December 28th, 2006 by 
mbIn my last post I mentioned that few passwords contain uppercase letters. I also did some further study to see exactly how people use uppercase letters in passwords.
Posted in Passwords | 
No Comments »
December 28th, 2006 by mbI thought I would start sharing some of the statistics I have gathered over the last five years researching passwords. One area I found interesting was the use of character sets. I have long said that password length is the single most important factor in password security, but character diversity certainly does play an important role.
Posted in Passwords | 1 Comment »
December 14th, 2006 by mbWith Microsoft’s ongoing improvements to the patch management process, you may find yourself letting automation take over on patch Tuesday. I sat down at my PC this morning and saw that it had rebooted because it automatically installed new updates. Although I spent half the day yesterday writing patch reports for several clients, I forgot to apply the patches on my own system. The fact is that nowadays you can get away with doing that.
Posted in Hardening, Patch Management | No Comments »
December 10th, 2006 by mbI am constantly frustrated with poor security implementations I see all around the web. Often, these mistakes could be avoided by never breaking the simple security rules. One of these rules wrote about in my book Hacking the Code is that you should always ask for the username and password at the same time. This prevents others from harvesting user names from your login process. User names normally are not secrets, but if someone had collections of usernames from say, banks, they could launch more effective and targeted phishing attacks.
Posted in Application Security | No Comments »
December 8th, 2006 by mbI recently ran across this tool I made for a client several years ago and thought I would share it. It’s basically for those times when you need a little privacy but there are too many peeping eyes around. Just pop open squint and it makes it hard to see the screen unless you are fairly close.
There’s really not much to the program. A single click alternates between opaque and transparent states and a double-click brings up an options dialog.
You can download the file here
Posted in Privacy, Tools | No Comments »
