FBI Hopes Hard Drive Will Shine Light on Conn. Shooter’s Motive

FBI Hopes Hard Drive Will Shine Light on Conn. Shooter’s Motive

FBI Hopes Hard Drive Will Shine Light on Conn. Shooter’s Motive

Posted: 20 Dec 2012 10:24 AM PST

More information »

Desperate Convenience:  Login with Facebook, Google and LinkedIn

Posted: 20 Dec 2012 06:28 AM PST

Is your management thinking about allowing people to login to your precious systems by using their Facebook, Google or LinkedIn accounts? What are the risks? One consideration is password policies. I experimented to find out what were the effective password policies in place: Site Minimum Characters Reuse? Trivial? All lower-case? Expiration FaceBook 6 Yes No Yes No Google 8 No No Yes No LinkedIn 6 Yes No Yes No All 3 prevented the use of trivial passwords such as 123456. However, all accepted a password consisting only of lower-case letters, and none of the services seems to implement password expiration, at least not in a reasonable time frame (1 year or less). Password expiration is necessary to protect against password guessing attacks, because given enough time a slow trickle of systematic attempts will succeed. The weaker the other password requirements and protections (e.g., number of tries allowed/minute) are, the quicker the expiration period should be. In my opinion, all 3 have weak password policies overall. However, if you *must* have a "login with your X account" feature, I suggest using Google's service and not the others, at least when considering only password policies. Google has the best policy by far (potentially thousands of times stronger), with 8 characters and not allowing the re-use of previous passwords. After 16 login failures, Google presents a captcha. This struck me as a large number, but FaceBook allows an even greater number of attempts before blocking (I lost count). On Facebook, you can continue login attempts simply by clearing the Facebook cookies in the browser, which effectively provides an infinite number of login attempts and a great weakness towards password guessing attacks. But then, clearing the browser's cookies also bypasses the Google captcha... How disappointing. LinkedIn is the only one that didn't lose track of login attempts by clearing browser cookies or using a different browser; after 12 failed attempts, it required answering a captcha. So, if you must have 2 login services, I would suggest Google and LinkedIn, and to avoid Facebook. Other considerations, such as the security of the login mechanism and trustworthiness of the service, are not addressed here.

Career Bobs

Posted by Rohan ingale at 1:06 AM 0 comments

Looking for fail2ban++

Looking for fail2ban++

Looking for fail2ban++

Posted: 19 Dec 2012 09:00 AM PST

If you're looking for a worthwhile project, here's something that could benefit most security practitioners. The application "fail2ban" has been extremely useful in blocking sources of undesirable behavior such as brute force attacks on password mechanisms, spammers (by hooking it up to your mail server's rejection log), as well as hostile vulnerability scanners. However, it only works for IPv4. Discussions (and patches) I've seen to make it work with IPv6, unfortunately focus on making it understand IPv6 addresses, and miss an important point. With IPv6, entities, even home users, will have large networks at their disposal. As a result, it may be futile to block a single IPv6 address. However, blocking whole IPv6 networks with the same threshold as a single IPv4 user may block legitimate users. I need a program that will work like fail2ban but will allow progressive blocking, as follows: If undesirable behavior is observed from IP addresses within a network of size N past threshold T(N), block the entire network. This would work with multiple network sizes, starting with singleton IPs and scaling up to large networks, with the threshold increasing and being more tolerant the larger the network is. How the threshold changes with the size of the network should be configurable. A corollary of the above is that when we'll move to IPv6, as some service providers have already done, password strength, and the strength of secrets and applications in general, will have to increase because we will have to be more tolerant of undesirable behavior, until the threshold of the attacker's network size is reached. This will of course be likely a lot more, and at a minimum the same, as what we tolerate on IPv4 for a single address.

Career Bobs

Posted by Rohan ingale at 1:11 AM 0 comments

Two CERIAS Faculty Named as ACM Distinguished Members

Two CERIAS Faculty Named as ACM Distinguished Members

Two CERIAS Faculty Named as ACM Distinguished Members

Posted: 18 Dec 2012 10:43 AM PST

Tony Hosking, (Associate Professor - Computer Sciences) and Ninghui Li (Associate Professor - Computer Sciences and CERIAS Fellow) were named as 2012 Distinguished Members of the Association for Computing Machinery. More information »

Career Bobs

Posted by Rohan ingale at 1:14 AM 0 comments

How to Use an iPod Touch to Control the House

How to Use an iPod Touch to Control the House

How to Use an iPod Touch to Control the House

Posted:

Do you want to use your iPod Touch to control the inner workings of your house? There's an app (or two) for that. Use an iPod Touch to control your house with help from an expert in the world of Apple retail in this free video clip.

How to Put Celtx Scripts on Your iPod

Posted:

Celtx is a lightweight, handy application that is free unless yo upgrade to the "Plus" version. Put Celtx scripts on your iPod with help from an expert in the world of Apple retail in this free video clip.

How to Text From an Android to an iPod

Posted:

Texting from an Android device to an iPod Touch requires the careful use of the right application. Find out how to send a text from an Android to an iPod Touch with help from an expert in the world of Apple retail in this free video clip.

Steps to Install TomTom on the iPod Touch

Posted:

Installing TomTom on the iPod Touch is a great way to take GPS functionality with you wherever you go. Learn about the steps to install TomTom on the iPod Touch with help from an expert in the world of Apple retail in this free video clip.

How to Change the Owner Settings on a Used iPod

Posted:

Changing the owner settings on a used iPod is a great way to personalize your new device. Change the owner settings on a used iPod with help from an expert in the world of Apple retail in this free video clip.

How to Reset Your iPod Touch Without a Computer

Posted:

Just because you don't have access to a computer doesn't mean you can't reset your iPod Touch. Reset your iPod Touch without a computer with help from an expert in the world of Apple retail in this free video clip.

How to Change the Order of Playlist Songs on an iPod

Posted:

Changing the order of playlist songs on an iPod Touch is something you can do with just a few quick taps of your finger. Change the order of playlist songs on your iPod Touch with help from an expert in the world of Apple retail in this free video cl...

What Is the Difference Between a First, Second & Third Generation iPod Touch?

Posted:

The third generation iPod Touch was very distinct in a few key ways. Learn about the differences between the first, second and third generation iPod Touch models with help from an expert in the world of Apple retail in this free video clip.

How to Configure Email for an iPod Touch

Posted:

Every iPod Touch comes with an e-mail reading application built right in. Configure e-mail for an iPod Touch with help from an expert in the world of Apple retail in this free video clip.

How to Make Applications Run Faster on an iPod

Posted:

There are a few different ways in which you can make your iPod Touch applications run faster than ever before. Make applications run faster on an iPod Touch with help from an expert in the world of Apple retail in this free video clip.

Career Bobs

Posted by Rohan ingale at 1:34 AM 0 comments

How to Use Potash & Potassium in My Garden

How to Use Potash & Potassium in My Garden

How to Use Potash & Potassium in My Garden

Posted:

Using potash and potassium in your garden always requires you to remember a few important and helpful tips. Use potash and potassium in your garden with help from a longtime gardener and blogger in this free video clip.

MAC Loose Face Powder Color Guide

Posted:

Using MAC loose face powder color always requires you to keep a few key things in mind. Get a MAC loose face powder color guide with help from a professional makeup artist in this free video clip.

How Do I Restore Old Wood?

Posted:

How you'll go about restoring old wood depends entirely on how old the wood in question actually is. Restore old wood with help from a master precision craftsman in this free video clip.

How to Get Rid of Grease Film in My Pool

Posted:

Grease film has a tendency to build up over the water in a pool, especially during the summer. Get rid of grease film in your pool with help from an experienced swimming pool and spa industry professional in this free video clip.

Career Bobs

Posted by Rohan ingale at 1:04 AM 0 comments

Marc Rogers Receives AAFS Outstanding Research Award

Marc Rogers Receives AAFS Outstanding Research Award

Marc Rogers Receives AAFS Outstanding Research Award

Posted: 16 Nov 2012 01:14 PM PST

Marcus K. Rogers, Professor of CIT and CERIAS Fellow, has been named as the recipient of the Digital and Multimedia Sciences Section of the AAFS, Outstanding Research Award. AAFS is the American Association of Forensic Sciences — the major professional association of investigators across all types of investigations. The award will be presented in 2013 at the annual AAFS meeting. Professor Rogers is an internationally recognized expert in digital investigation techniques and cybercrime. He is an innovator in this area at Purdue, working with CERIAS personnel and students on advanced research topics and certification as a national center of excellence. Questions may be directed to Professor Rogers at mkr@cerias.purdue.edu

Career Bobs

Posted by Rohan ingale at 1:36 AM 0 comments

A Comparison of an Android & an iPod Tablet

A Comparison of an Android & an iPod Tablet

A Comparison of an Android & an iPod Tablet

Posted:

When compared, an Android and an iPod tablet are similar and different in a number of interesting ways. Get a comparison of an Android and an iPod tablet with help from an electronics expert in this free video clip.

Career Bobs

Posted by Rohan ingale at 1:02 AM 0 comments

Unboxing the Logitech K760 Wireless Solar Keyboard

Unboxing the Logitech K760 Wireless Solar Keyboard

Unboxing the Logitech K760 Wireless Solar Keyboard

Posted:

The Logitech K760 is a wireless solar keyboard that lets you connect to any Bluetooth device in your home. Watch the unboxing of the Logitech K760 wireless solar keyboard with help from your friends at eHow Tech in this free video clip.

Unboxing the Nike+ iPod Sport Kit

Posted:

The Nike+ iPod sport kit is a great gift for anyone who loves to exercise. Unbox the Nike+ iPod sport kit with help from your friends at eHow Tech in this free video clip.

PC, Laptop, Tablets, Oh My: Buying the Right Computer

Posted:

The mad dash to find the right gadget to put under the tree is on.Buying a computer for yourself is no easy task; you've got to deftly navigate a confusing marketplace and ever-changing technology that risks making today's purchase obsolete in, well, about an hour. But buying a PC for someone else -- someone who...

How to Keep Kindle Keys From Fading

Posted:

You can keep your Kindle keys from fading by taking a few key steps in the present. Keep your Kindle keys from fading with help from an electronics expert in this free video clip.

How to Reset Kindle Firmware

Posted:

Resetting the Kindle firmware will take your device back to its original factory settings. Reset the Kindle firmware with help from an electronics expert in this free video clip.

Taking the Internet Off the Kindle

Posted:

Taking the Internet off the Kindle is another way of saying that you don't want your Kindle to remember certain networks. Learn about taking the Internet off the Kindle with help from an electronics expert in this free video clip.

How to Use the Share Feature on the Kindle

Posted:

Using the share feature on the Kindle is a great way to share certain types of content with others. Use the share feature on the Kindle with help from an electronics expert in this free video clip.

How to Activate the Cursor on Kindle

Posted:

Activating the cursor on a Kindle can help you better control the device with your fingers. Activate the cursor on your Kindle with help from an electronics expert in this free video clip.

How to Fix a Scratched Kindle Screen

Posted:

You can fix a scratched Kindle screen through the careful application of a few key tools. Fix a scratched Kindle screen with help from an electronics expert in this free video clip.

How to Make a Kindle Not Auto-Rotate

Posted:

The orientation on the Kindle automatically rotates depending on how you're holding the device. Make a Kindle not auto-rotate with help from an electronics expert in this free video clip.

Career Bobs

Posted by Rohan ingale at 1:02 AM 0 comments

Could Decision 2012 be hacked?

Could Decision 2012 be hacked?

Could Decision 2012 be hacked?

Posted: 06 Nov 2012 06:42 AM PST

"We work with computers all the time, we love computers… but as a result we have to understand the potential threat here. There are people who, when we raise the issue, say there's no instance [malicious cyber activity] has happened, but how do we know?" said Eugene Spafford, chair of the public policy council at the U.S. Association of Computational Mechanics and professor of computer sciences at Purdue University. "There are many incidents of malicious software and activity out there, and they can get into any system that's not properly secured." More information »

Career Bobs

Posted by Rohan ingale at 1:49 AM 0 comments

Purdue Experts on Hurricane Sandy-related Issues

Purdue Experts on Hurricane Sandy-related Issues

Purdue Experts on Hurricane Sandy-related Issues

Posted: 01 Nov 2012 01:55 PM PDT

Makarand Hastak, professor of civil engineering, head of construction engineering and management Researchers at Purdue University specialize in systems that predict how a disaster's impact on critical infrastructure would affect a city's social and economic fabric, a potential tool to help reduce the severity of impacts, manage the aftermath of catastrophe and fortify infrastructure against future disasters. The model simulates how a disaster affects elements such as bridges, roads, municipal water and wastewater treatment services, along with vital economic and social components such as employers, hospitals, schools and churches. The research includes work to determine the resilience and capacity of a community, debris management and alternate financing strategies for disaster risk mitigation, particularly for a developing nation. The work is led by Makarand Hastak, professor of civil engineering and head of construction engineering and management at Purdue University, and doctoral student Abhijeet Deshmukh. CONTACTS: Makarand Hastak, 765-494-0641, hastak@purdue.edu Abhijeet Deshmukh, adeshmuk@purdue.edu Daniel Aldrich, associate professor of political science, Disaster recovery expert Aldrich can talk about the role neighbors and community relationships play when recovering from a disaster. His research shows that people who have stronger individual friendships, community connections and civic involvement are more likely to have access to resources and information during and after a disaster. Aldrich is author of the new book "Building Resilience: Social Capital in Post-Disaster Recovery," and he has studied evacuation, disaster recovery and community rebuilding following Hurricane Katrina, the 2011 earthquake and tsunami in Japan, the 2004 Indian Ocean Tsunami in Tamil Nadu, the 1923 earthquake in Tokyo and the 1995 earthquake in Kobe, Japan. Personal homepage: http://web.ics.purdue.edu/~daldrich/ CONTACT: Daniel P. Aldrich, daniel.aldrich@gmail.com Julio Ramirez, chief officer of NEES, professor of civil engineering Researchers who are part of the National Science Foundation (NSF) supported George E. Brown Jr. Network for Earthquake Engineering Simulation (NEES) focus on earthquake effects but also have occasionally studied questions related to the potential effects of high winds on high-rise buildings, storm surge on levees and other critical structures affected by hurricanes. "In some cases earthquakes demand flexibility, whereas wind demands stiffness," said Julio Ramirez, chief officer of NEES and a professor of civil engineering at Purdue. "So they offer competing design challenges." Through NEES, researchers are developing tools to learn how earthquakes impact the buildings, bridges, utility systems and other critical components of today's society. The same tools, however, help to safeguard structures against the forces exerted on structures by high winds. Nearly 400 NEES projects sponsored by the National Science Foundation, other government agencies and industry have been completed or are in progress since 2002. In 2009, Purdue entered into a five-year Cooperative Agreement with the NSF to lead NEES and its experimental facilities located at universities across the country. NEES is made up of 14 university partners from around the nation and Purdue University, home of the headquarters for operations, deployment of cyberinfrastructure education, training and outreach activities CONTACT: Julio Ramirez, 765-494-2716, Ramirez@purdue.edu Steve Cain, Purdue Extension Disaster Education Network The best way for people to help victims of Hurricane Sandy this week is by donating cash that would go directly to meet specific needs in flooded areas, a Purdue University disaster education specialist said. "Cash is best," said Steve Cain, Purdue Extension Disaster Education Network homeland security project director. "It is better to donate cash instead of goods because local responders can more readily convert that into what's needed." Cain, who also is president of the national disaster-aid relief group Indiana Voluntary Organizations Active in Disaster, of which Purdue Extension is a member, and serves on the board of the National VOAD, said people wanting to help can donate cash through the group's website at http://www.nvoad.org/donate. Donations will go toward specific needs in affected areas. Donations such as clothing and household items can become difficult for disaster responders to handle and might not be needed in some areas. Cain suggests that individuals and organizations with goods they want to donate might be more effective if they sell those items at a garage sale and donate the money raised. CONTACT: Steve Cain, 765-583-3348, cain@purdue.edu Eugene C. Spafford, executive director of CERIAS - Purdue's Center for Education and Research in Information Assurance and Security Spafford can speak about best practices to know that you are donating to a legitimate relief effort or if a website seeking donations is a scam. Spafford is a foremost figure in the cybersecurity field for his leadership in foundational research in security technology, his leading role in the development of influential educational programs, and his longtime advocacy and public service in information security. He has worked with the government, law enforcement, corporate and academic officials, two U.S. presidents, the FBI, the departments of Justice and Energy, the U.S. Air Force, Microsoft, Intel, Oracle, Lockheed-Martin, Northrop Grumman, and the National Science Foundation. He has testified before Congress many times on cybersecurity and has received numerous professional recognitions and distinctions. Personal homepage: http://spaf.cerias.purdue.edu/ CONTACT: Eugene C. Spafford, 765-494-7825 Note to Journalists: The Purdue University experts below can talk about certain topics related to Hurricane Sandy. Source contact information is listed below. Media contacts are Emil Venere, 765-494-4709, venere@purdue.edu, James Schenke, broadcast media liaison, (Office) 765-494-6262, (Mobile) 765-237-7296, jschenke@purdue.edu, and Amy Patterson Neubert. 765-494-9723, apatterson@purdue.edu

Tips to Avoid Being Scammed in Donating to Hurricane Sandy victims

Posted: 01 Nov 2012 01:53 PM PDT

WEST LAFAYETTE, Ind. - The many pictures and news reports of massive destruction and loss of life and property from Hurricane Sandy is triggering an urge for people to help. But it's important that donors know where their money is actually going, says a Purdue University cybersecurity expert. "We've seen it time and again, and con artists and scammers are continually coming up with advanced methods to take people's money through contributions - often online," says Eugene H. Spafford, professor and executive director of CERIAS - Purdue's Center for Education and Research in Information Assurance and Security. Researchers at CERIAS know that criminals will take advantage of the most tragic of circumstances, counting on people's sense of urgency to "do something" to overcome their normal caution, Spafford says. "Be alert to fraudulent but sincere-sounding appeals for aid from hurricane victims or from what appear to be charities," he says. "These solicitations may be sent as email to you or a group to which you belong, as postings or messages on a social newsgroup such as Facebook or Twitter, as a phone call from someone soliciting donations, or as a website to which you are directed or that pops up when visiting a site." Some of these fraudulent appeals will sound convincing, and the associated websites will appear official and legitimate. Here are some tips from CERIAS on how to avoid being scammed, now and at other times: Do not enter any information at a Web page that pops up unexpectedly when you visit some other site. Never click on a website address in email sent to you; it may look official, but most will be pointers to fraud or attack sites. Don't assume that every Web address returned by a search engine (e.g., Google, Bing) is a legitimate organization. Do not respond to emails requesting donations or making a special offer (such as asking you to hold their assets). Do not reveal any personal or financial information during a phone call you did not dial yourself. If a friend forwards a URL, phone number or email, don't trust it until you check its validity. Your friend may have been scammed first. Spafford recommends the American Red Cross, available online at http://www.redcross.org, as a reliable charity for domestic disaster relief. CERIAS is the nation's premier interdisciplinary academic center for research and education. For more information, contact Spafford at 765-494-7825, or visit the CERIAS website at http://www.cerias.purdue.edu/ Writer: Jim Bush, 765-494-2077, jsbush@purdue.edu Source: Eugene Spafford, 765-494-7825, spaf@purdue.edu

Career Bobs

Posted by Rohan ingale at 1:27 AM 0 comments

How to Add Commands to the Startup in Linux

How to Add Commands to the Startup in Linux

How to Add Commands to the Startup in Linux

Posted:

Adding commands to the startup in Linux is a great way to make your whole computer more efficient. Add commands to the startup in Linux with help from a software engineer with broad and extensive experience in this free video clip.

How to Tell if Your Intel Processor Has Virtualization

Posted:

If your Intel processor has virtualization technology it will display a few clear signs. Find out how to tell if your Intel processor has virtualization technology with help from a software engineer with broad and extensive experience in this free vi...

How to Turn Off the Fingerprint Sensor on an HP Laptop

Posted:

The fingerprint sensor on an HP laptop can be turned off by following just a few basic steps. Turn off the fingerprint sensor on an HP laptop with help from a software engineer with broad and extensive experience in this free video clip.

How to Use the Built-In Card Reader on an HP Laptop

Posted:

The built-in card reader on an HP laptop is a great way to access information from sources like digital camera cards on your PC. Use the built-in card reader on an HP laptop with help from a software engineer with broad and extensive experience in th...

How to Update the System BIOS in an HP Pavilion

Posted:

Updating the system BIOS in an HP Pavilion is something that requires a certain degree of caution. Update the system BIOS in an HP Pavilion with help from a software engineer with broad and extensive experience in this free video clip.

How to Save a Word File to a Flash Drive

Posted:

Saving a Word file to a flash drive is a great way to make sure you have a backup copy of your important document. Save a Word file to a flash drive with help from a software engineer with broad and extensive experience in this free video clip.

How to Format a USB Drive in Fedora

Posted:

Formatting a USB drive will erase all data contained on that drive. Get tips on how to format a USB drive in the Fedora operating system with help from a software engineer with broad and extensive experience in this free video clip.

How to Sharpen Mac Lip Pencils

Posted:

Mac lip pencils can be sharped in a very particular way and operate as good as new when the process is finished. Sharpen mac lip pencils with help from an experienced makeup professional in this free video clip.

How to Bypass Putting in a Password to Get Into Facebook

Posted:

You don't always have to put your password into your Facebook account to log in if you don't want to. Get out of having to put your Facebook password into your browser to access your Facebook account with help from an Internet marketing speaker and a...

How to Use Your Netbook as a Radio

Posted:

Using your netbook computer as a radio only requires a very specific software selection. Use your netbook as a radio with help from a software engineer with broad and extensive experience in this free video clip.

Career Bobs

Posted by Rohan ingale at 1:01 AM 0 comments

How to Export the Path Permanently in Linux

How to Export the Path Permanently in Linux

How to Export the Path Permanently in Linux

Posted:

Exporting a path permanently in Linux requires you to know which type of class you're trying to export. Find out how to export a path permanently in Linux with help from a software engineer with broad and extensive experience in this free video clip.

How to Get an Elevated User in W7

Posted:

Getting an elevated user in Windows 7 only requires that you follow a few basic, easy to manage steps. Get an elevated user in Windows 7 with help from a software engineer with broad and extensive experience in this free video clip.

When You Open Your PC & Look at the CPU, How Can You Tell if It Uses Active or Passive Cooling?

Posted:

Certain types of CPUs use an active cooling system, while others use a system called passive cooling. Find out how to open your PC and tell whether or not it uses active cooling or passive using with help from a software engineer with broad and exten...

Adding a Program to Startup

Posted:

Adding a program to startup allows that program to run automatically whenever you start your computer. Add a program to startup with help from a software engineer with broad and extensive experience in this free video clip.

What to Do When iPhone Gets Stuck in Spin Mode

Posted:

If your iPhone gets stuck in "Spin Mode," there are a few key things you can do to get it back to normal. Find out what to do when an iPhone gets stuck in "Spin Mode" with help from an expert in Apple retail in this free video clip.

How to Upload an MP3 to an iPhone

Posted:

Uploading an MP3 to your iPhone requires the use of Apple's iTunes software. Find out how to upload an MP3 to an iPhone with help from an expert in Apple retail in this free video clip.

Career Bobs

Posted by Rohan ingale at 1:02 AM 0 comments