The weak password problem : Now solved????

1.    We are part of the first phase of IT revolution across the globe where every thing is happening....methods to secure...methods to hack....stronger and powerful servers....patching vulnerabilities....fighting malware....analysing stuxnets genre...and what not....every thing is happening.....now the following text (org from http://lanl.arxiv.org/abs/1103.6219) opens another dimension to make the passwords secure.....

"Vulnerabilities related to weak passwords are a pressing global economic and security issue. We report a novel, simple, and effective approach to address the weak password problem. Building upon chaotic dynamics, criticality at phase transitions, CAPTCHA recognition, and computational round-off errors we design an algorithm that strengthens security of passwords. The core idea of our method is to split a long and secure password into two components. The first component is memorized by the user. The second component is transformed into a CAPTCHA image and then protected using evolution of a two-dimensional dynamical system close to a phase transition, in such a way that standard brute-force attacks become ineffective. We expect our approach to have wide applications for authentication and encryption technologies."

2.    Thanks http://lanl.arxiv.org

Biggest release of Patch update by MICROSOFT

1.    Patches by MS to be released today are said to be the biggest and largest batch of updates by Microsoft since Oct 2003.According to Microsoft, this batch will be the LARGEST in its history with no less than 16 security updates designed to address a total of 49 vulnerabilities in Windows, Internet Explorer, MS-Office and the software giant's .NET Framework.

2.    All this effort and size of the patches by MS reflects how vulnerable each one of us remains to the hacking and leak of personal info in wrong hands....the batch of updates will include Windows 7 critical updates,updates for Internet Explorer, MS -Office 2010.And all those happy using the pirated copies of OS across remain as vulnerable as they are already....

RISK MANAGEMENT : Beware while u update with Patches

1. A zero-day exploit as discussed at an earlier post in this blog .....Some thing more to it...

2. A good extract straight lift from Infosecurity-magazine.com

"For a vendor, developing the update is not the part that takes time – testing is. We have more than 600 million downloads when we publish an update. If we “just” break 10% of the systems the update is installed, it would be a huge denial of service. So testing is the name of the game. How well is an unofficial patch tested?Often the vendor publishes workarounds (at least we do). This should be part of your risk mitigation strategy. Would the workaround be acceptable to buy you time?

How far do you trust the author of the unofficial update? How big is the risk that the update comes with pre-installed malware? The question immediately comes up: Why should we trust a vendor? Well, you bought or downloaded the software at the first hand – so, you decided to trust the vendor at the beginning.

What do you do once the vendor releases an update? Can you de-install the unofficial update?

Basically, it is a risk management decision, which should include at least the questions I raised above. Do not just run for the unofficial update – to me it should be really the last resort, if even!"

3. A good site to follow : Check out http://www.infosecurity-magazine.com