Posts

Do Not Require Frequent Password Changes!

I have experienced this firsthand that, when asked to change passwords frequently, users resort to using past passwords with minor changes or additions to it. It is difficult to remember passwords, so they may add a number to an existing password. So, for example, if my password is sTudENt, when I am asked to change the password, I change it to sTudENt1. The next time around, I may change it to sTudENt2, next to sTudENt3, and so on. I have been preaching for years that requiring users to change passwords frequently serves little purpose from a security standpoint. Now, Microsoft says it, too.

https://arstechnica.com/gadgets/2019/04/password1-password2-password-3-no-more-microsoft-drops-password-expiration-rec/

Are Chip-and-Sign Cards As Safe as Chip-and-PIN Cards? No!

Here's a article from US News & World Report that should answer this question:


http://money.usnews.com/money/blogs/my-money/2015/09/28/6-things-you-need-to-know-about-the-new-chip-cards


Happy reading!

The Problem with Open Source - Part II

The recent Heartbleed problems (see Heartbleed coder admits 'oversight' but backs open source), only cast a bad shadow on open-source software.  Every time anyone points out problems with open-source software, its proponents get over-emotional and begin attacking Microsoft's products as if that helps solve or overcome open-source software's problems. Instead, they should acknowledge problems and suggest solutions. Like someone said, it took over 2 years for the problem to be discovered. In my view, the person who "screwed-up" here should be discouraged from ever participating in future updates. Further, the open-source industry should be thinking of ways to make sure that such a thing doesn't occur again. Before that happens, one should be careful using open-source software as problems will most probably arise again.







The Problem with Apple's iPhone

In a CNET article titled Six ways Apple can fix what's 'broken' about the iPhone, Rick Broida what he would like to see in the new, as yet unnannounced, iPhone.  Here are my thought on what Apple needs to do.

I think that Apple needs to change its stance on products that they make and sell. The stance has always been - from the Steve-Jobs days - that customers do NOT know what is good for them or how they should be using their products. That might have worked in the PC / laptop era and in the beginning stages of the innovation cycle at which the iPhone was introduced. That cycle is now past that stage and we are coming close to the maturity stage in the cycle. Things work differently there than they did at the initial stages. In addition, the sales volume has overturned for Apple. They weren't leading in sales of PC and laptops but ARE leading in smartphone sales. With widespread adoption comes more wants by a now-larger consumer-base, with different people liki…

The External SD Card and Android 4.4.2 - KitKat

Several articles have appeared online after the release of the newest version of Android, KitKat, that pointed out the problems with accessing the external SD card in Samsung and other phones. Many were very critical of Google's intention to discourage their use in phones.  In addition, phone users chimed-in with their displeasure about having to ditch external storage that they extensively used. Overall, everyone complained vociferously, lamenting the demise of the SD card slot that added significant extra storage to the phone.

I have closely followed the events occurring after the initial fiasco and I found something quite the opposite of what was initially reported.  Initially, Google apps like Camera had read-write access to the micro-SD card, something that led me to believe that the online reports weren't necessarily accurate.  Since that time, many apps have changed the way they access and write to the card, and are now able to write to the SD card without any problems…

New Service to Recover a Stolen Samsung Galaxy S4 Smartphone

Yesterday, Absolute Software announced its phone recovery service, LoJack, for the new Samsung Galaxy S4 line.  This service is a first for smartphones, and previously offered for PCs, laptops, vehicles, and even humans.  A question that people may have is: "so what?  I have software that can already do that!"

All software that is currently available to track smartphones has to be installed as an app.  There is a are problem with that: an app can be uninstalled!  Even if you have some rudimentary security mechanisms (such as a PIN) to prevent the security app from being uninstalled, the phone can be reset to factory condition, thereby erasing everything on it.  Phone service providers like AT&T and Verizon are working on creating a database to track stolen phones but you have to understand that they are in the business of selling new phones and providing service, not in law-enforcement!  The database will, therefore, not necessarily help recover phones.

This is where Lo…

Why to not Buy the International Version of the Samsung Galaxy S4?

The Samsung Galaxy S4 comes in a variety of model numbers here in the US.  There is a version for AT&T (model SGH-I337), one for T-Mobile (model SGH-M919), and more for other carriers that sell the S4.  Generally, these phones are locked to their original service providers, though one can purchase an unlocked version of the S4 (GT-I9500) that is sold on Amazon, eBay, and other online merchants.

AT&T and T-Mobile will both provide you an unlock code to unfetter the phone from their networks IF one pays full retail price for it (currently $640 or above).  If you want to be able to unlock and use the phone on both AT&T's and T-Mobile's networks, you are better-off purchasing the T-Mobile model outright and getting it unlocked.  It will (according to specs published on Samsung's website) work on BOTH networks, adding some amount of flexibility to switch carriers at will.

Another advantage of paying full-price for the phone is that you are not tied into a contract …