Security from GryffonTech

Just the other day a professor showed how to exploit a weakness in the WPA protocol to gain access into your wireless network.  The easiest way to fix this is to change your network not to use WPA-TKIP protocol and just use WPA-AES. As it turns out only the WPA-TKIP is affected in the exploit. The AES protocol is just a bit slower then TKIP but it should be unnoticble to most users.  As is always true keep your passwords random and long as well.

Originally when the internet was in its infancy one of the drawing features was the anonymity that the internet gave users, for the first time for many people they could write articles, ask questions, complain about there governments all without fear that it was going to be traced back to them. Today a lot of that has been taken away from us, we no longer can browse the internet, post articles, or let others know of the atrocities our government has done with out fear that the government or others will track it back to us (using our IP address and ISP logs).

Some of this Anonymity can be regained though and the best solution (easy & free) that I’ve found is using the tor network, although not perfect its been around a while and the network seems proven.

https://www.torproject.org/

TrueCrypt version 5.1 is out now, it now has full support for hibernation with full disk encryption as well as some performance tweaks.

This new version of TrueCrypt is excellent. It is now truly cross-platform (ver 5.0 added support for mac) and has added whole system disk encryption. If you are not familiar with TrueCrypt let me brief you on it.

1. TrueCrypt creates storage areas that are very secure and with an excellent graphical interface that is easy to use for the novice while not being annoying to the experienced. You do not need to know or understand encryption to be able to use it effectively.
2. There are different ways you can create the secure storage areas that TrueCrypt uses.
   • File storage: Create a file on an existing drive, anywhere you want on the filesystem. (recommended for 1st time users)
   • Create a secure drive partition: This is faster then the file option but slightly more complicated for some people to do.
   • System drive encryption: Encrypts a whole system disk, including the operating system and everything under it, you just supply a password when your computer boots up and truecrypt takes care of the rest. TrueCrypt even takes the extra step of burning a recovery CD in case something goes wrong with your boot partition.
3. For all but the system drive encryption, you simply use TrueCrypt to mount the file or partition as a new drive (for example drive z:) this makes it easy for all programs to interact with the data that is encrypted inside just as if it was a normal drive.

TrueCrypt’s speed even with thier excellent encryption is top notch, I have never seen another program come close to TrueCrypt’s speed to deal with large amounts of data quickly.

• For Steve Gibson’s excellent review and testing of TrueCrypt please visit http://www.grc.com/securitynow.htm and check out Episode #133
• Bruce Schneier’s blog post on TrueCrypt (done before ver 5.0)

Today it is impossible to remember all the passwords that you need to use to access e-mails, computers, servers, and other services. This is only a further problem if you use secure passwords that are different for each service that you login to. This flood of needed passwords mean that many people either write them down or even worse, use the same password for all sites. This is not secure because often times people sign-up for a new service without really knowing that service (its security etc). This site might not keep the user passwords as safe as they should, or even worse the service, or someone managing the site, might be dishonest and use that password to try and gain entry into your e-mail, bank account, etc. There thankfully are a few things you can do though that don’t decrease your security.

• Use an encrypted file to store all your passwords. (You never want your password files to be stored unencrypted)

• Simple.
• You can easily create long passwords that are cryptographically secure and do not have to worry about remembering them.
• You have to remember a password for the encrypted file still.
• requires you to use some other program to create the encrypted file.
• Disadvantage: programs that create encrypted files often do not securely erase the plain unencrypted file.

• Use a program that securely manages your passwords.

• You can easily create long passwords that are cryptographically secure and do not have to worry about remembering them.
• You do have to remember a password for the program.
• Two programs I recommend for this are Password safe, and KeePass. Both are open source.

• Use a master password and mix in some aspect of each service/site that you use into it.

• For example if master password was “9876543″ then your password for gmail might be “987-g-5643-mail”, or what ever was easy for you to remember.
• This has the disadvantage that if one of your passwords were seen in the clear that the attacker might be able to easily see what you are doing and guess your other passwords; however most of the time your passwords are not what are being stored by a system, normally only the hash of your password is stored and then re-calculated and compared, meaning that even if the database of passwords from some site was stolen the attacker would not be able to see your actual password used, and thus not access other sites easily. Also it avoids the password being easily guessed by dictionary attacks while remaining easy to remember.