UMW IT Security

TrueCrypt was mentioned in an earlier blog entry as a way to encrypt part of a drive. This great utility is only available for Linux and Windows. Well, Mac OS X has a built in way of encrypting disk images.

As with TrueCrypt this method can be used for encrypting portions of a drive, and sections of a thumb drive as well. I’m liking Macs more and more as time goes on. ; )

There are estimates that over 10 million computers on the Internet are infected with malware.  Malware which is used for sending out spam… and worse.

http://redtape.msnbc.com/2007/03/bots_story.html#posts

Here is an interesting blog entry on passwords. Note specifically the chart where he shows how long it takes to crack passwords.

http://onemansblog.com/2007/03/26/how-id-hack-your-weak-passwords/

Truecrypt is a wonderful open source program for encrypting content on disk drives or removable media.  It works on Windows and Linux (sorry, fellow Mac users).  It is a good solution for protecting sensitive files.  When using a strong password this software can protect one’s data very, very well.

Setting up TrueCrypt to work on a portion of a hard drive is fairly straight forward.  Just follow the installation wizard.

Truecrypt can also encrypt data on a flash drive.  Though it is possible to encrypt the entire drive, that may not be the best option because by leaving a portion of the drive unencrypted then the drive can be set up in Traveler mode.  This mode can  set the drive up in a way that it can be used on most computers.  Note that it does require admin access to mount an encrypted volume, most everyone’s regular account is an admin anyway, except for Vista users (more on that in a future post).

Here is link to a video, by Chris at RioSec, that explains how to set up Traveler mode, step-by-step.

In conclusion, TrueCrypt is a wonderful open source tool that can protect data on hard drives and removable drives.  It is a good option for safeguarding confidential files.

A report from Symantec states that most Cyber-attacks are getting more organized, and better at getting data.  I was surprised to read that, by far, most of the attacks come from within the U.S., at 31% and over three times higher than second place China at 10%.

Here is a link to MSNBC’s take on the report, and here is the report itself.

The short answer to the story is to not open attachments from anyone you don’t know, and don’t respond to e-mails with personal information.  Now that most of us have properly patched systems and firewalls, online criminals are trying to trick us via e-mail.

It is important to note that even though Firefox can display saved passwords by default, there are several freely available tools that can display passwords stored in Internet Explorer.  These tools do have to be copied/downloaded to the computer but a determined snoop can get all of one’s ‘hidden’ IE passwords in less than a minute.

It was pointed out to me yesterday, by Andrew Rush (Instructional Technology Specialist at UMW) that Firefox has an alarming feature in that with just a few clicks all saved passwords for the browser will be displayed in plain text. The good news is that the passwords are not stored in the clear on the hard drive and there are ways to greatly reduce the chances of someone else seeing this information.

Patrick Crispen has done an analysis and I agree with his opinions on this matter.

http://www.netsquirrel.com/articles/ff_saved_passwords.html

In short, it would be worthwhile for those who use stored credentials to use the Master Password feature. In addition, everyone should really have a password protected screen saver on one’s personal computer account.

Thanks!

Hello. This blog will be primarily for IT Security related issues that students, faculty and staff may encounter at the University of Mary Washington in Fredericksburg and Stafford Virginia. Others are welcome as well as most of the items posted will be applicable to all computer users.

Thanks for stopping by.
Clay Calvert