Even Russian spies have absurd password requirements

Security by on June 30, 2010 at 10:48 pm

From this fascinating CNET article on a few of the techniques that the Russian spies used to exchange data:

…the steganographic program was activated by pressing control-alt-E and then typing in a 27-character password, which the FBI found written down on a piece of paper during one of its searches.

While online passwords never need to be this complex - centralized management can prevent brute-force attack. Arguably, longer passwords are more important for local software (that can be stolen, then brute-forced). In fact, the leading theories on the ‘cracking’ of the wikileaks video suggest that they brute-forced the password that unlocked the encrypted contents.

A 27 character password certainly makes brute-forcing the password impossible. But human nature, even to extremely well-trained spies is to write things like this down.

Google’s Bold Chinese Move

Search,Security by on January 12, 2010 at 10:17 pm

I’m both stunned and impressed by Google’s announcement that it will either end censorship in China or close google.cn following a “highly sophisticated and targeted attack on [Google’s] corporate infrastructure originating from China that resulted in the theft of intellectual property from Google.”


If Google follows through with its intentions, it will be one of the most public actions taken by any organization (corporate or government) in protest of China’s restrictions on free speech in the last few years. Even a Google-cynic such as myself can’t help but cheer their actions. The other search engines should follow Google’s lead.

Almost incredibly, Google is may actually be able to impact Chinese policy. We will see how the next few weeks unfold, but Google may well do more for free speech in China at this moment than any international organization has been able to do in the last decade. The constructivist view of international relations is becoming an increasingly stronger model.

Google was hacked!?

And possibly equally significantly, Google has had its intellectual property stolen by hackers. And we’re left to presume they were state-sponsored hackers. Sure, most organizations are a nudie video away from getting pwned, but if Google can be targeted successfully, what does that say about the rest of corporate America?

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 License. | Dave Naffziger's BlogDave & Iva Naffziger