So my buddy, we’ll call him Bob, runs Data Loss Prevention (DLP) for a big company. DLP is software that limits what you can do with sensitive information, in order to block it from going out of the company. The NSA wasn’t using DLP back when Ed Snowden was working for them; they probably are now.
Sometimes DLP blocks people from sending their own personal information. Doing so is their right–it’s their information–but from a security point of view, I’m really glad DLP kept them from e-mailing their entire life around in plaintext.
In case you missed it, a researcher has built a system that can crack every possible 8-character password in less than six hours. 8-character passwords are obsolete.
If he’s got it, so do the bad guys. Read more
Articles like Ars Technica’s Why passwords have never been weaker — and crackers have never been stronger are getting more and more common these days.
In a positive development, I don’t think the story had been live more than an hour or two before people started asking me questions. That’s good, because that tells me that people care.