Use an 8-char Windows NTLM password? Don’t. Every single one can be cracked in under 2.5hrs

In 2011 security researcher Steven Myer demonstrated that an eight-character (53-bit) password could be brute forced in 44 days, or in 14 seconds if you use a GPU and rainbow tables – pre-computed tables for reversing hash functions.

NIST’s latest guidelines say passwords should be at least eight characters long. Some online service providers don’t even demand that much.

When security researcher Troy Hunt examined the minimum password lengths at various websites last year, he found that while Google, Microsoft and Yahoo set the bar at eight, Facebook, LinkedIn and Twitter only required six.

Tinker said the eight character password was used as a benchmark because it’s what many organizations recommend as the minimum password length and many corporate IT policies reflect that guidance.

password

”Because we’ve pushed the idea of using complexity (upper case letters, lower case, numbers, and symbols), it’s hard for users to remember individual passwords,” Tinker said. ”This does, among other things, cause users to pick the minimum length allowed, so that they can remember their complex password. As such, a large percentage of users choose the minimum requirements of eight characters.”

So how long is long enough to sleep soundly until the next technical advance changes everything? Tinker recommends a random five-word passphrase, something along the lines of the four-word example popularized by online comic XKCD, ”correcthorsebatterystaple.”

https://www.theregister.co.uk/2019/02/14/password_length/

Security Things to Consider When Your Apartment Goes ‘Smart’

What’s Your Threat Model?

When we’re talking about things that impact personal safety, it’s crucial to think about the specific, realistic threats that we (or our families) face. In this blog, I’m going to talk about ways that consumer IoT and Smart Home systems can be abused to cause risk to safety and privacy. If your number one concern for your safety is a casual criminal breaking your lock and stealing your TV, and the loss of your activity data isn’t something that substantially impacts or bothers you, you might decide that a flawed Smart Home system is an acceptable risk (or even a net benefit).

Läs mer

Your Apps Know Where You Were Last Night, and They’re Not Keeping It Secret

At least 75 companies receive anonymous, precise location data from apps whose users enable location services to get local news and weather or other information, The Times found. Several of those businesses claim to track up to 200 million mobile devices in the United States — about half those in use last year. The database reviewed by The Times — a sample of information gathered in 2017 and held by one company — reveals people’s travels in startling detail, accurate to within a few yards and in some cases updated more than 14,000 times a day.

https://www.nytimes.com/interactive/2018/12/10/business/location-data-privacy-apps.html

GOOGLE’S SIDEWALK LABS PLANS TO PACKAGE AND SELL LOCATION DATA ON MILLIONS OF CELLPHONES

Last month, the New York Times revealed how sensitive location data is harvested by third parties from our smartphones — often with weak or nonexistent consent provisions. A Motherboard investigation in early January further demonstrated how cell companies sell our locations to stalkers and bounty hunters willing to pay the price

https://theintercept.com/2019/01/28/google-alphabet-sidewalk-labs-replica-cellphone-data

There’s a simple reason why your new smart TV was so affordable: It’s collecting and selling your data

  • The vast majority of televisions available today are ”smart” TVs, with internet connections, ad placement, and streaming services built in.
  • Despite the added functionality, TV prices are lower than ever – especially from companies like TCL and Vizio, which specialize in low-cost, high-tech smart TVs.
  • There’s a simple reason that smart TV prices are so low: some TV makers collect user data and sell it to third-parties, which can offset the cost.

https://nordic.businessinsider.com/smart-tv-data-collection-advertising-2019-1