Friday, January 15, 2010
More Computers For Writers
I'm reading a really great book right now -- not a romance by the way -- with a major plot point that involves computers.
Someone is blackmailing people with surreptitious photos of them engaging with prostitutes. The photog has a digital SLR camera and emails the photos to his partner in crime (PIC). He then deletes the photos from his computer. The computers described, by the way, are all running a Windows Operating System (OS), that's pretty clear.
The hero is in possession of the PIC's computer but is questioning the photog at his house in full sight of the photog's computer and camera. I'm not sure because the scene is actually unclear, but I believe the hero removes the memory chip from the SLR and hands it to someone else while he reviews the photos in the camera's memory.
Stop
I have big issues with the camera thing, since my experience is that a professional quality SLR takes such HUGE file-size photos that you can't store anything on the camera itself. But while my Nikon D80 is a high end SLR, I'm not familiar with the kind of SLR pros use, so maybe this is right. I doubt it, but whatever.
The photos the hero hopes to find are not on the SLR (and I'm thinking, doh! They're on the memory card you took out and then the photog explains how he deletes the photos from the computer and emails the best ones to his PIC.
I am now thinking, cool! This is going to be easy. Make the guy login to his email program and check his email sent items folder.
But no. They push aside that computer, go get the PIC's computer and find where the PIC saved off the emailed photos because the photog says, hey, I bet my PIC never renamed my photos. After which the author describes a file naming convention that contains characters that are illegal in a Windows OS.
Full Stop
What the F? Number one, most people are clueless about their computers. There is nothing wrong with that other than the pain that inevitably arises from owning a computer with an OS that is actively hostile to people who just want the damn thing to work.
So, people, if this guy has deleted the photos, they are surely in the trash file. The hero is supposed to be someone clueful and any fool should have thought of that.
But not to even think of looking in the guy's email program? Come on. The stupid photos are there. There was no freaking need to fetch the recipient's computer.
Sigh
As an author, if you write a story in which someone is supposedly being all tricky and geeky about computers, please please please check with a REAL geek.
Please note, I am flying at a high level once again. There are nuances and details I'm skipping. This is informational only -- if you're looking for facts for your writing, please dig deeper and consult multiple sources.
In a Windows OS, you cannot name a file any darn thing you want. There are certain characters (most of them are puncutation) you are not permitted to use. You can use multiple periods, though. If you try to use them, the computer will return an error to the effect that you can't name your file in that manner.
On any computer it is REMARKABLY hard to delete all traces of a file. The trash file is the blindingly obvious place to look, but there are other places to look as well as known methods for recovering deleted drives. Now, this story does not (yet) involve a computer forensics specialist so I'm not griping that the hero doesn't know this.
But here's some interesting things:
To well and truly wipe a hard drive, you have to degauss it. Three times. There's a military spec program that will do this. It will wipe a hard drive, rewriting ALL the bits and bytes three times. Even then I bet there's a way to get around that. For more info, you can google
When Windows deletes a file, it's not really deleting it. Let me say that again: Windows doesn't actually delete a file when you tell it to delete a file. All it does is overwrite the first character of the file name with a 0. Presto, to the OS, it's deleted, but on your hard drive, it's still there. And unless the OS happens to write another file to the exact same location it will stay there.
In case you think encrypting your computer is enough, all I can say is in the face of a skilled and determined geek, au contraire mon frere. But it's still the best thing you can to do to protect your data.
As a side, side note to that, encrypting your hard drive is only as secure as your password. If you tape it to your computer or nearby or use a weak password you might as well not have bothered.
Turning off your computer is also no guarantee that everything in volatile memory is gone. It's not. You can recover that, too. And if you get to a computer quickly enough (the time is longer than you think) you can reconstruct what was going on before it was turned off. Google
A really fun and interesting resource is 2600. I subscribe because there's all kinds of crazy-cool stuff in it. If you're at work, don't be surprised if you can't get to the site. Some companies block it. (I am laughing at that - because any good computer person will get there anyway -- Not that I ever looked at 2600 when I worked for an employer who blocked the site -- in a half assed way. Really.)
Here's some password thoughts for you. Since I am a Database Administrator (DBA) I can tell you from personal experience that the MOST UNBELIEVABLY common passwords are:
password
12345
54321
password123
[Your name]
[curse words]
[keystrokes in the horizontal or vertical order of appearance on a standard keyboard]
Any DBA can tell you it's astonishing the bad passwords people pick. And disappointingly nasty. Some people are just crude.
An experienced computer person probably has a 40% chance of flat out guessing your password. Because they'll run through the unbelievably common passwords. If that person knows a few things about you (your spouse, your birthday, your kids names or pets) bump that to 60%. Heck, if they're just sitting at your desk, they'll probably pick up enough to make some darn good guesses.
But what if your password isn't unbelievably obvious? Check this out: How Long Will your Password last? A few examples: If you chose a password of numbers only: a 2 digit password will be cracked instantly.
Oh, you say, who picks a password that lame? You'd be surprised.
Let's say you pick a 9 digit numeric password. On a crappy desktop, your password will be cracked in 28 hours. If you're the government using a great computer, it's instantaneous.
Letters are a little better, right? A five letter password (in the same case -- all upper or all lower) will be cracked in 20 minutes on a crappy desktop machine. If you double the length to 10, then it's 447 years. Unless you're the government in which case it's 39.5 hours. At 20 characters, even the government will need 631 billion years. Excluding words in the dictionary, of course, since those will be cracked in the first round . . . So, is YOUR password that long AND not in the dictionary?
Check out that link, once you've checked out the footnotes so you understand the chart (easy!!!) I hope you will go change your banking password.
Possibly NSFW because of the curse words: Top 500 Worst passwords I rest my case. There's a lot of people who are picking passwords they'll remember (understandable) instead of a password that's not so lame it can be cracked instantly.
Of course, it's possible to just install some malware and get passwords sent to you.
Alas.
But true.
I won't keep going even though I could.
Someone is blackmailing people with surreptitious photos of them engaging with prostitutes. The photog has a digital SLR camera and emails the photos to his partner in crime (PIC). He then deletes the photos from his computer. The computers described, by the way, are all running a Windows Operating System (OS), that's pretty clear.
The hero is in possession of the PIC's computer but is questioning the photog at his house in full sight of the photog's computer and camera. I'm not sure because the scene is actually unclear, but I believe the hero removes the memory chip from the SLR and hands it to someone else while he reviews the photos in the camera's memory.
Stop
I have big issues with the camera thing, since my experience is that a professional quality SLR takes such HUGE file-size photos that you can't store anything on the camera itself. But while my Nikon D80 is a high end SLR, I'm not familiar with the kind of SLR pros use, so maybe this is right. I doubt it, but whatever.
The photos the hero hopes to find are not on the SLR (and I'm thinking, doh! They're on the memory card you took out and then the photog explains how he deletes the photos from the computer and emails the best ones to his PIC.
I am now thinking, cool! This is going to be easy. Make the guy login to his email program and check his email sent items folder.
But no. They push aside that computer, go get the PIC's computer and find where the PIC saved off the emailed photos because the photog says, hey, I bet my PIC never renamed my photos. After which the author describes a file naming convention that contains characters that are illegal in a Windows OS.
Full Stop
What the F? Number one, most people are clueless about their computers. There is nothing wrong with that other than the pain that inevitably arises from owning a computer with an OS that is actively hostile to people who just want the damn thing to work.
So, people, if this guy has deleted the photos, they are surely in the trash file. The hero is supposed to be someone clueful and any fool should have thought of that.
But not to even think of looking in the guy's email program? Come on. The stupid photos are there. There was no freaking need to fetch the recipient's computer.
Sigh
As an author, if you write a story in which someone is supposedly being all tricky and geeky about computers, please please please check with a REAL geek.
Please note, I am flying at a high level once again. There are nuances and details I'm skipping. This is informational only -- if you're looking for facts for your writing, please dig deeper and consult multiple sources.
In a Windows OS, you cannot name a file any darn thing you want. There are certain characters (most of them are puncutation) you are not permitted to use. You can use multiple periods, though. If you try to use them, the computer will return an error to the effect that you can't name your file in that manner.
On any computer it is REMARKABLY hard to delete all traces of a file. The trash file is the blindingly obvious place to look, but there are other places to look as well as known methods for recovering deleted drives. Now, this story does not (yet) involve a computer forensics specialist so I'm not griping that the hero doesn't know this.
But here's some interesting things:
To well and truly wipe a hard drive, you have to degauss it. Three times. There's a military spec program that will do this. It will wipe a hard drive, rewriting ALL the bits and bytes three times. Even then I bet there's a way to get around that. For more info, you can google
degaussing a hard drive
When Windows deletes a file, it's not really deleting it. Let me say that again: Windows doesn't actually delete a file when you tell it to delete a file. All it does is overwrite the first character of the file name with a 0. Presto, to the OS, it's deleted, but on your hard drive, it's still there. And unless the OS happens to write another file to the exact same location it will stay there.
In case you think encrypting your computer is enough, all I can say is in the face of a skilled and determined geek, au contraire mon frere. But it's still the best thing you can to do to protect your data.
As a side, side note to that, encrypting your hard drive is only as secure as your password. If you tape it to your computer or nearby or use a weak password you might as well not have bothered.
Turning off your computer is also no guarantee that everything in volatile memory is gone. It's not. You can recover that, too. And if you get to a computer quickly enough (the time is longer than you think) you can reconstruct what was going on before it was turned off. Google
computer forensics volatile memory
A really fun and interesting resource is 2600. I subscribe because there's all kinds of crazy-cool stuff in it. If you're at work, don't be surprised if you can't get to the site. Some companies block it. (I am laughing at that - because any good computer person will get there anyway -- Not that I ever looked at 2600 when I worked for an employer who blocked the site -- in a half assed way. Really.)
Passwords
Here's some password thoughts for you. Since I am a Database Administrator (DBA) I can tell you from personal experience that the MOST UNBELIEVABLY common passwords are:
password
12345
54321
password123
[Your name]
[curse words]
[keystrokes in the horizontal or vertical order of appearance on a standard keyboard]
Any DBA can tell you it's astonishing the bad passwords people pick. And disappointingly nasty. Some people are just crude.
An experienced computer person probably has a 40% chance of flat out guessing your password. Because they'll run through the unbelievably common passwords. If that person knows a few things about you (your spouse, your birthday, your kids names or pets) bump that to 60%. Heck, if they're just sitting at your desk, they'll probably pick up enough to make some darn good guesses.
But what if your password isn't unbelievably obvious? Check this out: How Long Will your Password last? A few examples: If you chose a password of numbers only: a 2 digit password will be cracked instantly.
Oh, you say, who picks a password that lame? You'd be surprised.
Let's say you pick a 9 digit numeric password. On a crappy desktop, your password will be cracked in 28 hours. If you're the government using a great computer, it's instantaneous.
Letters are a little better, right? A five letter password (in the same case -- all upper or all lower) will be cracked in 20 minutes on a crappy desktop machine. If you double the length to 10, then it's 447 years. Unless you're the government in which case it's 39.5 hours. At 20 characters, even the government will need 631 billion years. Excluding words in the dictionary, of course, since those will be cracked in the first round . . . So, is YOUR password that long AND not in the dictionary?
Check out that link, once you've checked out the footnotes so you understand the chart (easy!!!) I hope you will go change your banking password.
Possibly NSFW because of the curse words: Top 500 Worst passwords I rest my case. There's a lot of people who are picking passwords they'll remember (understandable) instead of a password that's not so lame it can be cracked instantly.
Of course, it's possible to just install some malware and get passwords sent to you.
Alas.
But true.
I won't keep going even though I could.
Labels: carolyn geeks out, computers
posted by Carolyn @ 1/15/2010 06:21:00 PM Permalink
Comments:
This is great stuff, esp. the bit about the passwords. I work in the banking industry and have to deal w/ password maintenance all the time. It's amazing how unsecured it can be.
My company makes us change our passwords every 90 days. We have to have letters and numbers. We can never reuse a password even if it was 5 years ago. And the max length? 8 characters.
Yep, they're putting us through memory hell for passwords that are insecure anyway. BTW, most people just put Post It notes on their monitors with the passwords. I've rhetorically asked if we're in more danger from someone outside hacking in through the firewall, or from someone walking into the building, choosing a computer, and just using the helpfully posted password there. :-)
BTW, the geek in me was all proud that I knew the stuff you were talking about as mistakes in the book you're reading and that I wouldn't have made them myself. :-) And the wipe program I have runs through 7 times. It takes forever.
Yep, they're putting us through memory hell for passwords that are insecure anyway. BTW, most people just put Post It notes on their monitors with the passwords. I've rhetorically asked if we're in more danger from someone outside hacking in through the firewall, or from someone walking into the building, choosing a computer, and just using the helpfully posted password there. :-)
BTW, the geek in me was all proud that I knew the stuff you were talking about as mistakes in the book you're reading and that I wouldn't have made them myself. :-) And the wipe program I have runs through 7 times. It takes forever.
Totally laughing at what Patti said. I know a ton of ppl who just write their pw on a post it note.
So, Carolyn, what if your husband *accidentally* destructive recovers your hard drive? Can you still find your stuff? BTW, so he can still breath oxygen, I now have my own computer he's not allowed to touch!
So, Carolyn, what if your husband *accidentally* destructive recovers your hard drive? Can you still find your stuff? BTW, so he can still breath oxygen, I now have my own computer he's not allowed to touch!
My favorite password hint (from my own personal computer guru) is to use a favorite song lyric or poetry quotation - as you say it to yourself, type the first letter of each word. Easy to remember, but hard to decrypt -- you can generate a lengthy alphabetical password this way. (If like mine your system requires letters and numbers, just pick one that includes to, too, or for and substitute the numeral for the initial.
I shared this with my mom, and she says she uses a post-it reminder note -- but it's the title of the song or poem she sticks up, not the actual line or the password. Much more secure than her old method!
This is especially useful if, like me, you have one of THOSE systems (I see Patti does) that won't let you re-use an old password. I know a lot of songs.
Research is one part of writing that I think I would do well, and for computers or photography I would definitely consult an expert.
I shared this with my mom, and she says she uses a post-it reminder note -- but it's the title of the song or poem she sticks up, not the actual line or the password. Much more secure than her old method!
This is especially useful if, like me, you have one of THOSE systems (I see Patti does) that won't let you re-use an old password. I know a lot of songs.
Research is one part of writing that I think I would do well, and for computers or photography I would definitely consult an expert.
The ironic thing about a strong password is how difficult they can be to remember. This leads to people writing them down, as Patti notes.
I have a pattern for passwords that I rotate in a certain pattern as well.
The Passphrase which is what SonomaLass describes in her comment is typically easier to recall and pretty hard to crack.
And, Angie, ouch. If the information on your drive was irreplaceable you could take it to one of the drive recovery places. It can be expensive, and there's no guarantee. I'd say you chances are not great.
I have a pattern for passwords that I rotate in a certain pattern as well.
The Passphrase which is what SonomaLass describes in her comment is typically easier to recall and pretty hard to crack.
And, Angie, ouch. If the information on your drive was irreplaceable you could take it to one of the drive recovery places. It can be expensive, and there's no guarantee. I'd say you chances are not great.
::Laughing:: Because for one of the programs I used at work my password is: password. lol.
The adminstrator set-up and I was supposed to re-set it, but, trust me, no wants to access this program unless they have to. :-P That'll probably change soon because we're forced to change all passwords at staggered intervals.
I tend to use a random phrase that means something to me (ie: finish wip) I also substitute numbers 2, 4, for 'too/to/for', but I really like the idea of using a line from song/poem and just writing down the title as a reminder. I write down all my passwords at work, it can't be helped. Off the top of my head I think there are at least 12 different programs I use on a daily/weekly basis that need a password. :-/
The adminstrator set-up and I was supposed to re-set it, but, trust me, no wants to access this program unless they have to. :-P That'll probably change soon because we're forced to change all passwords at staggered intervals.
I tend to use a random phrase that means something to me (ie: finish wip) I also substitute numbers 2, 4, for 'too/to/for', but I really like the idea of using a line from song/poem and just writing down the title as a reminder. I write down all my passwords at work, it can't be helped. Off the top of my head I think there are at least 12 different programs I use on a daily/weekly basis that need a password. :-/
Not that I'm bad enough I'm using one of those bad passwords, but creating a really strong password that might not matter isn't really worth the effort. If someone wants to hack my account, or a business they will. I'm not going to make it easy for them, but I'm not going to make it hard for me to remember my password either.
Post a Comment
