Whisper32 - Securing and Remembering passwords for you.

 To kick off the new Tools category I would like to promote a great tool that I use on a regular basis called Whisper32. Whisper is a password manager and a pretty simple one at that. I know, you’re thinking, who needs simple? I want a password manager that also, emails, saves bookmarks, prints, and brews my coffee.  …what?  Sometimes it’s nice just to have a program that does one thing well. Whisper is great because it does just that. It has a small footprint, so feel free to take it with you on a usb drive. The database file itself is password protected by a master password and you can create multiple master files. I use multiple password files for internet accounts, local domain accounts, and financial accounts, all with different master passwords.

Whisper allows you to keep your passwords/accounts safe, secure, and in one place. An invaluable tool for anyone that is conscious about password security.

Here are some screenshots:

  

You can download the program here.

 

 

Let us know what you think of this tool and feel free to suggest your own password manager.

Securing your Passwords

Password Security Explored

In this article we will discuss the security issues surrounding passwords. We will show how passwords can be compromised, how to ensure you maintain a good password set, and we will provide links to tools that can be used to audit your passwords’ effectiveness.

A password is usually the first and sometimes the only security defense guarding sensitive data. With all of the modern tools and technology that your business or home network may employ, the password can act as a “window” in a largely inpenatrable fortification. As a systems administrator, I feel that a compromised password may not be a top priority for your IT staff. Large and mid-size companies have other measures in place to protect the sensitive corporate data. A compromised password may effect you more personally though. Because your password is the primary security measure in place, if someone can gain access to your password(s) they can have access to all of the information that password protects. In most cases a person’s password is the same from business to home, which can translate to total access of your personal information. The intruder could then gain access to your business/personal contacts, they can run malicious programs that “sniff” out other passwords (i.e. email, financial) and they can do all of this undetected because you have no way of knowing your password has been stolen.

Password security, like network security, is more of a philosophy. For your password to help protect you, you must help protect your password.

First let’s discuss choosing a password. Since a password is so important to your overall security it should not be chosen in haste. I would highly recommend using a password generator. Password generators create a random password that consists of letters, numbers and symbols in no distinguishable order. These generators can be downloaded to your computer or usb drive, there are also some on-line password generators. At the bottom of this article I will provide links to some well known password generators.

If you choose to create your own password you should keep the following in mind:

• Choose a seemingly random set of letters, numbers and symbols while varying the case. (i.e. TXUu39!Q$66)

• Choose a lengthy password roughly between 8 and 12 characters

• If you have many password protected accounts, choose a password that can be decramented. (i.e. TXUu39!Q$66 -yahooID, TXUu39!Q$65 -googleID, TXUu39!Q$64 -workID)

• Which brings me to my next point … pay attention, this is important … Do NOT use a universal password! If the password to your workID account is compromised then all of your accounts have been compromised. You don’t use the same key for your house, car, and lockbox, do you?

• Finally, memorize! Don’t write your password(s) down and don’t write down an obvious hint. Simply say your password in your head for a while and memorize it.

Next, let’s take a look at what the Bad Guys are doing to compromise your passwords.

Most people today that have a computer also have some sort of Anti-Virus software installed. This software protects you from a variety of viruses and malware programs, including some of the favorite programs used by attackers … Keyloggers. These nifty little programs contain a very small footprint on your system resources and can run in the background collecting all of your keystrokes, web pages visited, and sometimes programs launched. Keyloggers are definitely one of the best ways to spy on a user or set of users on a computer. Keyloggers do not have to be programs run on your machine either, attackers can actually attach a hardware keylogger to the back of your computer (plugged directly into your keyboard port). Needless to say not many people (at least marginally sane people) check the back of their computer everyday for keyloggers! Other methods of obtaining your passwords can be a little more sophisticated, like: wireless traffic sniffing, dictionary attacks, man-in-the-middle attacks, memory image forensics, and much more!

By this point you are probably getting a little paranoid, if you’re not then you should be. These methods I just mentioned and the tools that employ them are being distrubuted over the internet freely and for the use of many different skill sets. Some of these hacking tools have become as easy as clicking a button. So you might be asking yourself, “How do I protect myself from these types of attacks?” The short and disturbing answer is “you can’t”, but that is a result of only the most determined attackers. For the casual kid in the basement attack there are some things you can do to protect your passwords.

Here are a few:

• Create a good password (as mentioned above)

• Don’t share your password with ANYONE

• Change your passwords regularly

• For those of you afraid of keyloggers, try filler characters. If you are entering your password “flower81″ start by typing “fl” in the box, then click away and type rubish “asdkf;lkj” then click back into the box and finish with “ower81″. If a keylogger is present your password will look like “flasdf;lkjower81″.

• Do not go to sensitive areas (like bank websites) when you are unknown or “coffee shop” networks.

• Always look for the “https” or secure lock icon on your browser when entering sensitive areas. (Https means your communication is encrypted)

• Always lock your computer or laptop before leaving it.

• Don’t use important dates or names for passwords.

• I’m going to push this one again … Memorize your passwords!

Following these rules can help deter attackers and help protect you from potential headache or worse, Identity Theft!

As I promised, here are a few links to some great password applications.

Online password strength tester: Microsoft Password Checker

Online password generator: www.techzoom.net/security-password.

Password generator and safe: Keepass (Highly recommended!!)

Secure your communication: PGP

Secure your data: True Crypt

Enjoy!

Protecting your Identity

Identity Theft

Protect whats yours, don’t be another statistic.

” To secure your identity is to alter your way of thinking, a cautious and inquisitive mindset will help you protect your personal identification. “

What are thieves looking for? - Identity theft is almost always a crime of opportunity.

• Account Information. (i.e. numbers, maiden names, card types, pin numbers, exp. dates)

• Social Security Numbers.

• Drivers License.

These are the three basic needs of any identity thief, however, it is important to note that any one of these may lead to troubling times. Identity theft is becoming easier and more abundant because thieves are using the internet to exchange information and sell your identity.

Ways your identity can be stolen. - Most people don’t know their identity has been stolen.

• Internet Phishing Scams - Rouge websites posing as valid sites to gain your account information.

• Credit Card “Skimmers” - Small devices that can scan a credit card and retrieve all needed information from it. This can be used to duplicate credit cards.

• Phone or Email Inquiries - Someone calling or emailing you wanting you to verify account information.

• Computer “Hacking” - Hackers these days are not looking to just mess with your internet site or steal your meeting minutes, hacking is big business, they want some reward for their effort. It is more likely if a hacker is attacking you or your company they know what they are looking for and they know it will produce some value for them. Internal computer hacking is a much bigger threat than a random person on the internet.

• Your Person - You are sometimes the primary cause of identity theft. Keep only the nessacaties in your wallet or purse. Be conscious of your surroundings and your situation. Don’t be quick to give out information just because they ask for it. (i.e. You don’t need to give out your phone number to buy some batteries!)

Analyze the way you think, be conscious of your situation and only give out information if it is necessary. Be proactive in protecting your identity, practice it, and make it routine.

How you can protect yourself.

• Ask Questions - Don’t think that the phone company needs your social security number, ask them why. Some compaines such as financial institutions need it to run a credit report, other compaines gather this information as a convenience or for their own account verifications.

• Keep a separate CC for online purchases - I recommend that everyone has a separate card with a small limit, strictly for online purchases. If your card number is ever stolen, you know your purchases and your card limit will not effect your credit score.

• Have an IT professional help secure your network - An IT professional will be able to find security holes that you may not be aware of, remember it is their job to stay current with technology.

• Internet Consciousness - Don’t reply to rouge emails, watch out for insecure websites. If you are making a purchase or checking your account information make sure the site is secure (https://) and there is not a certificate violation.

• Check your financial records - Check your bank statements each month, look for unusual purchases. Online banking has made it easier to check your purchases with real-time updates. Be aware of your credit score, monitor it regularly, monitor it regularly, monitoring does NOT lower your score.

• Protect your documents - Keep your important documents in a secure place, like a lockbox or safe. Destroy your mail, shred any evidence of your existence in your mail. Don’t let a dumpster diver find you. Secure your laptop and thumbdrives, these portable devices can sometimes contain very personal information about you or your company, make sure they are readable by you only.

” There are an infinite number of ways your identity can be compromised, protecting it starts with you. “

10 Ways to Secure your Computer

Top Ten Ways to Secure Your System

1. Use anti-virus software and update it regularly.

If you have a PC, antivirus software is a must. Many companies offer antivirus software and some are even freely downloadable.

2. Keep Windows and your other software current.

Keeping your OS and your software up-to-date is crucial. Many patches and vulnerabilitie fixes that can pose a major threat to your software are offered through updates.

3. Strengthen your passwords.

Creating a hard to guess password is, in most cases, the first and only line of defense against an attacker. Try not to use passwords that have significant value to you. There are many random password generators on the web, but if you create your own then be sure to use letters, numbers and some special characters.

4. Enable your Windows firewall or a third party firewall.

Firewalls are used mostly to block ports and malicious internet requests. In most cases using a firewall will hide your existance on the internet from would be attackers. If you use a router you already have a firewall.

5. Use anti-spyware software.

If you are an internet web surfer then you need anti-spyware software. Spyware programs are the annoying programs that tend to make your internet experience and your computer slower. Collecting a bunch of these programs could lead to an alomost worthless computer. There are many free anti-spyware programs on the web.

6. Be cautious of installing computer software from unknown sources.

A big portion of the spread of viruses and spyware today is due to users installing software they “found” on the internet. While the software may look appealing and useful, it may contain viruses and malware code.

7. Be cautious of downloading email attachments from unknown sources

Another great way to transmit viruses and worms is by downloading email attachments from unknown sources. Rule of thumb: if you are not expecting an attachment, don’t open it!

8. Encrypt or password protect your files.

This is especially true if you own a laptop or a thumb drive. A great way to do this is by downloading the free software called True Crypt. I use it and it works great!

9. Secure your wireless connection.

If you are connected to a network wirelessly this step is a must. Without wireless security features such as WEP or WPA-PSK, you are leaving your internet transmissions open for capture. That’s right! By not using wireless encryption methods, hackers can use techniques to “listen in” to your internet browsing. They can gain passwords, account numbers, and other personal information.

10. Back Up! Back Up! Back Up!

I hope we got our point across. Back up’s are extremely important and can save you from a major headache and heartache. Just think of your impressive music collection or all of your priceless family photos … gone in a flash! If just the thought of this doesn’t set you running for an extra hard drive, then the what about all those hours of financial data you’ve set up in Quicken or Money? Your best bet is to find a back up solution and stick with it, trust us.