Security for Dummies

security tips and tricks

3 facts from one source

I have mentioned several times here and here we all need password manager. These three posts in the ITFacts strongly support my words. My statement is clear – we need password manager software. I suggest using portable one

63% of Americans use roughly the same password for different online accounts
63% of Americans admit to using the same password or a variation of it for all or most of their online accounts. 6.7% use a variation of a familiar password for most of their online accounts. 22.9% use the same password for most of their online accounts. 3.5% use the same password for all their online accounts.

66% of US employees write down passwords in unsafe places
US workers, managers, and IT staffs alike are increasingly confronted with difficulties arising from computer passwords. Over half of all respondents said the average employee in their firms are required to remember three to five passwords, with an additional 26% saying the number ranges from six to ten or more. 49% responded that employees are required to use passwords more than 25 times per week, with 8% stating the number of password uses exceed 100 per week. 66% stated that employees write down or store passwords in unsafe places, creating a security problem for their companies. 48% of responding IT professionals are actively seeking a reliable password management solution. While 79% of those taking the survey report that security is their number one password management concern, 39% also reported Lost Employee Productivity or Frustration as an issue. In addition, 31% said that helpdesk hours are either lost or spent in frustration by support personnel.

Only 14% of business users use a different password for each site
14% of the business users use a unique password for each site. 41% use the same password all the time, while the remaining 45% use “a few” different passwords.

Advertisements

July 13, 2008 Posted by | passwords, Security, Security Threats | , | 1 Comment

Over 10000 laptops are lost every week in US airports

Yesterday article in PCWorld with reference to the Ponemon Institute The figure itself is amazing. But travelers’ attitude is more surprising.  About 77 percent of people surveyed said they had no hope of recovering a lost laptop. Therefore, they even did not claim the lost laptop. About 53 percent said that laptops contain confidential company information, with 65 percent taking no steps to protect the information.
What these figures say? 

  1. 53% of 637,000 = 337,610 laptops with confidential information lost each year
  2. 65% of 337,610 = 219,446 unprotected laptops with confidential information lost

According to the earlier survey of the same Ponemon Institute the average cost of compromised record in 2006 was $182. I can assume that nowadays it is much higher, about $250/record.

Assuming that each laptop has only 1 confidential record, direct annual damage is $54,861,625

Back to article:

Laptop theft is fairly prevalent in the U.S., said Mike Spinney, a spokesman for Ponemon Institute. In a study conducted by the institute, 76 percent of companies surveyed reported losing one or more laptops each year, of which 22 percent were due to theft or other criminal mischief.  Many people are ashamed of reporting lost laptops as they leave them where they shouldn’t be, Spinney said.

Let us compare above figures to the cost of simple measures for data protection:

  1. Encryption of disk – $45 per laptop with software solution or
  2. Encryption of disk – $115 per hardware key
  3. Dell Laptop tracking and recovery – 1st year free, including
  • Combat Theft – Absolute’s recovery team partners with law enforcement to track and recover your laptop 
  • Protect Data – Capability to delete valuable corporate data from the stolen system 
  • Track Your PCs – Manage software licenses, equipment leases, machine configurations and usage with remote monitoring capabilities.

What about your laptop?
Is it protected?
Do you keep confidential info on your hard disk?
Do you encrypt?

July 1, 2008 Posted by | Encryption, lost laptops, privacy, Security, Security Threats | , , | 1 Comment

Faking fingerprint (part 3)

Dear all, since the problem of faking fingerprints attracted so much interest, I decided to collect few available videos here. I am sure you can find more. If you meet something interesting, please drop a link in comments.

1. Karen Friar has sent a link to Dialogue Box video . This video describes an easy way to make a fake finger. Moulding plastic, jelly, milk and tea are all the ingredients that Dialogue Box needed to get past one biometric security device.   

2. This following one gets the same result with some other tools and materials

3. I personnaly love this one.

4. This one is really interesting for those who understand. They trick a Upek swipe-type capacitive sensor with a piece of wet paper.

5. One more crack of Digital Persona with gelly fingers. in German

I hope that you agree with me, there is no fingerprint sensor that cannot be tricked by artificial fingerprints. But I want you to understand me right. I am not against using biometrics! I am biometrics stickler! I beleive that it just shall be used in right place and it shall be called by the right name – not security provider, but security assistant.

 

June 30, 2008 Posted by | Biometrics, How-to, Security, Security Threats | , , | Leave a comment