Tag: security

Improving My Information Security, Or “Noncoterminous Planch Dotal Steeple”

I’ve often thought that it is fairly ridiculous that, in order to be able to confirm my identity, some web sites require you to answer a set of three question. You know the kind: First car you drove? Name of your 2nd grade teacher’s wife? Middle name of the doctor who delivered your grandmother’s best friend? It seems to me that by providing this information, I am giving away personal information when I should be protecting it. I used to just have three words I’d use, one for each question, the same three for all sites, but that doesn’t seem particularly secure either.

So a while back, I wrote a little command line alias I call random-word. As might be expected, typing random-word on the command line give me a random word. For example:

As it turns out, “lambency” is a good word because I am not familiar with it1. I know a lot of words so if I don’t know this one, I imagine it is pretty hard to guess.

The source for random-word is the Unix dictionary, which is convenient because it makes the actual command behind the alias very simple. Plus, there are over 235,000 words, so I am not likely to run out.

Well, today, one of the services I used moved to a new site, and I had to verify my account there. Part of the process involved supplying a new password and answering three intimate questions about myself. I decided to put my new script to good use. For each of the 3 questions I was asked, I ran random-word and the first one that came up I used to answer the first question. I repeated this for each of the 3 questions. It makes for some amusing response. Here is a made up example (courtesy of “random-words”):

  1. The model of your first car? pell
  2. Your mother’s maiden name? oxamate
  3. The town in which you attended high school? bejuggled

Yes, that’s right. My mom’s maiden name was Oxamte. I went to high school in the little-known town of Bejuggled, and I drove there in my Pell.

I record the question and the random word in LastPass, where I also keep my passwords. In this way, I befuddle any would-be hacker of my account and/or personal information snooper in said service. This worked perfectly. It’s funny because it never really occurred to me to provide completely meaningless answers to these questions. But it makes a lot of sense.

I know a lot of people are not command line users like I am, but those of you on Macs or Linux who want a peak at my random-word command, here it is:

cat /usr/share/dict/words | shuf -n 1

In English, that says: display the content of the Unix dictionary, but filter it through a shuffle program and return the first random line that you find.

I turned this into an alias in my .zshrc file like this:

alias random-word='cat /usr/share/dict/words | shuf -n 1'

Now, all I need to do is type random-word to instantly get a random word (saphenous). It’s fun and it makes me feel less lame when filling out those “security” questions.

I feel like I could put this little script to even better use. I’m thinking of using it for my next post, which I plan to title: “Noncoterminous Planch Dotal Steeple”, which sounds a little like the title of a Ph.D dissertation in higher mathematics.

  1. I just looked it up: “playing lightly over a surface; flickering.”

Ethical dilemma

When I arrived at work this morning, the entrance to the mall via the metro was closed due to some construction. I had to use the main building entrance. At 5:30 AM, you have to “badge-in” to the building. In other words, you can’t get in without using your electronic badge. I did this and entered the lobby, where the security guard who checks badges sits.

He was sound asleep.

I’m not kidding. He had a little TV on and he was out cold. He never even saw me come into the lobby or get on the elevator. So the ethical dilemma: do I report this?

I went to my workout and thought about it. And when I returned to the office, I reluctantly did report it. My reasoning was that if I didn’t report it and the security of the building was violated by someone who might do harm, I would feel equally responsible as the guard who fell asleep at his post. I say “reluctantly” because I really didn’t want to get anyone in trouble. We have all been in situations where we weren’t paying attention to what we should be doing. And who knows what this guards circumstances might be that caused him to fall asleep; maybe he’s working multiple jobs? Still, I live an area that is very security conscious, work for a company that is very security conscious, and this is just a sign of the times, I suppose.

This is one of those cases, however, where although I did the right thing, I don’t feel good about it. I feel guilty.

Keeping up with the times

I was placing an order for some office supplies through work today. We’ve recently switched supply companies and I had to get a new account with which to place the order. As part of the process, you are prompted to put in a password, and then, as many places do today, you are prompted to select a “security question” in case you forget your password. This is something like, “What is your mother’s maiden name?” or “What was the name of the first school you attended?”

One of the questions was the following: What was the name of your first spouse?

What with the divorce rate as high as it is, I suppose it was only a matter of time before this question showed up on the list. I wonder how many people actually pick this one?

Freedom versus security

As most political scientists, or anyone with common sense for that matter, knows, freedom and security are opposing forces. The freer a nation, the less secure; the more secure, the less free. Finding the balance is not always easy.

A balance is important, but when that balance starts to tip the scales against what freedom is all about, I get more than a little concerned. Thus, the recent stories about the NSA’s program to create a giant database of call patterns by using data supplied by phone companies has me thinking about freedom and security. According to the reports that I have followed, the NSA has used the data that it collected to analyze phone call patterns to try and detect terrorist threats. The claim is that they were not actually monitoring any phone calls. Futhermore, the government, and in particular, the Bush administration claims that nothing illegal was done, and no one’s rights were violated.

All of this may very well be true, but it does get me thinking, and it forces me to ask: at what cost the price of freedom? The slippery slope upon which this issue is perched can lead to far greater threats against our freedom than the heuristical analysis of phone calls. And yet, it seems to be a paradox. They claim is that if we don’t protect our freedom with increased security we’ll lose it. On the other hand, in order to protect our freedom from increased threats against us, we lose some of that very freedom anyway.

There is no easy way out of this paradox, none, at least, that I can see. But the more we hear about the NSA and other agencies monitoring our behaviors, the less I like what I hear. There comes a point where you have to ask yourself, is it worth it? I suppose it depends on what you value more. Each person needs to make a choice, and that choice is often reflected in our elections. My own choice is freedom. If I have to sacrifice security in order to protect the freedoms I enjoy, then so be it. I realize that no everyone feels this way, but I believe, as Patrick Henry did, that:

Is life so dear, or peace so sweet, as to be purchased at the price of chains and slavery? Forbid it, Almighty God! I know not what course others may take; but as for me, give me liberty or give me death!