Lifehacker, a big user of Cygwin, and I hope that the four-hour-long course that I did today on time management nudges me enough to become a daily user of todo.sh.

In this spirit, dear readers, here is the ultimate list of free Windows software from Microsoft. Enjoy.

Post from: EveryJoe

Happy Birthday Lifehacker

Milo discovered a product especially useful for enterprises of all sizes called Nightwatchman, a good news that Microsoft didn’t lay off anybody in the Vista team. I knew that they didn’t touch the Silverlight team, but frankly I’m surprised about this because Vista hasn’t been very profitable to Microsoft. Or has it? One bad news is the Windows 7 minimum requirements. It may not be a good experience to try it on my netbook which just meets the minimum requirements and my laptop which is old enough to even miss the minimum. But if anyone is interested, you can get the Windows 7 look into Windows XP. He also found a couple of amusing videos, one called “how to say i love you.” and another a confirmation of love, a marriage at Taco Bell. Recession, aye?

Jason found a few websites that can assist you in unique ways: one for helping educate your kids, one a calendar to help others, and another to scan your computer online. He covered a lot of Windows Powertoys, a mobile media browser and found another reason to continue loving Zune. He also has a couple of how-tos for selecting non-linear text in a word document and sharing Outlook calendar availability. One bad news, I mean another one, is that Microsoft is shutting down MSN Groups.

Claire thought out loud about the gap between Linux and mainstream users, learnt something new about less (which all you Cygwin users may find useful), discovered a wonderful browser called Kidzui which attempts to make the Internet a more kid-friendly place.

Juan wonders whether the Mac is not invincible anymore and whether Apple really needs to make a netbook. He is glad to find a symbol cheat widget and an app that can save his day with a bunch of drawings. The latter isn’t my cup of tea. He along with Jayvee found out about Apple’s stand on piracy.

Post from: EveryJoe

A Massive Tech Channel Roundup

The Google Enterprise Mail is apparently a much-in-demand service too and it has a Google Enterprise “spam squad” who welcome spam so as to analyze and counter them. Nearly a month after the new year started, they have posted a retrospective post “2008: The Year in Spam” which you may go through if you have time. Otherwise this summary will suffice.

Closing the McColo Network culled spam by 70% in Nov, 2008, but it has been growing at a rate of 156% ever since. The highest spam last year, however, was on April 23rd, where one undisclosed customer reported receiving 100 emails per minute per user. The unsurprising bad news is that, “All indicators suggest this trend (read increase) will continue as virus, malware, and link-based attacks become both more frequent and more ingenious.” Sigh.

What I observed in my inbox is backed by the report as another growing trend: “emailing spoofed news alerts with URLs that would link to a website hosting the virus.”

Watch out and defend yourself.

Post from: EveryJoe

From Those Who Welcome Spam

Read the Symantec Report on the Underground Economy or listen to the corresponding Symantec podcast by Zulfikar Ramzan, the Security Technology & Response Technical Director.

Symantec estimates the value of total advertised goods on the underground servers as up to $276 Million and this figure is from only the underground they had access to. Mr. Ramzan said in the podcast how the actual size is extremely tough to estimate, what with the smartest of the criminals remaining in the underground of underground.

It is alarming and interesting to see how the underground economy functions, in ways similar to any other economy. The trends, I believe, will remain upward because cybercrime is still in its infancy even though there are already malicious but very smart people out there.

A person without any knowledge about cybercrime could start by getting access to any of the malicious tools like the Attack toolkits and Keystroke loggers. However, there are specialized roles within cybercrime each of which can’t be done by just about anybody.

Once goods or information are stolen, they are advertised, sold and resold.

Pirated softwares include desktop games, multimedia software, business software suites and OSs. Some of them could be offered for free to establish their credibility, but those with greater consumer demand are also often attached with malwares. The pricing of pirated goods is often proportional to identical trends in the genuine softwares.

However, according to the report, pirated softwares make only one-third of the underworld economy. Sensitive information is more popular. The above screenshot shows a table with the percentage-wise division of the top kinds of sensitive information that the cyber criminals are after. It sends a chill down my spine, especially with the 4th and 5th ranks.

An interesting tidbit: The United States hosted 41 percent of the total observed underground economy servers worldwide, while Romania had the second highest percentage at 13 percent of the total. Romania! Who would have guessed?

Image Source: Symantec.

Post from: EveryJoe

Symantec Report on the Underground Economy

I use Wikipedia as much as I use Google, and often visit the site directly for certain kinds of information, before searching it elsewhere. Even though it is constantly criticized for articles especially about various historical events and personalities, it is resourceful in succinctly providing valuable information about a multitude of concepts.

Not just Wikipedia, but many other sites that came after it, all under the Wikimedia Foundation, Inc., a non-profit organization. Check out the Wikimedia Projects page to discover them.

Alexa, the website ranking site, ranks Wikipedia at 8. That is very encouraging for the only non-profit advertisement-free website among the top 10 websites of the world. However, it only gets around 8% of the Internet global traffic, compared to around 30% that sites like Google and Yahoo! get. It deserves more.

More people should benefit from this wonderful source. Start becoming a regular user yourself and tell about it to all your friends who are not about it.

Support Wikipedia.

Image Source: Wikipedia.

Post from: EveryJoe

Happy Birthday Wikipedia

Do not make the mistake of installing it or upgrading it now.

Firefox’s “Find Updates” in Tools –> Add-ons could not find the latest version 2.9 just like the Mozilla Add-ons website couldn’t recommend it because Site Advisor is not your normal .XPI add-on. One has to download and install a .EXE through the Site Advisor download page.

The latest version is about 3.0MB large, takes a lot of time to install, asks for a reboot, and even then creates annoying problems post-installation until you disable it. The problem is that every time you open Mozilla Firefox or Internet Explorer, a popup asking you about post-installation settings appears again, asking you to Accept or Decline their EULA. The annoyance stops only after declining.

I tried this (by mistake) on a friend’s and my laptop and the problem was persistent. On one of the two, the pop-ups stopped but McAfee Site Advisor no longer had its search bar and it wasn’t showing whether a site is safe or not. That is because one has to “Decline” to get there in the first place.

I couldn’t find any fixes online yet. Let me know if you have any.

Image Source: McAfee Site Advisor Screenshots taken on my laptop.

Post from: EveryJoe

Do Not Install or Upgrade McAfee Site Advisor

Here are three problems all twitter users are likely to face on Twitter:

Phishing: Twittersphere is abuzz with tweets about phishing, which prompted me to make this post. There is a phishing attack spreading across Twitter at this moment. It began with what is being called “DM Deception”. User A receives a direct message from User B asking them to check out some URL. You know what happens next. I didn’t face this yet, but I have seen compromised accounts among my followers tweeting messages like, “Check out this cute pic of yours, LOL…” with another URL.

If you suspect that you may have become a victim to a phishing attack, change your password immediately. If it is beyond salvation, bite the bullet and report the user as malicious. Twitter has so far been quick at suspending suspicious users.

Shortening URLs: I am not complaining but I expected this to be more rampant than what it is now. More URL shorteners like TinyURL, Tr.im, Snurl are crowding because of the growth of Twitter. A long URL is shortened to take fewer characters so that it can be shared through tweets. The trouble is that you have no idea about what you are clicking at. It could very well be some link spreading malware. What makes this worse is that these shortened URLs are too similar to be distinguished or remembered; you could click on the same bad link twice on your bad day.

A solution is to enable the preview feature. Tinyurl, e.g., provides a cool preview feature which when enabled shows what the URL redirects to (the original URL that was shortened) and then asks you whether you want to proceed to that site. I wish that all URL shorteners implement the feature.

Twitter Apps: Hundreds of apps are being developed around Twitter. Take a look at this list of Twitter Clients being used and you will know. All these expect your Twitter username and password to login. You might come across a new app that asks you to enter your Twitter username and password to be able to use it, and what if it steals your username and password? This might seem far-fetched but I don’t see why it can’t be done.

I tend to give any new app a day or so before using it, and I keep my ears open to listen to the grapevine until then. When my work depends on trying such apps I try it with a secondary account first.

As of now, I believe that the elite Twitter users are more prone to these attacks and have more to lose. That said, having started using Twitter only a couple of months ago, I find it immensely useful and would like to be prepared to face all possible annoyances. So what other problems do you think we might face?

Post from: EveryJoe

3 Problems We Will Face on Twitter

A search for “Live Writer” in the Microsoft Download Center took me to this page. It is an old page from which I downloaded the 2.3MB installer and tried to install the required software. Thrice. It gave me hell, with the installation hanging at 99% each time.

I then googled for a direct setup file of Live Writer and landed here. When we press “Download” button on this page, it redirects us to a funny page while the download of a new 1.1MB installer starts.

The installer worked, thankfully. But take a look at the funny page I just mentioned. It is common knowledge that Microsoft likes to treat its users as dummies. But what can any dummy make out of a page which has three empty screenshots that look like an idle artist’s doodles and three messages which start with “If you see a message asking if you want to…” and are followed by non-keywords? And which responsible website of such great importance not update itself even when a later version of installer is available?

Very helpful again, Microsoft.

Image Source: Microsoft Windows Live Writer download page.

Post from: EveryJoe

User-friendliness of Microsoft