IT Lao Shit is an IT guru. He is so old that the First Computer remembers him. He saw the birth of the first computer virus and watched the growth of the internet. He knows all about data protection. He gives free advice and teaches young admins. He invented his way, the IT Dao, the way of virus-free computers, strong passwords and secured information. Here are some of his life stories.

***

Once a Purchase Manager asked Lao Shit:
- We have got an offer to buy a strong access control system. Is it worth the money they ask for it? Will it help us?
The IT guru asked in response:
- How many unauthorized access events have you noticed in the last three years?
- Not a single one, - answered the Purchase Manager.
- How many notebooks and pendrives have your staff lost in the same time?
- Two laptops, - answered PM, - and we cannot even count the number of flash drives they’ve lost…
- Why won’t you buy a system of encryption of information for laptops and flash disks instead? – asked Lao Shit

***

Once a Young Admin got a wish to make a gift to his teacher. He brought him a beautiful Windows wallpaper.
- Why do you think that my current wallpaper is worse than this one? – asked Lao Shit.
- I do not know it, there always are so many windows open on your screen! I have never had a chance.
- I’ve never seen it either, I work.

***

Once a CEO asked IT Lao Shit about insiders’ threats. Lao Shit said:
- There are hundreds of men in the outer world who wish to draw out confidential information from your network. And there are five other men there who are able to do so. But those hundreds will never meet these five.
After a second he continued:
- There are five men inside your network willing to get confidential information. And there are hundreds inside who can do so. And they have already met.

To be continued

A Vietnamese researcher demonstrated at Black Hat DC how he and his colleagues were able to easily spoof and bypass biometric systems that authenticate users by scanning their faces

they say 3D, I call the technology "3F" - fake falce, fraud

Sounds familiar? Yes, I am saying this again – biometrics is not a security solution, especially the face biometrics.
When in 2001 Tampa Airport (Tampa, Florida) was the first one to pilot the face recognition technology all the biometric scientists and developers burst in laugh. No one believed it could work. And it did not.
On January 2002 the failure was finally announced. I thought that nobody will employ face biometrics since then. However Lenovo, Asus and Toshiba decided to take a risk again and introduced face recognition software to their laptops. Nice try…

I have to admit that the idea could be brilliant. It is OK to use the face recognition if you have a camera on top of your monitor and the distance of it from your face is almost the same every time you log-on. It could be, but it is not. The face recognition technology has so many drawbacks that this “protection” can hardly be used even with home computers, not mentioning government agents, corporate executives and all those who carry any sensitive information on their laptops.
I have to say it again; - porting biometric input device to the system you are trying to secure is a bad idea. If you are developer or manufacturer you must not:

• Place a fingerprint sensor on a safe box, door lock, access control terminal, etc.
• Place a biometric input device on a laptop, should it be fingerprint, face or even iris recognition
• Place a biometric input device on a desktop computer
• Develop and manufacture biometric devices that will be placed on the desk near your computer

If you want your house to be safe you must not leave the keys near the door. Even if they say that the key is your finger, the truth is that the key in biometrics is a code, some string that is released when you are recognized. The weak link here is the word ‘recognized’. The more attempts can be done, the higher is the chance to open the stuff. By placing an input device on a secured facility, or by leaving it nearby, you offer intruders an unlimited number of attempts. They will open your door sooner or later.
But is there a solution that is safer? The answer is simple – separate the system and the biometric input and secure communication between them.
Do you want an example? No problem!

• MXI Stealth  – fingerprint recognition on the USB device + SSO + remote access + more… 
• Privaris – fingerprint recognition + active RFID + passive RFID + more nonsense. Expensive like hell… 

All these devices are portable. They are personal. Meaning that you carry your key with you, but you are not afraid to lose it, because they need a trigger – your finger.
Of course there are more devices like this. And only you can decide if you need them. But my personal advice is – even though your laptop is equipped with some biometric “protection” – disable it. Use an external biometric device. Use portable solutions… OK, that’s too much for one day… Next time I will tell you more about portability…

Dear all,
I am back. For a long time I was far away from this blog and from you. Now I have a new job, a new title, a new address and new news for you.
The first thing I would like to tell you after a few months of silence is a story about deleting personal information. Not long ago I was forced to delete several files from the hard disk of my old computer at work. Unfortunately, by mistake, I also deleted one important file. After a few minutes of web browsing I found a recovery tool, installed and started it. The next day I was amused by the amount of information it had recovered. Together with the necessary file it restored lots of my old files, someone’s movies, pictures and music, industrial secrets, drafts of agreements, orders and much more… Total of about 80 gigabytes were recovered from a 30 gig hard disk. Amazing!
Yes, any recovery tool can restore 200-300% of the entire disk density. Even though you do not place files to the Recycle Bin, but delete them, not “Delete” but “Shift+Delete”.

Codyssey's Freeraser

I described this situation to one of my friends, who is by chance a software engineer and a leader of a group of enthusiasts. He has always been fast-thinking and fast-doing, but this time he was even faster than ever. The next morning I got his e-mail with a link to a new free software tool that he had done. This tool destroys information of the file before deletion. This data shredder fills the space of the file you want to delete with random data 1, 3 or 35 times and only then deletes this file.
What I like most in this tool is its price - Zero, null, nada! It is free!
I recommend using it! Here is the link to their website