in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

File Encryption Used In Lost UNHS Backup Tape. Nothing To See Here

The University of Pennsylvania Health System (UPHS) is contacting people to alert them that an encrypted backup tape was lost in transit.  The tape contains personal information such as names, addresses and checking account numbers.  The tape was being transported by an outside carrier—my guess is to a “safe” location.  The important thing is that encryption software like AlertBoot was used to secure the information.  So, barring any foolishness on the part of the UPHS, the tape’s disappearance shouldn’t be a cause of alarm.

 

What types of foolishness?  Well, if they had stuck a post‑it with the password to the tape.  Or, if they had used a short or weak password.  When it comes to encryption, there are two ways of breaking it: figuring out the password or figuring out the encryption key.  The key tends to be a really long string of characters, whereas the password is usually much, much shorter.  Hence, no surprise that people try to figure out the password.

 

There are two ways to figuring out the password: 1) find out the actual password via devious methods, such as social engineering, keystroke‑logging, or just looking for a possibly‑existing post‑it note (unfathomable that such things exist from a data security standpoint) or 2) trying out all possible password combinations: start with “a” and move on to b, c, d, e…aa, ab, ac, ad…aaa, aab, aac…and so on.  This latter way of figuring out the password is known as a “brute force attack.”  Obviously, the longer the password, the longer it will take to figure it out.  However, length is not the only factor when it comes to ensuring a password’s security.

 

There are twenty‑six letters in the English alphabet.  If you add numbers to the mix, you’ve got thirty‑six individual placeholders, which means even more password combinations: once you reach “az” there’s still “a1” through “a0.”  It’s a small change initially, but as the password become longer overall, it contributes significantly to the total number of different passwords one can have.  Add special characters, make the password capital and lowercase sensitive, and the number of different available passwords increases exponentially.

 

There are caveats, of course.  If you use a word that can be found in a dictionary, chances are it doesn’t matter how long that password happens to be: pneumonoultramicroscopicsilicovolcanoconiosis is long, and it would take forever to figure out if you were to try to guess each letter one by one: it’d probably take over one trillion tries.  However, the above being a real word, one could also get an electronic dictionary and try all words listed to see if there is a match.  And that brings down the number of guesses, since there are approximately three quarters of a million words in the English language.

  

Related Articles:

http://www.thebulletin.us/site/index.cfm?newsid=20084468&BRD=2737&PAG=461&dept_id=576361&rfi=8

http://www.courierpostonline.com/apps/pbcs.dll/article?AID=/20080819/BUSINESS/808190341/1003

 
<Previous Next>

Full Disk Encryption Missing On USB Memory Stick: UK Home Office Data At Risk, Again

Database File Encryption Present In Best Western Hack According To The Company

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.