My job colleagues and I are very concerned about security. From time to time, we talk about SQL Injections, XSS, defacements, systems security, wireless security and so on. However, we sometimes forget about most basic security policies: locking your session if you leave your computer for a while.
Although it is not the most frequent method for intrusion, leaving your session unlocked could be one of the ways an attacker could use against you. Because of that, we make the following prank:
- Google for a picture of some actor or actress that everyone dislikes or is considered disgusting. For instance: David Hasselhoff.
- Right-click the full-size picture and set it as Desktop Background.
- Restore all windows to hide the brand new background. (If there wasn’t any windows, try locking his/her session).
However, this is funnier if your victim doesn’t see desktop instantly. That is the reason you should cover desktop with windows. (Try opening a web browser and visiting your favorite search engine).
I bet your fellow coworkers will be more cautious leaving their computers unlocked. If not, keep doing it: this prank is always funny.
Windows + L locks your session in Windows.
Ctrl + Alt + L locks your session in KDE.
Today my boss & me had to change some passwords from our main testing server. Since we got little time to decide and no way to write it down, we decided not to use an auto-generated password. Instead, we would build the passwords this way he taught me:
([Word1] combine [Word2]) [Number] [Non-alphanumeric characters]
Word1 and Word2 must be the same length and their length must be greater than 2 and non-alphanumeric characters are encouraged.
For instance, let me show what kind of password I could use for my next project (of course, this is not what I am using: don’t lose your time trying }:^).
- Rafael combine Vargas = RVaafrageals
- Number? Maybe a significant year for me: 1905.
- Non-alphanumeric characters? Let me use # (sharp).
Then we would get a strong password like this: “RVaafrageals1905#”. Don’t write it down in the PostIt (r) next to server!
Why should we use this kind of password?
Because, very often, the combination of two words this way results into a passwords invulnerable to dictionary attacks and those evil guys using Hydra will have to wait for long time.
I am to lazy to do this by hand/I would like to create a bunch of passwords this way. Do you plan to release a script that makes our lives easier?
If I have a little free time next week, I will make a Bash script or Haskell function for this. Of course. In the meantime, stay tuned at this post.
P.S: If you use to write down your passwords in a piece of paper, you can write the components before you mix them while someone near you doesn’t know the algorithm. But I do not encourage this.