MattJay Security » fundamentals http://www.mattjaysecurity.com The musings of a young information security professional on current security events. Wed, 02 Feb 2011 17:09:14 +0000 en hourly 1 http://wordpress.org/?v= Reveal Passwords Bookmarklet – What Could Go Wrong? http://www.mattjaysecurity.com/2011/02/reveal-passwords-bookmarklet-what-could-go-wrong/#utm_source=feed&utm_medium=feed&utm_campaign=feed http://www.mattjaysecurity.com/2011/02/reveal-passwords-bookmarklet-what-could-go-wrong/#comments Wed, 02 Feb 2011 17:09:14 +0000 Matt Johansen http://www.mattjaysecurity.com/?p=131 Lifehacker posted an article this AM about a Bookmarklet that would reveal passwords on your screen that are normally bulleted out.

It is advertised as a way to help remember passwords that are saved in some sort of autofill application such as LastPass or just in your browser. Sounds terrific so you don’t forget them by heart.

I liken this to the fact that 10 years ago I had to dial everybody’s phone number on my home phone manually, and now I just pull up their contact in my cell and hit send. The funny thing is those friends and family I still call from the pre-cell phone era are the only people’s numbers I know by heart.

But even though this bookmarklet sounds like a good idea in theory, I have a problem with it. How many times have you been typing your login information in and started typing your password accidentally in the username field? For me it has happened a decent number of times and a handful of those were while people were behind me watching, which of course was followed by me changing my password. So now you are telling me there is a javascript bookmarklet being advertised to do such a thing *on purpose*?

What could go wrong here?

Share and Enjoy:
  • Digg
  • del.icio.us
  • Facebook
  • Google Bookmarks
  • LinkedIn
  • Slashdot
  • StumbleUpon
  • Reddit
  • Tumblr
  • Twitter
]]> http://www.mattjaysecurity.com/2011/02/reveal-passwords-bookmarklet-what-could-go-wrong/feed/ 2 Computer Security Week 1 http://www.mattjaysecurity.com/2009/01/computer-security-week-1/#utm_source=feed&utm_medium=feed&utm_campaign=feed http://www.mattjaysecurity.com/2009/01/computer-security-week-1/#comments Fri, 02 Jan 2009 00:22:00 +0000 Matt Johansen http://www.mattjaysecurity.com/?p=4
In the the very first week of my Computer Security class we were presented with a broad overview of the upcoming semester. We touched everything from the CIA triad (Confidentiality, Integrity, and Availability) to discussing the more public view of security (i.e. the cyber section of the FBI and Secret Service, identity theft, etc.).

We were also presented with the following video of Richard Clarke who is the Chairman of Good Harbor Consulting, senior White House Advisor to the last three presidents and an expert in security including cyber security and counterterrorism. If you would like to watch it you can skip the first 7:30 minutes which is just PR stuff and an introduction.

“Richard A. Clarke is an internationally recognized expert on security, including homeland security, national security, cyber security, and counterterrorism. He is currently Chairman of Good Harbor Consulting and an on-air consultant for ABC News. Clarke served the last three Presidents as a senior White House Advisor. Over the course of an unprecedented 11 consecutive years of White House service, he held the titles of Special Assistant to the President for Global Affairs, National Coordinator for Security and Counterterrorism, and Special Advisor to the President for Cyber Security. His published works include the New York Times #1 bestseller Against All Enemies, Scorpion’s Gate, and Breakpoint. Mr. Clarke will be discussing the current state of the war on terrorism and what it means for homeland security and technology.”

The class was presented with the following.

“Week 1

The objectives for this week are to outline what expectations the students may have from the teacher, and what expectation the teacher has from the students. A brief preview for the semester will be provided. At the end of the week, the following topics will have been covered.

  • Fundamental concepts of information security
  • Common forms of malware
  • Information Security Life Cycle


Assignment 1
Watch this movie and comment on it in your course blog. You can skip over the first 7:30 minutes, as they are just public relations.

Can you relate to this clip? Do you see any effects of computer security controls in your daily life? What kind of controls do you see? How do they affect you?”

If you’d like, I’d be interested to see a few responses from other people who wish to leave comments.

In the next few weeks of our meetings we covered respectively Laws and Ethics, Authentication, and Access Control. My next post or two will cover these topics and then we move on to the Defender and Attacker life cycle and break down each step along the way of each.

Share and Enjoy:
  • Digg
  • del.icio.us
  • Facebook
  • Google Bookmarks
  • LinkedIn
  • Slashdot
  • StumbleUpon
  • Reddit
  • Tumblr
  • Twitter
]]> http://www.mattjaysecurity.com/2009/01/computer-security-week-1/feed/ 0