"Forgot Your Password" ?

Well what do you know, who could ever thought the most widely used password recovery procedure would be exploited? Who could ever thought that a security procedure would not be that secured at all?

I was checking my mails at Hotmail and bumped into an article in MSN. There was an individual who just stole somebody's identity just by viewing the victim's profile that is freely available online! With the flooding rise of community sites on the web today, like Facebook, Friendster, even IMEEM and others, your information is freely available and who ever bumps into your personal information would use what they see to access your bank accounts, email accounts, and other vital information they could get.

I am talking about a man named Herbert H. Thompson, a professor and software developer who was able to spent a career in software security. In his article, he said, "I decided to conduct an experiment to see how vulnerable people's accounts are to mining the Web for information. I asked some of my acquaintances, people I know only casually, if with their permission and under their supervision I could break into their online banking accounts. After a few uncomfortable pauses, some agreed. The goal was simple: get into their online banking account by using information about them, their hobbies, their families and their lives freely available online."

Some security researchers are beginning to sound the alarm about "password resetting" tools, suggesting they could be the weakest link in Web security.

If you try looking for your friend's information, you could simply Google their names and without invoking a magic word, or waving a magic wand, there you see a list of sites where your friend's information is freely available and worse freely exploitable! I tried Googling my name, and there it was, a list of the sites I am currently subscribed and with all the correct but undated information. I tried Googling Himura's name and that's how I found out when his birthday was! (I won't use your information against you Himura.)

When Paris Hilton's cell phone was famously hacked in 2005, some tech sites reported that criminals simply used her dog's name, easily found online, to break in. That theory was later discredited, but it likely sent criminals scurrying to find famous people's dog's names.

It also prompted researchers to study the issue, which is also known as “fallback authentication.” Ariel Rabkin, a researcher at the University of California at Berkeley, is probably the first to attempt to quantify the problem.

"Security questions are getting weaker over time," he said. Mother's maiden name, for example, continues to be asked even though it's often now available from various online sources. "We can’t seem to get rid of that question. … If we do nothing this will get steadily worse."

Red Tape Wrestling Tips
Researchers like Jakobsson are looking for new ways to authenticate consumers. One obvious area of potential is biometrics. The chief criticism of this technology, which uses people’s eyes, fingerprints, etc., to verify their identity, is the “doomsday” possibility that once such information is compromised, it could never be trusted again. You can’t change irises, for example. But Thompson points out that the same is true for personal information such as your first pet’s name or you mother’s middle name. While biometrics has potential flaws, new systems will soon be necessary, Thompson said.

Of course, these security enhancements are still in the future, so for now, consumers must fend for themselves. When answering password recovery questions while registering for online banking and other Web sites, don’t always pick the most obvious question. Consider what someone might be able to find about you on your blog. Better yet, consider not disclosing any personal information on your blog.

Alfred Huger, a security researcher at Symantec Corp., offers this suggestion: Some sites now allow consumers to make up their own question. While that might be a hassle, it’s probably much more secure. Again, think of a question only you can answer, and something that’s unlikely to be in any database. That probably means the name of your first girlfriend or boyfriend won’t cut it.

So the next time you post your information on the web, maybe it's good that you lie about it...just to be safe. If you don't want to lie, you can still post real information on the web but you would not give them "possible answers" to the "Forgot Your Password" link...

Sources: Red Tape Chronicles, Scientific American Website

Read More

Ho Do I Know That I'm Ready for Another Relationship?

When do you really know?

After a breakup, is there a time span when to start all over again?

How do you know that you won't mess up this time?

How do you know if she's "the one"?

Where do I start looking for her?

I had the urge of writing about this after watching the Sex and the City film. I thought that film was full of the sex and not much of the tissues. Yeah there were some awesome sex but really more on relationships.

Just to give you something of what the movie was for me, for me, it was more about these people facing another phase in their lives. From "labels" to real relationships. Living the New York life, some may say people come to New York looking for "real love" it's a melting pot of people who had broken relationships and trying to build it over again and find the real thing.

Yesterday after work, I went downtown, without really knowing where to go and what to do. Landed on the mall, saw some familiar faces from college, some married, some with their other half. And who am I with??! It strucked me that I was alone, being a born-again Christian as I am, I am well aware that I am not alone, but God did not make me to live alone...I know I have to look for...love, the love of a woman whom I can share my love, thoughts, time, and attention.

So how do you really know that you're ready for another relationship?

• Well, my thought is...I need to think of what went wrong with my past relationship yes it was long distance and most people say it would never last, but things happen differently for most people right? So I think it may or may not work...it just depends on how you both do your part in the relationship. So how do I know that I'm up for grabs and ready to meet another lady? "You can't give what you don't have", do I love my self more than any body else? because if i don't then how do I know how to love? I must love my self and get to know my self for me to be ready to share love to someone who's worthy of that love and would gladly accept it.

Is there a time span?

• I don't think there is, well they said it has three phases before you start all over again, you can start all over again if you're willing to, after you have forgiven yourself and admit that you failed, and that you have forgiven your "ex" for her lapses.

How do I know that I won't mess up this time?

• Again, YOU DON'T KNOW. You never will know, entering a relationship is like getting into something that's uncertain, all you know for sure is that you are in love and that you're vulnerable to fail at some point. You can't please every body as hard it is to please your self, you don't know when you'll mess up or when she does...but the question would be, how will you handle when she or you mess up during the relationship? How quick are you to judge? How quick are you to listen? How quick are you to forgive?
• If worse comes to worst, that's when one of you will say, "We need to talk..." that would be the scary part, better prepare...

I can't answer the rest, I dunno the answers...if you think you know, lemme know...

Read More