Sunday, February 24, 2013

2/24/13 Fun Stuff Updated

Fun Stuff has been updated.  It is updated randomly but often, since we respect the mailbox.

New music, movies and food naturally.  We are focusing on hacking and protecting our accounts.  I found a new source that is one of the stories.

Bookmark this site to check in more often: http://jafunstuff.blogspot.com/

JA


Fun Stuff updated

Fun Stuff has been updated.  It is updated randomly but often, since we respect the mailbox.

New music, movies and food naturally.  We are focusing on hacking and protecting our accounts.  I found a new source that is one of the stories.

Bookmark this site to check in more often: http://jafunstuff.blogspot.com/

JA

Saturday, February 23, 2013

FILM: The Best Exotic Marigold Hotel

Rated M.  Mature Baby Boomer Audiences.  Probably no other age group will like this.

Great film.

A bunch of active seniors in England find their retirement is less than they expect and decide to fund it in the Indian city of Jaipur.  A composite cast of actors of about a dozen, including "M" - Judi Dench, and Maggie Smith.  Actor from Slumdog Millionaire.  It is cast in India.

This was never a hit in the states and I never heard of it.  But it was good.  Therefore it qualifies as a FUN STUFF.

The Best Exotic Marigold Hotel  - Netflix
  
JA



Wednesday, February 20, 2013

Return to Adobe Blues - Staten Island Mexican & Music

Staten Island is an anachronism.  It suffers some ridicule, and it REALLY, REALLY has some the worst retail stores among the Giants like Macy's. 

HOWEVER, It has some of the best parks and wildlife in NEW YORK CITY.  Fortunately, the CULINARY scene has been improving and diversifying for the last several years despite the economy.

Tonite was a return to ADOBE BLUES with friends.  This place is a GEM if you like live music.  Here since 1993.  AND the food is very good Mexican.  The appetizers are original, like mini tacos, buffalo sausage, and Jalepeno Poppers.  Chili Rellenos and Tamales are terrific main courses.  200 Beers on the list, Margaritas and a short, serviceable, inexpensive wine list.

Now the clincher:  The WOLFPACK.  A Blues / Jazz trio.  These baby boomers remind you of CREAM that was raised in New Orleans.  They do mix of styles with some jazz, but mostly blues.  For the later sets, they invite local musicians to sit in a jam session

Here is the way to do this.  Get there at 8pm on WEDNESDAYS.  No reservations.  Order and eat.  Band sets up and comes on for real at 9:15 ish.  45 minutes sets.  You start to think you like Staten Island and don't regret passing up the opportunity in Hoboken.
JA

On the North Shore, all the Logistics below:

 





Wednesday, February 13, 2013

Apple Wristwatch Computer

FYI.
JA


SOURCE: http://www.bloomberg.com/news/2013-02-12/apple-said-to-have-team-developing-wristwatch-computer.html

Apple Said to Have Team Developing Wristwatch Computer


Kevork Djansezian/Getty Images
Chief Executive Officer Tim Cook is facing pressure from shareholders who have seen the stock slump more than 30 percent since a September high.

Apple Inc. has a team of about 100 product designers working on a wristwatch-like device that may perform some of the tasks now handled by the iPhone and iPad, two people familiar with the company's plans said.

Feb. 7 (Bloomberg) -- David Einhorn, president of Greenlight Capital Inc., talks about his call for Apple Inc. to return more of its $137.1 billion in cash to shareholders and his proposal that the company distribute a high-yielding preferred stock that wouldn't cost shareholders. Greenlight, an Apple investor, asked fellow holders to vote against a proposal, outlined in the company's annual proxy statement, that would eliminate preferred stock. Einhorn speaks with Stephanie Ruhle and Erik Schatzker on Bloomberg Television's "Market Makers." (Source: Bloomberg)

Feb. 8 (Bloomberg) -- Lawrence Haverty, a portfolio manager at Gamco Investors Inc., talks about Apple Inc.'s consideration of ways to disburse some of its $137.1 billion in cash to shareholders. Haverty speaks with Tom Keene and Scarlet Fu on Bloomberg Television's "Surveillance." (Source: Bloomberg)

The team, which has grown in the past year, includes managers, members of the marketing group, and software and hardware engineers who previously worked on the iPhone and iPad, said the people, who asked not to be named because the plans are private. The team's size suggests Apple is beyond the experimentation phase in its development, said the people.

Chief Executive Officer Tim Cook is facing pressure from shareholders who have seen the stock slump more than 30 percent since a September high amid slowing sales growth and competition from rivals such as Samsung Electronics Co. Without a revolutionary new gadget that commands a higher price, investors are concerned about falling margins and increased competition.

"The iWatch will fill a gaping hole in the Apple ecosystem," Bruce Tognazzini, a technology consultant and former Apple employee, wrote in a blog post last week. "Like other breakthrough Apple products, its value will be underestimated at launch, then grow to have a profound impact on our lives and Apple's fortunes."

Natalie Kerris, a spokeswoman for Cupertino, California- based Apple, declined to comment yesterday. Previously, the New York Times reported that Apple was working on a watch-like device.

Wearable Computers

Apple's James Foster, senior director of engineering, and Achim Pantfoerder, another manager, are part of the efforts to introduce a wristwatch-style computer, according to the people. Apple has worked on wearable devices for tracking fitness in the past and never brought them to market, said one of the people.

Creating a watch involves unique challenges, particularly managing power demands so that the battery doesn't need to be recharged every day. Google Inc. has been working on eyeglass- embedded computers and plans to introduce them in 2014.

The introduction of a wearable computing device may signal a new direction for the consumer-electronics industry. Apple's debut of the iPhone in 2007 and iPad in 2010 created the market for touch-screen smartphones and tablet computers that have been followed by companies such as Google, Samsung and Microsoft Corp.

Apple is right to invest in products such as watches, even if they don't result in commercial products, said Josh Spencer, a fund manager at T. Rowe Price Group Inc.

"There's more people that would wear an Apple watch than would wear Google glasses," Spencer said.

Wearable machines for tracking fitness are already on the market from Nike Inc., Fitbit Inc. and other manufacturers.

Hon Hai Precision Industry Co., which assembles the iPhone, in 2001 invested in startup WIMM Labs, which designed a watch with a screen, Wi-Fi and Bluetooth.

To contact the reporters on this story: Peter Burrows in San Francisco at pburrows@bloomberg.net; Adam Satariano in San Francisco at asatariano1@bloomberg.net

To contact the editor responsible for this story: Tom Giles at tgiles5@bloomberg.net


Tuesday, February 12, 2013

Nobody ever told me: Fitness Music

News Flash - Half the Beatles are dead.  New music has taken their place since the 1960's.

Some of that is called FITNESS MUSIC.  This being winter, I cannot Mountain Bike very well in the snow unlike last month.


Get into iTunes and call up: fitness music Spin/Bike classes at the YMCA offer new opportunities to hear relevant new music.  Great stuff to put on your iPod.

 You may notice a BPM  (Beats per minute) count on the various arrangements.  Slow is 120, fast is 170.  You can click here for more info.

JA

Sunday, February 10, 2013

How to Devise Passwords That Drive Hackers Away

This is newer info on last nights post on how quickly you can be hacked and what to do about it.
JA



TOOL KIT

How to Devise Passwords That Drive Hackers Away

By 

NY TIMES Published: November 7, 2012

Not long after I began writing about cybersecurity, I became a paranoid caricature of my former self. It's hard to maintain peace of mind when hackers remind me every day, all day, just how easy it is to steal my personal data.

Minh Uong/The New York Times

Within weeks, I set up unique, complex passwords for every Web site, enabled two-step authentication for my e-mail accounts, and even covered up my computer's Web camera with a piece of masking tape — a precaution that invited ridicule from friends and co-workers who suggested it was time to get my head checked.

But recent episodes offered vindication. I removed the webcam tape — after a friend convinced me that it was a little much — only to see its light turn green a few days later, suggesting someone was in my computer and watching. More recently, I received a text message from Google with the two-step verification code for my Gmail account. That's the string of numbers Google sends after you correctly enter the password to your Gmail account, and it serves as a second password. (Do sign up for it.) The only problem was that I was not trying to get into my Gmail account. I was nowhere near a computer. Apparently, somebody else was.

It is absurdly easy to get hacked. All it takes is clicking on one malicious link or attachment. Companies' computer systems are attacked every day by hackers looking for passwords to sell on auctionlike black market sites where a single password can fetch $20. Hackers regularly exploit tools like John the Ripper, a free password-cracking program that use lists of commonly used passwords from breached sites and can test millions of passwords per second.

Chances are, most people will get hacked at some point in their lifetime. The best they can do is delay the inevitable by avoiding suspicious links, even from friends, and manage their passwords. Unfortunately, good password hygiene is like flossing — you know it's important, but it takes effort. How do you possibly come up with different, hard-to-crack passwords for every single news, social network, e-commerce, banking, corporate and e-mail account and still remember them all?

To answer that question, I called two of the most (justifiably) paranoid people I know, Jeremiah Grossman and Paul Kocher, to find out how they keep their information safe. Mr. Grossman was the first hacker to demonstrate how easily somebody can break into a computer's webcam and microphone through a Web browser. He is now chief technology officer at WhiteHat Security, an Internet and network security firm, where he is frequently targeted by cybercriminals. Mr. Kocher, a well-known cryptographer, gained notice for clever hacks on security systems. He now runs Cryptography Research, a security firm that specializes in keeping systems hacker-resistant. Here were their tips:

FORGET THE DICTIONARY If your password can be found in a dictionary, you might as well not have one. "The worst passwords are dictionary words or a small number of insertions or changes to words that are in the dictionary," said Mr. Kocher. Hackers will often test passwords from a dictionary or aggregated from breaches. If your password is not in that set, hackers will typically move on.

NEVER USE THE SAME PASSWORD TWICE People tend to use the same password across multiple sites, a fact hackers regularly exploit. While cracking into someone's professional profile on LinkedIn might not have dire consequences, hackers will use that password to crack into, say, someone's e-mail, bank, or brokerage account where more valuable financial and personal data is stored.

COME UP WITH A PASSPHRASE The longer your password, the longer it will take to crack. A password should ideally be 14 characters or more in length if you want to make it uncrackable by an attacker in less than 24 hours. Because longer passwords tend to be harder to remember, consider a passphrase, such as a favorite movie quote, song lyric, or poem, and string together only the first one or two letters of each word in the sentence.

OR JUST JAM ON YOUR KEYBOARD For sensitive accounts, Mr. Grossman says that instead of a passphrase, he will randomly jam on his keyboard, intermittently hitting the Shift and Alt keys, and copy the result into a text file which he stores on an encrypted, password-protected USB drive. "That way, if someone puts a gun to my head and demands to know my password, I can honestly say I don't know it."

STORE YOUR PASSWORDS SECURELY Do not store your passwords in your in-box or on your desktop. If malware infects your computer, you're toast. Mr. Grossman stores his password file on an encrypted USB drive for which he has a long, complex password that he has memorized. He copies and pastes those passwords into accounts so that, in the event an attacker installs keystroke logging software on his computer, they cannot record the keystrokes to his password. Mr. Kocher takes a more old-fashioned approach: He keeps password hints, not the actual passwords, on a scrap of paper in his wallet. "I try to keep my most sensitive information off the Internet completely," Mr. Kocher said.

A PASSWORD MANAGER? MAYBE Password-protection software lets you store all your usernames and passwords in one place. Some programs will even create strong passwords for you and automatically log you in to sites as long as you provide one master password. LastPassSplashData and AgileBits offer password management software for Windows, Macs and mobile devices. But consider yourself warned: Mr. Kocher said he did not use the software because even with encryption, it still lived on the computer itself. "If someone steals my computer, I've lost my passwords." Mr. Grossman said he did not trust the software because he didn't write it. Indeed, at a security conference in Amsterdam earlier this year, hackers demonstrated how easily the cryptography used by many popular mobile password managers could be cracked.

IGNORE SECURITY QUESTIONS There is a limited set of answers to questions like "What is your favorite color?" and most answers to questions like "What middle school did you attend?" can be found on the Internet. Hackers use that information to reset your password and take control of your account. Earlier this year, a hacker claimed he was able to crack into Mitt Romney's Hotmail and Dropbox accounts using the name of his favorite pet. A better approach would be to enter a password hint that has nothing to do with the question itself. For example, if the security question asks for the name of the hospital in which you were born, your answer might be: "Your favorite song lyric."

USE DIFFERENT BROWSERS Mr. Grossman makes a point of using different Web browsers for different activities. "Pick one browser for 'promiscuous' browsing: online forums, news sites, blogs — anything you don't consider important," he said. "When you're online banking or checking e-mail, fire up a secondary Web browser, then shut it down." That way, if your browser catches an infection when you accidentally stumble on an X-rated site, your bank account is not necessarily compromised. As for which browser to use for which activities, a study last year by Accuvant Labs of Web browsers — including Mozilla Firefox, Google Chrome and Microsoft Internet Explorer — found that Chrome was the least susceptible to attacks.

SHARE CAUTIOUSLY "You are your e-mail address and your password," Mr. Kocher emphasized. Whenever possible, he will not register for online accounts using his real e-mail address. Instead he will use "throwaway" e-mail addresses, like those offered by10minutemail.com. Users register and confirm an online account, which self-destructs 10 minutes later. Mr. Grossman said he often warned people to treat anything they typed or shared online as public record.

"At some point, you will get hacked — it's only a matter of time," warned Mr. Grossman. "If that's unacceptable to you, don't put it online."

A version of this article appeared in print on November 8, 2012, on page B8 of the New York edition with the headline: How to Devise Passwords That Drive Hackers Away.

Saturday, February 9, 2013

Nobody ever told me - Password Length

Nobody ever shared this with me.  A VERY useful tip I just got via a trusted source tonite in a roundabout way.  However, this is from 2006.  Does anyone have an update?
http://www.infoworld.com/d/security-central/password-size-does-matter-531
JA

Password size does matter

This week's scheduled column on security maturity has been rescheduled for next week.

It's because I can't take the misinformation anymore.
I was recently contacted by the company that manages my stock to open up a new Web site log-on account. During new account creation, it asked me to input a secure password. So, I put in my normal password that is 21 characters long followed by 10 characters that are unique per Web site, but only uses lowercase letters. The length of the base password prevents basic password cracking and guessing, while the additional characters make the overall password (or pass phrase) unique so that no two resources ever have the same password.
At 31 characters long, my password is all but unhackable. Attackers will need to find another way to compromise my account rather than trying to guess it or crack it with brute force.
But of course, as usual, the finance company's Web site required that my password be complex, using three of four presented sets of characters, such as at least one uppercase character or one nonalphanumeric symbol. So although the password could be only six characters long, according to their policy, it also had to be complex.
The conventional thinking is that the additional complexity presents such an increased workload for the hacker that complexity is the holy grail of password hacking prevention. After all, conventional wisdom says that all the good Web sites require complexity. Heck, a Microsoft Windows log-on password requires complexity. Every new password policy I read requires complexity -- but gives scant consideration to the equal (or better) importance of longer password length.
They're all wrong! Character-for-character, password length is more important for security than complexity. Requiring complexity but allowing passwords to remain short makes passwords more vulnerable to attack than simply requiring easier-to-remember, longer passwords.
For everyone using six- to nine-character passwords with "complexity," I appreciate it. I get paid to break in to systems for a living, and you make my job easier.
Strength is provided by increasing the number of possible passwords the attacker has to guess (let's call this the keyspace even though it really isn't appropriate in this context). The keyspace is represented mathematically as X^L, where X is the number of possible characters that can be in the password and L is the length. If you do the basic analysis, you can see that changes in L are more significant, character for character, than changes in X.
But conventional wisdom will have you believe that increasing complexity forces the password attacker to use significantly more possible characters in their attack. In the X^L formula example, forcing the use of capitalized letters requires the value of X to go from 26 for all possible lower case letters to 52 for both upper case and lower case letters. And if you include nonalphanumeric characters, X goes up to 94 to support all the normal single characters you can type on a 101 keyboard. Windows will allow you to use any Unicode character, which includes upwards of 65,000 different symbols.
Of course, most people only use the 94 standard keyboard keys. And if people actually evenly used the 94 characters of potential complexity, short passwords would be uncrackable, because 94^8 = 6,095,689,385,410,816 possible passwords -- which is uncrackable using anything known today or in the near future.
The problem with this analysis is that complexity cannot be guaranteed, and for the most part will be circumvented by your end-users. Whether you give them 94 characters or 65,000 characters to choose from, most will choose to include the same 32 characters (several studies have discussed this, including this Microsoft debate [1]).
This means that the effective password space for most environments is 32^L, plus a few more characters. In the study cited above, 10 percent of the cracked passwords only used the included 32 characters. It's important to note that this was a sample of passwords within a company that had a higher state of security than most organizations.
And because most users also use dictionary words as the root to their "complex" password, and follow other common conventions (capitalized letters are at the beginning, numbers are at the end), a simple hybrid attack will break most of them in less than a day. Trust me, I know -- I do it for a living.
There is no easy way to force true password complexity in most environments without a software addition, other than to generate truly random passwords and hand them out to users. They will probably hate you for doing so, but the greater concern is that writing down their passwords makes them even weaker than noncomplex passwords.
If you can't guarantee true password complexity (and you probably can't) length is your best bet. I'd guess that a typical good, knowledgeable password hacker can crack up to nine-character passwords within normal levels of ability and resources. At 10 characters, it becomes very hard to crack, regardless of complexity.
So, when trying to increase the strength of your passwords, my advice is to consider length as much or more than you consider complexity. For my money, length is all the protection I need. Make your admin and root passwords 15 or more characters long and forget about complexity -- at 15 characters-plus, they are all but uncrackable.
If you still don't believe me, participate in my password cracking challenge [2]. Win $100 and books. Odds are that you'll crack the 10-character complex challenge long before the 15-character no-complexity password.