Software Debugged

There seems to be a perception that security is about designing technology that the hackers can’t break into. Indeed I’ve seen posts on mailing lists, asking about how secure popular instant messaging software is. Sadly I feel it’s actually not worth worrying about – because whatever weaknesses the software has, the human beings using it have much greater weaknesses! Yes, that’s right, the first step in being secure is to fix the security holes in human beings! After all, how often have you seen people type their credit card pin into the reader quite openly, making no attempt to conceal their pin?

The statement almost about human users being less secure than the software they are using certainly requires some explanation. By way of providing one, here are two simple precautions I take regarding my own (electronic) security. I hope these will be of interest to readers.

• Beware who is watching. This is when you type in your user name and password, your credit card details, or absolutely any personal and/or other sensitive information. This is particularly true if you are in a public place (computers are becoming more mobile, and so, it appears, is working in one’s favourite coffee shop). The “shoulder surf” is a very simple but effective hackers’ instrument – i.e. quietly watching over the shoulder of someone typing in sensitive information. In this day and age, it isn’t just a case of looking of for people looking over your shoulder either. Watch out for security cameras that might be able to see what you’re typing. Information seen by a camera can (potentially) be abused!
• Be vigilant with passwords. It is amazing how many people just use something that’s easy for them, such as their spouse’s name, or the name of one of their children. Hacking is a lot simpler that most people realise, and among the first thing hackers will try is finding out the names of people close to you, and trying them as passwords. Actually, any kind of actual word – name or otherwise – should not be used. There are programs out there that will systematically go through an extensive dictionary trying each word as the password. Also, never write down a password. My preferred way to come up with passwords I can remember is to (rather that use a word) use a number. A good choice is a date that other people are not likely to know or be able to find out easily, but which you can memorise – e.g. the date of your parents’ wedding anniversary. For instance, if their anniversary is on 10^th August – i.e. 10/08 since I’m in the UK – make your password “..1008”. Note the use of leading punctuation to make it a little more cryptic to others, while still being something you can remember.