Gmail Paranoia #

Max Mansick über die Sicherheit von E-Mails per se als das eigentliche Problem.

There’s been some recent buzz about how it’s bad that Google is „reading“ the email of Gmail users. Google examines email algorithmically to power its targeted advertising in Gmail. This practice would be worth worrying about only if email was otherwise secure it’s not and if it was likely to hurt users it isn’t. Ironically, switching away from Gmail could reduce, not enhance, email security.

Dennoch heißt es im letzten Absatz:

With that said, I think it’s a bad idea to use a address (or any other domain name you don’t own). If Google – or your email service of choice – does turn evil or shuts down, at best you have to change your email address, and at worst they own a critical part of your online identity.

Doch richtig gehandelt! #

Reisen nach China in Zeiten digitaler Spionage #

Die New York Times berichtet über das Reisen nach China in Zeiten digitaler Spionage.

When Kenneth G. Lieberthal, a China expert at the Brookings Institution, travels to that country, he follows a routine that seems straight from a spy film.

He leaves his cellphone and laptop at home and instead brings “loaner” devices, which he erases before he leaves the United States and wipes clean the minute he returns. In China, he disables Bluetooth and Wi-Fi, never lets his phone out of his sight and, in meetings, not only turns off his phone but also removes the battery, for fear his microphone could be turned on remotely. He connects to the Internet only through an encrypted, password-protected channel, and copies and pastes his password from a USB thumb drive. He never types in a password directly, because, he said, “the Chinese are very good at installing key-logging software on your laptop.” #

Neujahrsvorsatz 2012: Endlich bessere Passwörter #

Ben Gross, immer für fundierte Artikel zum Thema Sicherheit gut, plädiert für bessere Passwörter als Neujahrsvorsatz 2012. Was mich am meisten an seinem Beitrag schockiert, ist wie schnell Brute-Force-Attacken mittlerweile sein können.

Realistically, it’s getting to the point where unless you have a pretty fantastic password, if your password is in a database of poorly hashed passwords then someone with a bit of time can discover it. Why is that you might ask? Whitepixel the purveyors of fine open source GPU accelerated password hashing software report that it currently achieves 33.1 billion password/sec on 4 x AMD Radeon HD 5970 for MD5 hashes. This is fast enough to make rainbow tables (pre-computed hashes for a dictionary attack) much less compelling. If the attacker has any additional personal information this significantly increases the chance of a successful attack since so many people use bits of personal information in their passwords.

33,1 Milliarden Passwörter in der Sekunde! #

Über das Problem, Sicherheit im Internet politisch und rechtlich erfassen #

Marc Ambinder über die Schwierigkeiten, Sicherheit im Internet politisch und rechtlich zu erfassen.

We allow Google,, credit companies and all manner of private corporations to collect intimate information about our lives, but we reflexively recoil when the government proposes to monitor (and not even collect) a fraction of that information, even with legal safeguards.

Der Sicherheitsexperte Bruce Schneier hat sich schon im März die Frage gestellt: Who Should Be in Charge of Cybersecurity? #