ctrl.altered.mind

American Express is one of the major global financial service providers and is best known for its credit card and traveler’s cheque businesses. Naturally, I was shocked to learn that the 74th largest company (Fortune 500, 2007) has such poor focus on enhancing user security for its financial account portal.

The AMEX website permits users to only set passwords with a maximum of 8 characters, with no non-alphanumeric characters supported. This is very strange for a corporation the size of American Express, and especially so for a financial services company. I figure that with these constraints, any kind of password set up on the AMEX site will only qualify as having “weak” strength.

However, I’m sure most people would not even encounter these constraints while selecting their passwords. In a study on password security conducted with undergraduate and graduate students, it was found that over half of reporting users (52.70%) never change their passwords if not required by the system. These numbers drop with increasing frequency, with about 12% users changing their password every three months.

Furthermore, some common practices have been observed to be followed by users when choosing a password. Most users only use a combination of lower case letters and numbers, where the number is usually a personally meaningful one (such as birth dates or phone numbers). Over half of all users also reported using the same password for multiple accounts (around 33% use some variation of the password).

With most websites (AMEX, for example) not enforcing stricter rules for generating passwords, user tendencies are not going to see much change. Passwords are generally considered a pretty basic form of security themselves, and therefore one should be very careful in selecting a password that effectively appears as random as possible to a potential intruder.

Password strength is the amount of security that a password can provide against password-guessing attacks, and is measured in bits of entropy.

Common guidelines for choosing good passwords, as listed on Wikipedia are:

* Include numbers, punctuation, and upper and lower case letters
* Use passwords with at least 8 characters
* Avoid passwords based on repetition, dictionary words, letter or number sequences, usernames, or biographical information like names or dates.

Wikipedia also lists some examples of weak and strong passwords (which are probably already included in password-cracking databases, so please don’t choose one of them for your own).

General alertness is also of extreme importance while using online portals, as even the strongest passwords are of no use when it comes to protecting users against certain forms of attacks like phishing or keystroke logging.

I have not ventured into the World of Warcraft (fearing I’ll end up spending much more time on it than I should), but those of you who do play the game might be familiar with the Draenei (I had to resort to Wikipedia).

Apparently, the Draenei have a dancing style heavily influenced by the moves in Daler Mehndi’s Tunak Tunak Tun music video. If you don’t know who (or what) that is, consider yourself lucky and get the **** out of here. Just kidding, here’s a link to the actual video (why should we be the only ones to suffer? :P). Enough digression, getting back to the point of this blog post - YouTube user AmandaJ3162 has submitted a video of the World of Warcraft Burning Crusade Draenei dancing to the song. Great job with the synchronization!

(link to video)

With nothing else to do last night, I thought I’d curl up in front of my laptop computer and watch an episode (or two) of The Tonight Show or Terminator: The Sarah Connor Chronicles on Hulu - however, I was just met with a tiny screen message saying the site was unavailable. I realized that they were preparing for the big day - Hulu went out of invitation-only beta today. So, if you have not checked out (or heard of) Hulu yet, here’s your chance.

I am impressed by Hulu’s simplistic, yet feature-rich website layout. The site design has been touched up slightly, and the biggest feature is an all-new Movies section (the beta phase only served up some episodes of TV shows - both obscure and popular). Hulu is running ad-supported feature-length movies interspersed with clips from big-name studio offerings.

There are quite a few TV shows to watch, as well. If you grew up watching Doordarshan as I did, you’ll be frolicking in nostalgic fervor once you hear that they have episodes of Johnny Sokko and His Flying Robot! There’s no way I could sit through an entire episode of that now, but it was fun to just listen to the intro tune again!

Watching Dragon - The Bruce Lee Story on the side as I type this - interestingly, the movie was just interrupted by a DirecTV commercial. Too bad, for I’m not switching to a conventional TV subscription service any time soon.

If you have ever exchanged zipped up folders containing images or accessed directories over a shared connection, chances are you have come across numerous Thumbs.db files scattered all over. A Thumbs.db file is a system file generated and maintained by Windows, and is generally hidden from view on local directories. The file is used as a cache for image thumbnails, making it faster to preview image files in folders before opening them. They can however, quickly start polluting directories across networks and are of no real value, especially less so for users of other operating systems (Mac OS X has its own variant, in the form of the .DS_Store file).

It is fairly easy to prevent Windows from generating the Thumbs.db file - choose Folder Options from the Control Panel (or access this via the Tools menu in any open folder window). In the View tab, check the box next to ‘Do not cache thumbnails’. This should get rid of the pesky files from popping up everywhere. The only downside to this option is that folders with large amounts of image files will take slightly longer to load if the folder is set to Thumbnail view. This can be resolved by viewing folders in the more useful List or Detailed views (a matter of preference, after all).

On OS X, creation of hidden .DS_Store files can be curbed by a command line operation (via the Terminal):

com.apple.desktopservices DSDontWriteNetworkStores true

You can clean up remnant Thumbs.db and .DS_Store files from network shares by performing a simple search - deleting these from network shares have no adverse effects on the system or your computing experience.