TECHNOLOGY TOOLS of Thetrade

TECHNOLOGY TOOLS of theTRADE

heavier 10-inch tablets, the loss when exposed to 1,550° rental service that provides a Nexus 7 weighs 340 grams for a period of 30 minutes device from $5.95 a day that (about 12 ounces), lighter (tested to ASTM E119 stan- will keep you connected across than the Kindle Fire and dards). The waterproof protec- 38 countries in the European about half the weight of tion prevents loss of data when Union while avoiding roaming the iPad’s 1.44 pounds (652 g). the unit is fully immersed up to fees. The connection will serve The size is 7.8" ✕ 4.7" ✕ 0.4". 10 feet for up to three days. up to five devices simultaneous- The Google Play App Store has Physical theft protection is ly, including your smartphone, more than 500,000 offerings, ensured with cable locks or floor laptop, and tablet. The coverage including productivity, games, mounting. The storage specifica- is provided via a leading 3G utilities, and entertainment tions for the single-disk drive network, and the device elimi- Android apps. The Nexus 7 is feature up to 2TB of storage, nates any need to change your Wi-Fi only, and there are no card with transfers via USB 2.0, up to sim-card or phone. The plan Google Nexus 7 slots to improve memory, which 480 MB/second. The multiplat- includes 1GB of data, and you Lightweight, with a very slim is available in 8GB or 16GB con- form compatibility includes Win- can upgrade to 2.4GB. The low- profile, the Nexus 7, Google’s figurations. Included are Blue- dows Server, Linux, Mac, and er fee of $5.95 applies to 15- first tablet, is seen by some as tooth, GPS, magnetometer and PC. The SoloPRO weighs 15 day agreements, while shorter serious competition for e-book gyroscope, microphones, and pounds and is 11" ✕ 5" ✕ arrangements can be more— tablets like the Kindle Fire and one 1.2MP front-facing camera. 7.1". The ioSafe Data Recovery five-day contracts are $9.99 a Nook Tablet. But with a Quad- https://play.google.com Service provides the original day. Pick up your hotspot device core Tegra 3 processor and 1GB purchaser one “data recovery at Heathrow Airport or Padding- of RAM, the computing power ioSafe SoloPRO event.” Any data recovered will ton Station in London, or have it and operating system, Android The ioSafe SoloPRO is an exter- be loaded on a replacement sent to your home or your first 4.1 (Jelly Bean), lift this pock- nal storage drive that protects product and shipped back to the destination. At the end of your etable tablet into the iPad or business data from both fire and original user. If the data recov- stay, mail the device back in the Samsung Galaxy class. The 7- flood. It will protect data from ery isn’t successful, the company pre-paid envelope provided. inch display is a bright, clear will pay up to $5,000/TB to Tep also rents local smart- 1,280 ✕ 800 HD touch screen have a third-party disk recovery phones that include unlimited that provides sharpness at 216 service extract the data. Terms Internet and e-mail, Facebook, pixels per inch. The screen is of the Data Recovery Service are Twitter, Google Maps, and scratch-resistant Corning glass. explained on the company site Skype access. The phone has A rubberized, slip-resistant back at www.iosafe.com. your own local number and offers protection on the other avoids all roaming charges. side of the tablet. Much more Tep Wireless Explanations of the various comfortable to hold and read London-based Tep Wireless has plans appear on the company for longer periods than the inaugurated a pocket Wi-Fi site at www.tepwireless.com.

58 STRATEGIC FINANCE I A ugust 2012

TECH FORUM

Password Aggravation By Michael Castelluccio, Editor

A recent post on Bruce Schneier’s security blog advised, “Children are warned that the name of their first pet should contain at least eight characters and a digit.” Very funny, right? Well, maybe not when you consider the recent password thefts at sites like Yahoo (lost TED Books links and documentation to 453,000), LinkedIn (6.4 million), Facebook (45,000), Launched in 1984, the TED provide a broader view.” The Nvidia, FormSpirit, eHarmony, and lastFM. Do you have Conference continues to offer books are much longer than any passwords inspired by a furry or feathered friend at “ideas worth spreading” in the TED Talks, taking about an home? It’s a misplaced loyalty, security experts seem to meetings around the world. hour to read, but they are agree. “Otto53” is a shrill bird call to hackers everywhere— The talks feature renowned much shorter than conven- and they are everywhere. speakers in the areas of tech- tional nonfiction books and The July hack of Yahoo inspired another of those nology, entertainment, and have the kind of narrow focus short-lived spasms of paranoia that sent thousands to design, and the speaker is lim- that has sustained the Talks. Google asking, “How do I create a strong password?” ited to no more than 18 min- The Apple app offers the 14 Most sources usually offer the same basic advice: don’t utes to get his or her idea current books as well as a share, don’t repeat, don’t use words easily found in a dic- across. The talks are available guide and an offer to subscribe tionary, use numbers, use substitutions (1 for L, @ for A, online at www.ted.com, and to all the books in the series. + for t), use symbols (# or * or &), change your pass- the most recent report from TED Books are available for words often, and don’t put them on a sticky note pasted The Guardian puts the number the Kindle, Nook, and iBook. to the side of your computer or under the keyboard. of viewers at 500 million The books sell for $2.99 and Google the word “passwords,” and you probably won’t worldwide. Now the organiza- include connected add-ons find anything you haven’t already heard. tion has turned to digital like video and links to addi- Perhaps we need a new way to approach this problem— books, offering a new app for tional information. a fresh look at how these keys can survive attacks. building a library of TED Books. www.ted.com/pages/tedbooks Wolfram Research, the creator of Mathematica, offers The books are defined on the 30 number-related apps, including a Password Generator website this way: “A TED Book for iPhones/iPads/iPods. Actually the complete name of is to a book as a TED Talk is to the app is Password Generator Reference App. The app a lecture: It’s shorter and more will generate unlimited random alphabetic, alphanu- personal, more direct and meric, pronounceable, or word-based passwords. It engaging. And the new TED explains the rules, lets you tweak how you apply each Books app lets our authors rule, and will even test the strength of your password. blend their words with multi- media extras that enhance SAFE PINS? your understanding. Look for Let’s start with something simple, the number key you rich images, audio, video and continued on next page social features, along with

A ugust 2012 I STRATEGIC FINANCE 59

TECHNOLOGY TECH FORUM

alphanumeric and look something like KqrURp14. This example is strong, taking a brute-force attack 9.87 years to hack, but it would be tough to remember. The Custom Passwords menu lets you select from alphabetic (TYJIVQrC—time to hack = 3.179 years), alphanumeric (y04MOEUr—time to hack = 114.5 years), numeric (02749670—time to hack = 500 seconds), ASCII (mJO<3N-.—time to hack = 357.1 years), pronounceable (froomgaubrea—time to hack = 15,130 years), and word- based passwords (Yeager9Elgar—time to hack = 77.89 million years). A careful look at this list of samples will likely elicit ques- tions about the relative strengths of the passwords. Why, for use to unlock your iPad if you’ve chosen to protect it with a instance, is the numeric password cracked in minutes while passcode. These are four digits long, and the choice is limit- the pronounceable sample so strong by comparison? The ed to 10 numbers—zero to nine. So how safe is a PIN like simple answer has to do with length. An eight character 7540? How hard would it be for a computer to guess the password is much weaker than a 12-character one. If you right combination, and how long would it take to do that? were to change a few letters from lower case to upper in the Wolfram explains that with four, there are 211 permuta- froomgaubrea example, the strength would increase even tions possible. The time it would take to guess all these more. combinations, what Wolfram calls the “time to hack,” is sur- So, what can we do with “Otto” to create a strong, easily prisingly short—0.024 seconds. That doesn’t sound possible remembered password? Well, we need to add some length until you remember that the hacker will be using a computer, and a number or symbol or two. To make it memorable, try not a paper pad and a keyboard to tap in each try. The aver- and remember something about Otto, like the time he age used by Wolfram to measure this kind of brute force chewed up the rug by the door. Something like Ottoate- attack is 100,000 passwords per second based on modern therug can work. We need numbers, so use the substitution CPU-based cracking methods. The researchers do offer the Otto8therug, and we also need upper and lower case variety additional caveat that it’s “possible to greatly increase the inside the phrase, so now it’s OttO8theHallRug, just to speed of password cracking attempts with massively paral- make it a little longer and tougher. Run the password leled CPU clusters.” The actual formula is: time to hack = through Wolfram’s Password Strength function, and we get time to enumerate divided by two. This assumes the probabil- a “fair” rating with an impressive 243.8 trillion years to ity that the computer will discover the right combination enumerate—that’s a time to hack of 121.9 trillion years. after testing half of the total enumerations. You remember that Otto’s picture and name appear on The 0 to 9 selection for a PIN is very limiting. If you were your Facebook page, so you mentally make a subtraction to to arrange not just numbers, but letters, symbols, and num- account for the possibility that a dedicated hacker would bers in a similar pattern of four (Z4@o), the time to enu- check and incorporate personal information like that in the merate all combinations jumps to almost 474.6 seconds. The attack. To compensate, you could add a period to the end of time to hack is then 237.3 seconds. Not exactly a security the phrase. Now it’s a sentence, and the numbers go off the blanket, but there’s a substantial difference between less than chart. OttO8theHallRug. gets a rating of “strong,” and the one second and almost four minutes. time to enumerate becomes 1.178 ✕ 1019 years—half of So what about a very strong password that doesn’t look that, whatever it is, is the new time to hack. like a spelled out curse above a cartoon character’s head? Live in a pet-free zone? Try using a memorable phrase Let’s begin with Wolfram’s suggested recipes. and mix in some numbers, symbols, and or upper-case letters. The 20 characters in the password WhenintheCourse- FASHIONING A CHROMIUM KEY Of1776 rates a “very strong” from the Wolfram strength test, The Wolfram Generator will issue endless streams of eight- with a predicted successful crack only after 2.234 ✕ 1023 character passwords at the push of a button. They’re years divided by two. SF

60 STRATEGIC FINANCE I A ugust 2012