LocatePC, Free Theft Recovery Software for your PC:

LocatePC is free software, and runs unobtrusively on your computer, with no icons, popups or saved emails. If your computer is stolen then the thief will not even know that LocatePC is running, and as soon as they connect to the internet a secret email is sent to you containing the details that you need to track your hardware.

Trackback link - http://www.dailycupoftech.com/2007/06/22/recover-lost-pc/trackback/

I ran into Mystery Science Theater 3000 when I was on a trip to Minneapolis. I couldn’t believe how funny this show was! Any, yes, I can write about this on a tech blog because two of the silhouettes are robots!

Trackback link - http://www.dailycupoftech.com/2007/06/22/better-grooming-mst3k-style/trackback/

If you are into technology like I am, you probably like the idea of owning your own domain name. You would rather people go to http://www.YourCoolDomainName.com rather than http://www.yourISP.com/~LameSubdirectory that was given to you by your Internet Provider. Not to mention that you would probably want to have your own e-mail address as well.

In the past, this would have been cost prohibitive for someone set this up because domain name registration had been very costly and web hosting was also expensive. If you just have a small website that doesn’t get a lot of hits and you would like to have a cool domain name and a cool e-mail address to go along with it, you could never justify the cost.

Until now!

I have figured out how to use a couple of services on the Internet to allow you to use your present web space and e-mail address and redirect a domain of your choice to these websites for as little as $1.21 per year. While not free, $1.21 per year is pretty reasonable.

Here is how this is done.
Read the rest of the story…

Trackback link - http://www.dailycupoftech.com/2007/06/22/setting-up-a-121year-domain/trackback/

I read something a long time ago and I think it still holds true today:

Treat your password like your underwear. Change it often and don’t leave it lying around.

I think we would all agree that it is important to regularly change your password. Jared has generously offered to let me repost his excellent post about password changes. Enjoy the read.

It’s password-changing time

Ever since getting hacked, I’ve become more diligent about security. One of the easiest ways to help protect yourself is to remember to change your passwords (both on websites and on your computers) every 45 or 90 days. Here at work, our IT department instituted a more secure password policy that requires domain users to change their passwords every 90 days. Since I log into the domain every day, I see the “You have 10 days until your password expires” message when the time to change is drawing near. I decided to use this as a reminder to change my passwords - and I’ll make it your reminder too!

If you’re anything like me, one of the issues with changing all of your passwords is that there is just so many! I was thinking to myself, “Self, how can I keep track of all of the places I need to change my passwords?.” Then it came to me - keep a tally! I set up an Excel spreadsheet (Excel example | pdf example) broken down into categories of the places I need to change my password at.

Of course, the first time through is going to be the hardest, especially since you probably can’t remember (read: I can’t, so you shouldn’t be able to either) every website with a password. Build up the list as you go, and next time it should be simple! Just remember to add a new line for each new password when you create it, that way your list stays as up-to-date as possible.

If you need a good online password generator, I like to use the Secure Password Generator. Set the settings to whatever your password requirements are (I don’t like the “no similar characters” setting) and generate away. I like to set it to 50 and read through them. It took me about 10 minutes until I found a password that I liked - lots of different characters but something I will be able to easily remember.

Let me know what you think and if this idea will help you out any - I know it will me!

Edit: As Josh was reviewing the first revision of this article, his first question was, “Have you heard of KeePass” to which I responded, “Yes, I have.” In fact, I use it (it can be installed on a usb drive), but my method doesn’t store passwords, just reminds you which ones to change. Still, it’s a great piece of software!

Trackback link - http://www.dailycupoftech.com/2007/06/21/change-your-password/trackback/

I recently received an e-mail from Marco at Clipperz. He wanted to introduce the service to all you DCoT readers. Here is his e-mail:

Dear Timothy Fehlman,
On your blog you often address security issues. Therefore I thought you could be interested in Clipperz, a newly launched online password manager.

Clipperz does solve the password management problem, but it mainly gives a practical demonstration of a new breed of web applications: the “zero-knowledge” web apps.

Applications where the provider is simply in charge of delivering the Ajax code to the user’s browser and then storing user’s data in an encrypted form on its servers.

Do we really need to trust web service providers with our data? Clipperz proves that this is not always necessary.

The “zero-knowledge” paradigm could be used for a wide range of applications: a personal finance manager, a private to-do list, patient records for physicians, a confidential word processor,…

I would be honored to know your opinion, no matter if privately or publicly on your popular and authoritative blog.

Best regardss,
Marco

======================
WHAT IS CLIPPERZ

Clipperz is an online password manager. Clipperz can be used to store and freely organize any kind of confidential textual information, such as passwords, confidential notes, burglar alarm codes, credit and debit card details, PINs, software keys, and so on. Clipperz is free and completely anonymous. Nothing to install. Nothing to backup.

FEATURES

- Direct logins
Users can save the details of their online accounts into Clipperz and quickly create a “direct login” link: just one click to authenticate and access the online service without typing any username and password. Highly addictive!

A video tutorial to discover “direct logins”

- Offline copy
Users can dump their encrypted data from Clipperz servers to a local hard disk or USB drive and create a read-only version of Clipperz to be used when no Internet connection is available.

- Special edition for Firefox sidebar
Clipperz Compact is a stripped down edition designed for the Firefox sidebar. It makes “direct logins” even more addictive!

- Sharing (coming soon)
A public key infrastructure is transparently embedded within Clipperz. Users can define “trusted contacts” and policies for sharing secrets with them. Trust mechanism from the real world could be moved within Clipperz without bothering with certificates and authorities. (based on elliptic curve cryptography)

ABOUT SECURITY
Clipperz lets you submit confidential information into your browser, but your data are locally encrypted by the browser itself before being uploaded.

The key for the encryption process is a passphrase known only to you. Clipperz simply hosts your sensitive data in encrypted form and could never actually access the data in its plain form.

Clipperz does not use homemade cryptographic algorithms but implements standard strong encryption schemes (AES256 for encryption, SHA-256 for hashing, Fortuna as PRNG, SRP authentication protocol, …).

Detailed information about the crypto foundations are available here:
http://www.clipperz.com/learn_more/crypto_foundations

Since Clipperz is a huge Javascript application, you can review the source code anytime you like. The whole source code is downloaded to your browser before you sign-in, so you can easily check if it is a genuine version.

More info about performing a security code review is available here:
http://www.clipperz.com/learn_more/reviewing_the_code

You can even include the Javascript code of our crypto primitives in your web applications since we packed them into the Clipperz Crypto Library, released under a BSD license.
Download it here: http://code.google.com/p/clipperz

For any further information visit:
- the Clipperz Forum: http://www.clipperz.com/forum
- the Clipperz Blog: http://www.clipperz.com/blog

So, here are the questions that I have for you, the DCoT faithful:

1. Would you trust your passwords to an online password manager?
2. Does the fact that the program is open source make you more or less concerned about its security?
3. Do you see this as a service that you would use yourself or recommend to others?
4. Do you feel that your passwords are at greater risk of being compromised because they are being stored online?
5. What do you think of this service in general?

I look forward to your feedback in the comments.

Trackback link - http://www.dailycupoftech.com/2007/06/20/online-password-manager/trackback/