Computer Security Gone Wild

That Is 4 Sure!

As an IT specialist, I am surrounded by hundreds of passwords for our computer network and its users. Every system seems to have its own requirements, with financial institutions being the most demanding:

  • One or more capital letters
  • Several lower case letters
  • One or more numbers
  • One or more special characters (!@#$%^&* etc.)

As if that weren’t bad enough, some systems require you to change passwords every 90 days or so. Now the IRS has gotten involved: Users of accounting systems that store Social Security Numbers and Federal Tax IDs are required to create passwords that comply with the standards enumerated above, and moreover change them at 90 day intervals.

What is a good password? As the illustration above indicates, length is probably the best attribute. There is a fun website called How Secure Is My Password? that is fun to use. Given any password you type in, it tells you approximately how long a computer can crack it. Let’s enter a password called, simply enough, “password.” Your password would be cracked instantly. Let’s say your password is “Longer Passwords Make Stronger Passwords.” That would take a computer 89 septendecillion years to crack. You get the general idea. (I think it would actually be cracked sooner, because computers are always getting faster.)

Some people think that using letter/number substitutions such as “4“ for “for” or “B100dy Pa55w0rd5!” for “Bloody Passwords!” would do the trick. Not really. Not when a hacker uses brute computing force to check all possible letter/number/special character permutations. And these artificial passwords are always harder to remember. And you know what happens when you lose a vital password? You’re up Excrement Creek without a paddle.

What I do is keep all my passwords up to date in a Microsoft Excel file that is itself passworded. You can even create sequences of passwords, such as:

  • 1-2-Buckle-My-Shoe
  • 3-4-Shut-The-Door
  • 5-6-Pick-Up-Sticks
  • 7-8-Lay-Them-Straight
  • 9-10-A-Big-Fat-Hen

I’ve actually used that sequence for one bank (but no longer).

There are even computer programs that save your passwords for you—even Internet browsers. But if it’s a separate system, how do you know it wasn’t designed by computer hackers? It’s like all those unsolicited anti-virus systems whose sole purpose is to load viruses onto your system. It pays to be a bit suspicious.

 

The Brussels Airport Attack

Patrick Smith On the Brussels Airport Attack

Patrick Smith on the Brussels Airport Attack

I don’t do this very often, but I want to quote in its entirety Patrick Smith’s well reasoned attack on the “We Need More Security at Our Airports” argument from his website, Ask the Pilot:

I WAS AFRAID OF THIS. The minute I learned of the double bombing at the Brussels airport check-in lobby earlier today, I knew how the conversation would go. Sure enough, even before the morning was out, we were hearing calls for tighter security in airports.

First, a little history. Although airplanes themselves are historically the choicest target, attacks inside terminals are nothing new. For instance:

In 1972, the Japanese Red Army murdered 26 people in the arrivals lounge at Israel’s Lod Airport (today’s Ben Gurion International).

In 1985, the Abu Nidal group killed 20 in a pair of coordinated ticket counter assaults at Vienna and Rome.

In 2002, a gunman shot three people near the El Al airlines ticket counter at LAX.

And most recently, in January, 2011, a suicide bomber at Moscow’s busy Domodedovo airport killed 35 people.

“Aviation security experts have been warning” read an Associated Press story after the Moscow attack, “that the crowds at many airports present tempting targets to suicide bombers. Arrivals halls are usually open to anyone.”

Now, in the wake of Brussels, we’re hearing this again. The implication is that our airports aren’t yet secure enough, and that only more barricades and checkpoints and scanners and cameras and guards standing around with automatic weapons will make them so. There’s talk from supposed security experts asking if perhaps terminals need to be closed off to everybody except ticketed passengers and employees, with security checkpoints moved literally onto the sidewalk.

This is something I worried about years ago, when I was a columnist for Salon. Just wait, I wrote, until the next big attack takes place at the check-in counter or at baggage claim. They’ll be turning our airports into fortresses.

As, if by moving the fences, they can’t get us. The only thing moving security curbside would actually do, of course, is shift the perimeter — and the busy choke point of passengers — to a new location. This means nothing to an attacker, whose so-called “soft target” has simply been relocated from one spot to another, no less convenient one. But it would mean immense amounts of hassle for everybody else.

Thus, it’s precisely the wrong line of thinking. It’s reactionary in the purest sense, and it plays directly into the terrorist’s strategy — a strategy that encourages a response that is based on fear instead of reason, and that is ultimately self-defeating.

The reality is, we can never make our airports, or any other crowded places, impervious to attack. And while maybe you wouldn’t mind living in a society in which every terminal, shopping mall, sports venue and subway station has been militarized and strung with surveillance equipment, count me among those who would.

Policia

Assault Police Guarding the Palacio de Gobierno

Assault Police Guarding the Palacio de Gobierno

You may recall the news flap that occurred a couple months ago when someone scaled the White House fence and penetrated all the way to the East Room before he was snared. This would not be quite so likely in Lima, where asalto (assault) police with automatic weapons guard the Palacio de Gobierno along with badged security personnel in suits.

The first time I was in Lima, there was a demonstration expected. Just to make sure that it wouldn’t spill over into any sensitive areas, large groups of riot police with shields were stationed all around the Plaza de Armas.

Riot Police with Shields Stationed by the Main Plaza

Riot Police with Shields Stationed by the Main Plaza

South America has had a history of violence against government forces, culminating in the hanging of President Gualberto Villaroel, who in July 1946 was dragged from the presidential palace in La Paz, Bolivia, and hanged from a lamppost on the main square—which is still there and which is grimly shown to tourists.

Did I feel safe in Lima? Yes, as long as I followed the orders of the police about standing too close to the main gate.