Two news items that are off our main topic, but feed our obsession with online privacy:

1) Michelle Malkin blogs about how people are accidentally sharing more than their mp3s — using LimeWire, “within a few minutes, I had access to scores of tax returns that included names, addresses, social security numbers, and bank account numbers.” It seems people are either sharing their entire home or user directory, or saving their tax returns into a shared folder.

2) The Washington Post has an article today about how the Secret Service is breaking encryption on suspects files using a distributed network. Ordinarily, they would still have essentially no chance of decoding the contents, but:

Armed with the computing power provided by DNA (the distributed computing network) and a treasure trove of data about a suspect’s personal life and interests collected by field agents, Secret Service computer forensics experts often can discover encryption key passwords.

In each case in which DNA is used, the Secret Service has plenty of “plaintext” or unencrypted data resident on the suspect’s computer hard drive that can provide important clues to that person’s password. When that data is fed into DNA, the system can create lists of words and phrases specific to the individual who owned the computer, lists that are used to try to crack the suspect’s password. DNA can glean word lists from documents and e-mails on the suspect’s PC, and can scour the suspect’s Web browser cache and extract words from Web sites that the individual may have frequented.

“If we’ve got a suspect and we know from looking at his computer that he likes motorcycle Web sites, for example, we can pull words down off of those sites and create a unique dictionary of passwords of motorcycle terms,” the Secret Service’s Lewis said.

Hansen said AccessData has learned through feedback with its customers in law enforcement that between 40 and 50 percent of the time investigators can crack an encryption key by creating word lists from content at sites listed in the suspect’s Internet browser log or Web site bookmarks.

“Most of the time this happens the password is some quirky word related to the suspect’s area of interests or hobbies,” Hansen said.

While we hope no reader has to be concerned about the Secret Service trying to decrypt their files, this points out the need to go beyond pet’s names and kid’s birthdays when you create your online passwords.

This entry was posted on Monday, March 28th, 2005 at 10:59 pm by A Senior Administration Official and is filed under Brilliant, but uncategorizable, Weekend Edition / Features. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.