Hvordan bli et pengemuldyr

Her er et rykende ferskt eksempel på hvordan skurker forsøker å verve nordmenn til å fungere som "money mules", eller pengemuldyr som vi skriver her hjemme på berget. Et pengemuldyr er en person som bevisst eller ubevisst hjelper utenlandske svindlere med ulovlige pengeoverføringer. Dette gjøres ofte ved at "muldyret" mottar penger inn på sin bankkonto, og deretter tar pengene ut i kontanter snarest mulig. Så går muldyret til en annen bank, spesialiserte selskaper eller privatpersoner for den saks skyld, og der overfører pengene (minus en provisjon til seg selv) til en utenlandsk mottaker.

Kommentar: sikring av iPad

Hans Petter Nygård-Hansen har skrevet en veldig bra bloggpost med tittelen "11 tips for å jobbe sikkert på din iPad". Jeg vil så absolutt anbefale alle med iPad (eller iPhone for den saks skyld) å lese denne bloggposten. Det er vel verdt det, og den er ikke bare aktuell for de som bruker iPaden sin i jobbsammenheng.

Jeg vil bare gi noen små kommentarer og tips til de som ønsker å gjøre disse anbefalte tiltakene:

Password Change Frequency

(Picture of Cliff Stoll, linked from Berkeley website)

Professors are nice people. Seriously. They can be a challenge too, as I got to experience firsthand during my 3,5 hour lecture on password security at the NISNET winter school, 22-27 May 2011. Paranoid as I am, I even suspect two of them agreeing into a secret pact to have some fun on my behalf. ;-)

Note: I started writing this blog post in May 2011. Dropped some of my ideas, and have spent another 8 months to think, read and discuss the issues of password change frequencies. Now, at the time of publishing, I still haven't made up my mind. The "simple" question of How often should I change my passwords? isn't all that easy to answer.

Passwords^12

(Picture is (C) KluZz - aka my friend/colleague Jan Fredrik Leversund)

I have received many questions about the two first Passwords^XX conferences that I arranged in cooperation with professor Tor Helleseth at the university here in Bergen, Norway. The most frequent question after Passwords^11 in June 2011 is of course "when and where will the next conference be?". So here is some preliminary information from me, as well as a quest for sponsors for doing the conference somewhere in the US as well! :-)

Errata for Errata security

Sorry about the title, best I could come up with late at night.

The blog post Passwords: uniqueness, not complexity from Robert David Graham (@ErrataRob) at Errata Security isn't bad, but it is not all that good either. Based on the recent - should I say ongoing - breach of #stratfor, Robert recommends unique passwords instead of having complex passwords. I would ask "why not both?". Let me explain...

Short comments on #STRATFOR

Lots of articles popping up on the #stratfor leaks all over the web. Some good, some not that good. Just a few comments from me, until I eventually get the time to do a bigger blog post on the subject.