Tech Friday


  • What is a keystroke logger?
    • Keystroke logging software, aka keylogger, is a form of software that's been around for a long time and can be traced to typewriters
    • A keylogger runs quietly in the background and captures a user's keystrokes to be sent to a third party
    • The third party can be a criminal, a support technician or law enforcement
    • A keylogger can capture any and all information that a user enters from the keyboard, making them very dangerous
    • Other methods besides malware exist for key logging and include hardware based approaches and acoustic analysis
    • While most anti-malware software will provide some protection against keyloggers, they can be used legitimately
    • There specific anti-keystroke logging tools, check this list: https://www.topattack.com/list/best-anti-keylogger-software-review/86
  • Microsoft: "Expect a bumpy ride" in 2019:
    • Microsoft president Brad Smith said a "bumpy ride" may be in store for the tech sector in 2019. Smith is also Microsoft's chief legal counsel
    • Some of the concerns he raised include:
      • Artificial Intelligence (AI) could be added to the Department of Commerce's controlled exports schedule due to national security implications
      • Possible new regulations on tech companies, especially around privacy and "fake" news
      • Election meddling and election security
      • Regulation on biometrics and facial-recognition
      • Trade war with China
  • 2018's worst passwords list is little changed from 2017
    • SplashData's 2018 worst password list was recently released. They claim to have evaluated more than five million leaked passwords.
    • "123456" maintained it's spot at the top of the list despite years of warnings about password security and strong passwords
    • Sadly, "password" was number 2 on the list, again
    • Simple passwords such as those above can be cracked in fractions of microseconds
    • It would be great if website and applications would simply stop allowing these bad passwords
    • Until then, you need to use a "strong" password, and the guidance on that has changed
    • Bill Burr authored a publication that was released by the National Institute of Standards and Technology (NIST Special Publication 800-63. Appendix A) that contained the original "strong" password advice
    • Burr recently told the Wall Street Journal (WSJ) that the 2003 paper was based on a paper written in the 1980s rather than real-world password data
    • Burr told the WSJ his previous advice of using special characters, mixed-case letters and numbers is not effective in stopping hackers because the combinations chosen by most people are highly predictable
    • Burr also previously suggested that passwords be changed a minimum of every three months
    • The UK's National Cyber Security Centre has said that forcing users to change their passwords at regular intervals "imposes burdens on the user and carries no real benefits".
    • The new advice is that users should only change their password if there is evidence that it has been compromised, but users should still use a unique password on each site/platform
    • Also a rather that a series of letters, numbers and symbols such as I10v355KRC!, users should use a long, easy to remember phrase with 3 or more words, for example, 55KRCIsTh3B3stTVStation3v3r
    • Security experts have determined that a password like Tr0ub4dor&3 could be cracked in as little as 3 days, while a password like “correct horse battery staple” written as one word would take 550 years
    • You can consider using a password manager app that will generate very strong password and store them in encrypted database
    • Password manager apps:
      • If you're going to use one, you MUST VET IT!
      • Some of the most popular are:
        • LastPass
        •  Keeper
        • RoboForm
    • For more choices and detail, visit:
    • https://www.pcmag.com/article2/0,2817,2407168,00.asp
    • https://www.cnet.com/news/the-best-password-managers-directory/