Electronic Security

I was in Starbucks and something happened that hasn't happened in a long time here in Vancouver. The sun came out. Yes, for the first time since I got here, I wished I had sunglasses. The weather forecast actually has no rain in the near future which is nice because there was nothing but rain in the near past. I was listening to an episode of This American Life and needed to restart it when I saw the grease spots on the screen of my iTouch. There was a smudge on the On Slider thingy and a smudge on each of the numbers for my 4 digit unlock code. Hmm.... It's a good thing the number is different from my PIN for my ATM card. I suspect that many people use their PIN since it both are 4 digits. Well, if you know someone with an iPhone or iPod Touch, I suppose you could look at the screen sideways and figure out which digits are in their PIN. Scary.

It got me to thinking about security in Africa again. The internet is a very bizarre thing. Passwords float around in plain text all the time. All the time! It's incredible. With a sniffer like Ethereal, you can just run it, and voila! Passwords. There are also places that send you passwords in via email. They don't reset your password and have you create a new one. No, they just send it in email. Incredible. So I have to be really careful in Africa. I trust no computers where my passwords are not sent in https. Just http, and it's out there for all to see and who know who's looking at it in Africa?

When I looked at Google to figure out what to do with keyloggers, I found many bits of advice. Some people ask in forums what to do and others make suggestions that are untested (use a virtual keyboard that converts mouse clicks, etc. But suggestions are worthless. These are passwords and security we're talking about. Why would people make suggestions without tons of caveats? But they do. I wish that web browsers had a much better security model. Browser security sucks. It's an after thought. Every website has it's own custom made security and most of it is worthless in contexts such as entering password on computers that are likely to have keyloggers.

Of course, maybe the concept of browser support is flawed too. I think you can download the source code of Firefox, modify it, and then compile it. Well, if you can do that, you can modify it to open a text file, and record all text entered into the address bar, and any text or password box. Something needs to change.