RSS
Hackers Find Way To Hit Hushmail
from the back-door dept
Hushmail, the web-based email service that boasts "total security," just got a dose of insecurity. Apparently someone hacked into Hushmail's domain name registrar, Network Solutions, and redirected the website to a staged site with graffiti. The company says no data was compromised, but even a minor security breach looks pretty bad when security is your raison d'etre. Just goes to show that maybe you can never be too paranoid when it comes to securing your computing experience, as Mark Burnett writes in his column. He admits that his precautions might be extreme (50-character passwords, anyone?), but that they can't hurt either. Sometimes, they even deter new, unanticipated threats. In other words, even super-secure email services are susceptible to attack and might benefit from other means of protection.
4 Comments | Leave a Comment..
- Leaked Memo Confirms Apple, Nokia & RIM Gave Indian Gov't Backdoors
- VW Will Block BlackBerry Email When People Are Off Work. Isn't That When It's Most Useful?
- Former Tunisian Regime Goes Beyond Spying On Internet Traffic... To Rewriting Emails & More
- Email Is 40 Years Old
- New US Postal Service Ad Campaign: Email Sucks, So Mail Stuff Instead
Reader Comments (rss)
(Flattened / Threaded)
can't hurt?
I disagree -- even if it's a 50 character password, you still need to throw non-alphanumerics in there (to avoid dictionary attack). At that point, in order to remember a 50 char password, it's going to have to be written down somewhere, or in some way obvious (otherwise you'll lock yourself out, too). So it could hurt.
Really, what's needed (and has been mentioned here before) is a combination of a good password of reasonable length (10 chars?) PLUS some personal identifier (bioinformatics, one of those hardware devices with a constantly changing key (drawing a blank on what they're called)).
[ reply to this | link to this | view in thread ]
Hushmail Attacked? Nah...
[ reply to this | link to this | view in thread ]
Re: can't hurt?
The only reason to put non-alphanumerics in your password is because a paranoid password program requires it. People naturally assume that a password needs to be a variation on a dictionary word in order to remember it. This is not true. Type the string "cde34rfv" and you'll see what I mean. The position of the keys makes it easy to remember and it doesn't appear in any dictionary. The 3 and 4 are completely optional, I might just as well have used "cderfvbgt". You can think of times your fingers "knew" a familiar password your mind had forgotten. The sequence of keypresses is what is remembered best, the decoded mnemonic information such as your dog's name is secondary.
[ reply to this | link to this | view in thread ]
Re: can't hurt?
They not only cover known words, but the passwords you describe are also covered as "words". Its all about likely combinations, and frankly, your method is a VERY LIKELY combination.
So you might want to go rethink those passwords.
[ reply to this | link to this | view in thread ]
Add Your Comment