One thing that I’d like to point out though, it does not take a genius to create a strong password, which for all accounts and purposes there is no such thing. It gives as much protection as a locked door knob to your house. It gives you a layer of protection, but not the protection. Just like a door knob, it can help prevent casual intruders, but not those who are really intent in breaking in. But, I digress.

In any case, I figured I give a quick comment on this matter since this somehow ties in to what I do for a living and what I preach to users practically on a daily basis.

First point of fact: It does not take a genius, knowledge of nuclear science or for that matter hours of deliberation to create a strong password. Typically a password with 8 characters utilizing 3 of the 4 types of characters in your keyboard is often sufficient.

Password1 is a strong password. Although I would not recommend using this password exactly, it meets the requirements I stated above. It has more than 8 characters, uses the upper case letter, lower case letter and a number, 3 of the 4 types of characters required. To make this password even technically stronger, add a special character, i.e. !Password1.

Now was that hard?

Second point of fact: even if your company requires you to change your password regularly, you don’t need to build a special database to maintain all these passwords. Going back to our Password1 example, if you need to change it, develop a simple system that will be easy to remember and follow. In this case a simple change, such as Password2, will often be sufficient. So all you have to remember is that you changed your password to the next number up. Many companies only prevent users from re-using passwords within the first three changes, so if your company requires a password change once very quarter, you can rotate from Password1 to Password4 every year: Password1 for the first quarter, Password2 for the second quarter and so on.

Now was that too time consuming?

Third and final point of fact: Companies and organizations who require password set-ups far and above what I mentioned above, i.e. requiring passwords 14 characters long, requiring all 4 character types used and not allowing reuse of passwords even after 4 or more changes (yes I’ve run into policies like these) are who this article should be referring to. In my personal and professional opinion, these policies, for a lack of a better word, are moronic policies and do not provide the organization with better benefits or security. They often tend make the organization more insecure as users will find ways to circumvent these rules like writing it on a post-it note and pasting it on the monitor. How many of you have passwords written behind your keyboard?

So what do I do personally?

Personally, I maintain only three password combinations and don’t change them unless I really have to. If I have to, I typically just do the slight variations that I mentioned above and no, Password1 is not one of them.

To read about the research by Cormac Herley mentioned in the article: The Rational Rejection of Security Advice by Users.

On a side note, I just found it peculiar that the research was sanctioned by Microsoft, a company well-recognized for their vigilance in maintaining the security of their products.

Review

Ray Guidone, “I feel the author has done a good job of keeping the text simple and well directed.”
–This text refers to an alternate

Paperback
edition.

Information is traveling faster and being shared by more individuals than ever before. Information Technology Project Management, Sixth Edition offers the “behind-the-scene” aspect of technology. Although project management has been an established field for many years, managing information techn (more…)

I don’t know if you’ve heard of David Pogue, New Technology Columnist for NyTimes.Com. His website is aptly named: DavidPogue.com. I first got turned on to him (no he did not turn me on ) when he did the keynote for a marketing conference I attended in Las Vegas about 2 years ago. The man has proven that he had the gift for writing, the gift of gab, he delivers his stuff in a very down-to-earth and funny fashion (both in text and in speech) and as he demonstrated in that keynote speech, he got musical skills, too. He explained that Music was actually his major in college and becoming one of the most recognized and respected tech reviewer in the web today is quite a feat indeed.

But that is not what earned him the Yeah Boy from me this week. The Yeah Boy was due to an article he wrote in New York times entitled: Free Speech (Recognition).

Okay, the Yeah Boy was not from his little joke about Palm and Dragon Naturally Speaking or his review of the iPhone App from Nuance (Dragon), but rather from this little snippet:

If you look at the reviews for this app on the iTunes store, though, you’ll be astonished–there are over 1,000 one-star reviews! What’s going on? They’re not judging the app on its design or effectiveness, that’s for sure.

Instead, people are freaked out by that “your audio is converted by Nuance’s servers” part. They think this is a privacy violation. They fear that someone at Nuance might listen in to the audio. (Nuance says nope, it’s just a bunch of computers, maintained in a secure facility, and the audio and transcriptions are not saved.)

They’re also alarmed by the welcome screen’s note that the names in your address book are uploaded to Nuance, too. Eeks! Nuance will know the names of the people we know!

This piqued my attention, because of two reasons, (1) I was just reading a whole bunch of stuff about Facebook and Privacy last night and how freaked out some people were about how Facebook is very intrusive to their privacy and have been described as a tyrannical big brother (not the exact words, but essentially that’s how I took it), and (2) This sounded so familiar and I just can’t put my finger on it, and then….

OK, first of all, this business of your audio being sent to Nuance for transcription rings a very familiar bell. Remember the Gmail brouhaha? When Gmail debuted, it offered a fantastic e-mail account, paid for by small text ads on the side whose subjects are matched to the e-mail contents.

At the time, everyone was hysterical about the supposed privacy violation: Google will be reading my e-mail! Of course, no humans were looking at your e-mail. It was just a bunch of servers analyzing keywords. Today, everybody’s forgotten all about it. But now the issue rises again with Dragon Dictation.

As for the names in your Contacts: they’re sent to Nuance so that the app will recognize the names when you dictate them. No other information (phone numbers, e-mail, addresses, etc.) is transmitted.

Ahhh. Yes. The “Gmail brouhaha.” Whatever happened to that concern? And is Yahoo! Mail or Hotmail any different? How about your DSL or cable e-mail? How about that e-mail address that your company is hosting on that $7.99/month webhost? Hmmmm…. Are they more benign than the evil people at Google? Anyway, Mr. Pogue continues:

What I don’t understand is: Why don’t these same people worry that Verizon or AT&T is listening in to their cellphone calls every single day? Why don’t they worry that MasterCard is peeking into their buying habits? How do they know Microsoft and Apple aren’t slurping down private documents off the hard drive and laughing their heads off?

I mean, if you’re gonna be paranoid, at least be rational about it.

Uhmmmm…. So… How’d you like them apples? Folks unless you become a hermit and move to the top of Everest or dive and hide into the deep trenches of the Marianas or simply disappear from the face of the planet, have a name change and have plastic surgery and stop using every single modern ammenities i.e. the Grocery Store, Your Credit Card and what-have-you altogether, you’ve already either knowingly or unknowingly given up your privacy for someone else to control in some form or another. How do you differentiate which of these companies are benign and which are malicious? I sure can’t think of one specific answer or can’t see any silver bullet solution. Simply put this is the price we all pay for the convenience inter-connectivity provides us.

The main driving force on how privacy is handled in the Internet does not really rely on the law (seriously regulators and policy makers are light years behind with what is happening) nor that it truly relies on the so-called Privacy Policy of the company or the third party audits that some of them are supposed to go  through (see Trust-e). It all comes down to TRUST and to you. It all comes down to whether you will trust a certain company or organization to handle your private information properly. It is up to you if you will trust a company with the Trust-e logo, or Nuance, or Apple or Facebook or Google and trust them that they will respect the privacy settings that you set-forth in your account and trust them not to snoop into your private conversations… If you don’t trust them, well don’t use them, but really don’t be a doomsday prophet about another company when you can’t even tell if the system you are now using actually is truly secure and trustworthy…

So log on, resistance is futile… And Mr. Pogue, YEAH BOY!!!

Yah Suck of the Week.

First off, for the record, I have never really been a Microsoft Hater despite how many techies out there who live and survive at bashing Microsoft. I’ve always thought that Microsoft is good at what they do and what they’ve done is to provide a good majority of us with a simple way to work with computers. Really who among you can write a bash command faster than I could right-click for the properties of the document? Nuff-said…

Then the common attack of MS-bashers  is the security flaws of its products. Well, the answer to that really if you look at the big picture is that being that MS controls the PC and the Server Market, they are a big target and any flaw is noticed fast since it affects a whole bunch of people and organizations. We don’t see this with other products like Linux or Unix or Apple because it only affects a few and low bang-for-the-buck for the hackers. A little geek tour for you folks and visit the National Vulnerability Database, which is the main repository for reporting flaws and vulnerabilities of every major software out there. If you do some searches you will notice that you will find about as much if not more vulnerabilities on Linux and other OS than that of Windows. Okay enough of that.

Last point is usability and cost. MAC really I am a fan, but damn you are expensive. Linux, yes you are cheap, but damn you are a pain to set-up. Moving forward…

So after all that why do I give Microsoft a Yah Suck! Well first I still could not get over Vista. Really that OS gave me Windows ME flashbacks and still is. But I guess, they now have Windows 7, which I got a chance to place with the beta version and Yes in my view Windows 7 Beta performed a whole lot better than my current version of Vista.

But Vista is old news. What made me give them a Yah Suck is what I discovered this week.

Really Mr. Ballmer with all the money Microsoft has, you can’t put some resources to clean-up what could be a very useful resource for your user base? Dude, simply put, YAH SUCK!!!

Anyway, an unavoidable facet of blogging or the Web 2.0 framework in general, wherein the web publisher allows their visitors to submit entries such as comments, is the fact that you will be dealing with a lot of spammers who will use every trick in the book to exploit your system. This blog is no exception. I do, however, care and try to monitor and try my best not to let spammers inundate this blog with useless crap.

It is a standard practice for all Web 2.0 systems developers to provide some form of spam protection in their system and it is wise for the users of these systems to utilize these protections in order for them to avoid getting their site inundated with junk and their mailbox with even more junk.

I am not sure if the company well-known for their efforts on ensuring security , Microsoft, missed this simple concept or they simply don’t care. In the past two days that I have not worked on this blog, I received several comments on one of my entries and to my disappointment , they are not from fans of this blog but from spammers…

One of the items that I found interesting in this spam entries, however, was the URL that they were using: http://social.technet.microsoft.com/Forums/en/ucccommunitygovernance/thread/<and-some-gibberish-link>

Yes this is the link the the Microsoft’s Technet forums. Technet where most Microsoft Geeks go to figure out how to battle the Microsoft gremlins that pops-up everytime the tech giant runs an update … At first I thought that the URL was simply spoofed, common practice used by Phishers. But as I look further, it is a valid Microsoft link. So I followed the URL and I landed on a spam site. I backtacked the links and ended up here.

Yes ladies and gentlemen most if not all the forum topics in that site will lead you to a spam site… Attention Mr. Ballmer, I didn’t know you love spammers so much… I don’t remember even Bill Gates being this sloppy. It is one thing when it is happening in MSN or other Microsoft run community sites. It is an almost accepted menace, but FOR CRYING OUT LOUD, this is a tech site. A RESOURCE FOR PEOPLE WHO FIXES THE DAILY PROBLEMS YOUR SOFTWARE BRINGS!!! And even that site now brings more problems…

WAY TO GO MICROSUCK!!!

Ok in slight fairness to Microsoft, they are not the only site that is supposed to provide a community and resource, but is left alone to become a hub of spammers. This is one example… Moving forward, I’ll try to monitor sites like this and will report as I find them… Will also report if anything else changes…