Saturday, August 22, 2009

new DVD to protect data for a thousand years or more

Springville company introduces new DVD to protect data for a thousand years or more

Randy Wright - Daily Herald | Posted: Friday, July 17, 2009 1:40 pm

This is a story with an unhappy ending:

You've spent years compiling your family history, scanning old photographs, copying ancestral journals and writing biographies of your parents. Completing each project, you store the information on a CD or DVD disk. Mission accomplished. The data will be there for generations to come.

Or will it?

Fast-forward five years. Your elderly mother calls to ask if you've still got that 1939 picture of her in Yosemite National Park with your father. She's lost the original print. You offer gentle reassurance that you can make a new one.

Confidently, you sit down at your computer, insert the right DVD and listen while it spins up. You click on the desired file, remembering the image of young Dad with knickers and a walking stick, with Half Dome in the background.

The photo begins to display on the computer screen: There's the sky. There's some treetops. Then, suddenly, the screen fills with gibberish - nothing but horizontal, colored lines. No Dad.

The digital photo is corrupt, victim of a storage technology that any professional archivist could have told you not to trust more than three to five years, despite some manufacturer claims of safety for two or three hundred years. Perhaps you didn't know that libraries, universities and other institutions regularly make copies of their digital collections to prevent the loss of important information due to data corruption.

Disks go bad for many reasons, even if they're not used. Sadly, now, a priceless bit of family history is lost to future generations, and your mother has cut you out of her will.

Now for a happy ending. On Sept. 1, Millenniata, a start-up company based in Springville, will release a new archive disk technology to preserve data at room temperature for 1,000 years. It's like writing onto gold plates or chiseling information into stone.

Dubbed the Millennial Disc, it looks virtually identical to a regular DVD, but it's special. Layers of hard, "persistent" materials (the exact composition is a trade secret) are laid down on a plastic carrier, and digital information is literally carved in with an enhanced laser using the company's Millennial Writer, a sort of beefed-up DVD burner. Once cut, the disk can be read by an ordinary DVD reader on your computer.

A number of companies hold intellectual property rights in DVD technology. One of those, Philips, manages the combined patents. Millenniata disks and disk writers will be manufactured under a license now in final negotiation.

Big potential

Millenniata, whose name merges terms for "1,000 years" and "data," plans to market initially to institutions with large digital collections, such as the LDS Church, libraries and government entities requiring long-term archiving. But it expects to be competitive in the retail market as well.

Currently, no disk technology allows a consumer to write into durable, inorganic materials for long-term archiving. Commercial companies stamp out single movies and music albums by the millions using special dies that create physical marks in each disk's surface. Those disks are long-lasting as well - a couple of centuries, according to the National Institute of Standards and Technology - but you can't write your own data onto them.

Millenniata's concept brings custom archiving home. It envisions enhancements that will soon include Blu-ray format and eventually larger diameter disks and disk readers to dramatically increase data capacity for specialized applications. Current single-layer Blu-ray disks can hold about 25 gigabytes of data, more than five times the capacity of a standard DVD. Millenniata envisions archive disks of 200 GB or more.

Given the choice of today's risky optical disks - with their organic dyes and layers of oxidizing metals that are prone to failure in a few years - or a disk where information is essentially carved in stone, many people might prefer the latter.

"In the beginning I never thought it could replace all recordable disks," said company co-founder Barry Lunt, a BYU professor of information technology, who had the original idea for long-lasting data storage while on an Explorer Scout outing in Utah. But he now believes the immense consumer market will be within reach as the price of Millenniata's technology comes down, "as it certainly will."

A thousand-year disk from Millenniata is expected to cost initially between $25 and $30, compared to less than $1 for a standard DVD. But the safety of important personal or institutional data will likely be worth a premium to many. Volume should drive the price down quickly, Lunt said.

Flash of genius

In 1996, Lunt went camping with an Explorer post from Provo in Nine Mile Canyon east of Price. The canyon is home to an extensive gallery of ancient rock art from the early Fremont culture and later Utes. The Fremonts, who practiced agriculture, occupied the canyon from approximately 950-1250 A.D.

"I always had the impression that petroglyphs were painted on the rock," Lunt said. "But I got up to them and could see that was clearly not the case. They had chipped away a dark layer, exposing a lighter layer, and I thought, 'That's permanent storage - optical contrast, light vs. dark. You could store data that way.' "

That observation resurfaced about five years ago when Lunt was trying to figure out a way to store digital pictures, along with music from his vinyl record collection. The lights went on. If you could cut data into "persistent" materials, like carving a petroglyph, you'd have a very valuable, long-lasting commodity.

"I needed storage, and I'm sure a few million other people had the same need," Lunt said. Contacts at BYU's Harold B. Lee Library helped him see how large that need really was. With his background in materials, he began to search for the right substances, hooking up with Matthew Linford, associate professor of chemistry at BYU. Their collaboration bore fruit and Linford joined Lunt as a co-founder of Millenniata.

Business possibilities really began to accelerate when Ph.D. physicist Doug Hansen became intrigued and offered to leave his job at Orem's Moxtek (a company specializing in optics and X-ray technology) to help move things forward as chief technical officer. Moxtek's Henry O'Connell came on board as president and CEO to formalize the business operation.

Another local connection is former congressman Chris Cannon, who is a member of Millenniata's board. During his years in Congress, Cannon was widely regarded as a technology leader, and he is excited both by the prospect of the new archiving technology and the fact that it came out of Utah County.

At a trade show of government archivists in Seattle last week, Cannon found that all five groups representing new technology came from Utah. "Utahns absolutely dominate the records business in America," he said. "It was amazing."

Cannon hopes his experience in Washington will be useful in helping Millenniata connect with government agencies whose data archiving needs are rigorous.

Long data life

While the exact construction and components of Millenniata's thousand-year disk is a secret, Lunt rattles off a short list of materials whose properties include sufficient longevity for 1,000 years of records storage. Mormons are familiar with one of those - gold - through the story of the Book of Mormon, which is said to have been inscribed on gold plates.

"There's a class of materials that are persistent," Lunt said. "Gold, rock, ceramics. They last forever. And we have lasers that can modify them."

Lunt and Linford found that an inorganic material similar to obsidian, a glass-like igneous rock, could be permanently bound to a reflective metal, as O'Connell explained last year to Silicon Slopes, an online tech review. This hard surface could then be etched away to record binary data. Inside the company, they dub the material "krypto-carbonite," playfully blending Superman with Star Wars.

BYU's Technology Transfer Office moved forward on initial patents and encouraged a commercial spinoff from the university.

How does Millenniata know the disks will last for a thousand years? The assertion is grounded in the nature of the basic materials.

"There are many examples of records that have lasted for thousands of years: cuneiform tablets, hieroglyphics in Egypt, the Rosetta Stone, gold plates," Lunt said, adding that such records universally are engraved. "That's exactly what we're doing on a small scale."

Further testing is being done to scientifically establish the longevity of the new disks more precisely. "We're testing in elevated temperature and high humidity; we soak them in salt water and conduct lots of other tests to stress the disk to establish its durability," said CTO Hansen.

He concedes that while the company believes 1,000 years is achievable, the target cannot yet be conclusively established by experiment, but it's coming.

Hansen noted that 1,000 years is actually a limitation imposed primarily by one component - the clear plastic disk, or substrate, on which the data material rides. "That plastic may limit us to a few centuries or a thousand years for now," he said.

Ironically, the same plastic carrier is the most permanent component of today's consumer CDs and DVDs, which isn't saying much. The data-carrying material on a regular DVD is fragile and subject to easy damage, as anybody knows who plays a movie at home from a scratched disk with its skipping and stalling behavior.

"In conventional technology the plastic is the most durable component; but it's our least," Hansen said. "We've had to do that because we had to get a product out the door and get the business going."

Improvements are even now being envisioned, such as replacing the plastic with glass for professional archivists, which could extend the data life to many thousands of years.

Other companies are attempting to push the limits as well. But claims of 100- to 300-year life in a DVD disk that was recently introduced under the Kodak name by KMP Media LLC are questionable, in Millenniata's view. The claim is based on the use of a 24-karat gold reflective layer in the disk, which replaces less expensive silver or aluminum.

Both of those common metals are subject to corrosion, and gold doesn't corrode, so that's an improvement. However, the gold DVD continues to rely on organic material for its critical data layer. By contrast, Millenniata's technology cuts data into an inorganic data layer, which requires no special storage conditions.

Millenniata's company logo is strikingly appropriate. It's borrowed from an ancient rock art symbol found in petroglyphs across the Southwest: a simple spiral. The spiral is also known in the history of science, tracing its origins to ancient Greece. In that context it's known as an Archimedes spiral, after the 3rd century mathematician.

But here's the twist: the data track on a modern DVD is also a spiral, working from the center outward. "The spiral is exactly how you make an optical disk," Lunt said.

Storage vs. archive

Perfect safety for important data is the holy grail of archiving, according to one of Millenniata's key players, Finis Conner, who sits on the board. Conner knows what he's talking about. He was co-founder in 1979 of Seagate Technology, the giant maker of computer hard drives, and later of Conner Peripherals. No longer with either company, Conner is now looking for the next step. He views reliable, permanent archiving as an important piece of the overall data storage puzzle.

"Cost is not the issue," Conner said at a recent luncheon in Provo. "It's the need for absolute security."

He distinguishes between short-term "storage" and long-term "archive" applications, which require different approaches. Continually revolving storage (meaning files saved, then deleted, then overwritten by other files) is provided by a computer's built-in magnetic hard drive. By contrast, archiving means removable media, which is where Millenniata comes in.

An ideal archive would be permanent - whether for the Library of Congress, a Hollywood movie maker or a writer of personal and family histories. The goal is to protect anything of high value to the owner.

The pool of such information is growing exponentially in a world increasingly dominated by computers. After just two decades, the amount of digital data being archived is already vast. For example, the U.S. government's National Archives and Records Administration saves a staggering 10,000 terabytes - or 10 million gigabytes - to its archives every year, according to a published report. A terabyte is a unit of computer memory or data storage equal to 1,024 gigabytes.

"Archive presents a different class of requirements from storage," Conner said. "It's information that can never be subject to failure because of electrical or mechanical factors. ... I was fortunate enough to be exposed to the Millenniata technology, and the more I see, the more I like. It clearly is, for me, a technology that is greatly needed."

Lost data

Conner would get no argument from BYU's Lee Library, whose digital collections have now reached "dozens of terabytes," according to Chris Erickson, digital preservation officer.

"I have tens of thousands of CDs and DVDs that I manage and test every year, or every other year," Erickson said. "Those go back 10 or maybe 12 years, and most of those are really good. But we have some collections where we have been losing 1 to 2 percent per year; we have some collections where we have lost 30 percent."

BYU's poster child for data loss is the school's collection of some 20,000 images from the ancient Greek seaside resort of Herculaneum, which was buried with Pompeii when Mount Vesuvius erupted in 79 A.D. The heat of that eruption killed the inhabitants and sucked the moisture out of anything organic.

Modern archaeologists discovered black sticks in one villa that were initially thought to be charcoal or firewood. Those sticks turned out to be carbonized scrolls of papyrus, part of a library treasure trove that includes important writings from a number of Greek philosophers.

Many of the fragile papyri have been picked apart and reassembled at the National Museum of Italy in Naples, but they could not be read until a team from BYU found a new application for NASA's multi-spectral imaging technology. Beginning in 1999, the team took infrared photographs of the papyri that made the written words stand out. Those digital images were then stored on various media, including CDs, a number of which have since failed.

"We've lost 30 to 40 disks from one date range," said Erickson. "That's very concerning to me because I don't want to lose any of that data. The difficulty is that you don't know which portion of a collection will fail."

It may not be possible to re-photograph the scrolls, he said, because "they deteriorate. Things that were legible then may not be legible now. We've seen that with the Dead Sea Scrolls."

Luckily, multiple copies have been made of the Herculaneum images, so BYU has been able to resurrect the missing pieces. But restoration of data from copies of a collection remains a workaround. There has been no real solution to date to the periodic disk failure problem that plagues archivists worldwide. Until a more permanent storage solution is adopted, copying will be standard operating procedure for digital collections.

"You have to have multiple copies, on multiple media, in multiple places," Erickson said. "So we have some things that are on a server, and on CDs and DVDs, and we also may have them on external disk drives that are not all in one place, and in the granite vaults in Salt Lake City." Copies of the Herculaneum images exist in Italy as well.

(See a National Geographic video about the Herculaneum scrolls project online at scrolls.notlong.com)

Millenniata is currently in talks with BYU, the LDS Church, government agencies and others with a view toward alleviating the dangers of data loss. The technology looks promising, Erickson said. "Their disk, if it works the way they say it works, makes data loss less of a concern in the short run."

Thousand-year disks will save money while protecting valuable collections of information.

"Let's say it lasted only 50 years," Erickson said. "That means I don't have to check the disks every year. I don't have the same concern that the thing is going to deteriorate before I can get back and look at it again. We could check it once every 50 years, or even 20, and not worry about losing important data."

Extend the interval to a thousand years of secure data and the benefits are clear.

Millenniata's technology "appears to provide a stable medium for a longer period than anything we currently have," Erickson said. "The longest thing we have now is digital tape, which people say will last between 25 and 50 years, but there are difficulties with all of it - tape, CDs, DVDs. I've found CDs and DVDs that have gone bad in less than a year."

Archiving of digital tape ordinarily requires climate control, compared to the Millenniata disk, which the company says can be kept on a shelf in a shoebox.

Conner, the disk-drive entrepreneur, agrees that failure must be assumed with relatively short-term media like a computer's magnetic hard drive. The drive provides temporary storage because it has a finite life, typically measured in hours-to-failure. With a laptop, the limited life of the internal disk is part of the price you pay for portability.

By contrast the main concern in archiving is permanence, Conner said. The risk of losing data is "hugely consequential" - so great that "copying and copying and copying must be done to skirt failure."

As the sheer size of digital collections continues to mount worldwide, the difficulty of periodic copying gets greater. The beauty of chiseling data into a Millenniata disk therefore consists both in security and worry relief.

Forward spin

High-tech materials for data storage are not the only things that are persistent. Another is a question: What happens when the DVD format is supplanted by some new format?

Virtually nobody expects that DVD will be the archiving format of choice a thousand years from now. You can see advancements coming even today; holograms, for example, are on the horizon as a means to store data, Conner said.

Will Millenniata's disks be readable in the future, or will they go the way of the floppy disk and 8-track tape? The data still exist in those media, but just try to find a device that can access it. Can Millenniata migrate forward?

The short answer is yes.

"Optical disks are the most widely adopted storage medium in the history of the world - more widely adopted than vinyl LPs, than cassette tapes, or anything in history," Lunt said. "That means there are billions of readers out there, and hundreds of billions of disks. So it's likely that the ability to read those will persist."

Put another way, say there are 40 billion disks in the world containing optical data - and this is not just any data, mind you, but by definition essential data whose loss would be catastrophic - it follows that the incentive to access it would be both immense and ongoing. Back-compatibility with earlier formats would seem assured. Back-compatibility has become standard with software upgrades, for example.

Moreover, the process of recording onto persistent media can also migrate incrementally. With a thousand-year horizon, the sudden plunge of archivists and their vast collections over an unseen cliff of data loss seems an unlikely scenario. After all, it's still possible to play one of Thomas Edison's original audio recording cylinders; and Elvis Presley's music has long since migrated forward to digital media. There's virtually no chance of losing it.

With data captured in a medium that for all practical purposes lasts forever - like the Rosetta Stone - archivists and ordinary consumers will be presented with a pleasant choice they don't have today, Millenniata says. Instead of endless copying of huge digital archives to prevent data loss because of deteriorating disks, people will be copying to upgrade to the latest new formats. That's a whole different ball game that suggests positive forward progress rather than a static, defensive posture of data protection.

And with a thousand-year window, there's no big rush.

"The interesting thing is to let people know this is possible," said Conner - especially people like archivists who are looking for an answer to the backbreaking task of copying.

"I look at this as the very pinnacle of what has to happen - the top of the storage pyramid," Conner said. "This is the ultimate."

Friday, August 14, 2009

Codec Package to play all audio and video files in Windows Media Player



Windows Media Player can play only limited types of media files like WMA, MP3, WMV, ASF, MPEG, etc. For playing other types of media files like FLV, MOV, 3GP, MP4, etc.; you will have to change your player or find a suitable codec package for Windows Media Player to play these files.

With the right codec, you will be able to play all major media files right from your Windows Media Player on your Windows XP, Vista and Windows 7 system. You will no longer need to keep your player changing with the change in file format of media files.

Codec for Windows XP and Windows Vista

The latest release contains a Settings Application which enables the user to choose a different splitters ‘on the fly’ for specific file types. It also lets you choose from 10 different speaker configurations from ’same as input’ and all the way up to full 7.1 channel output.
Download Windows XP and Windows Vista Codec for Windows Media Player by visiting here.http://shark007.net/vistacodecpackage.html
Codec for Windows 7

The Win7codecs package does not change or interfere with what Microsoft has going on concerning native codec support in Windows Media Player 12 and Media Center.
DXVA accelerated H264 playback is provided by the codec package for all other capable players.

Download Windows 7 Codec for Windows Media Player by visiting here. http://shark007.net/win7codecs.html

KeyScrambler

In case you do not know, any data that you type at web browser (including your bank account info, credit card number, passwords, etc.) may be monitored by cyber criminals called keyloggers. These keyloggers observe and record your moves with your keystrokes. We used to have antivirus and antispyware programs that were said to deal with such sort of cyber crimes but to be true, they are not very effective in dealing with such attacks. The only tool that can save you in such attacks is an anti-keylogging program.

There are many anti-keylogging programs available but I would recommend KeyScrambler for two reasons. Firstly, it is very effective. And secondly, it is absolutely free. KeyScrambler is web browser add-on that protects anything you have typed on web browser by encrypting your keystrokes at the keyboard driver level in Kernel. KeyScrambler then decrypts the keystrokes at the web-browser interface to let you see the content that you typed.
KeyScrambler doesn’t require frequent updates as in the case of antivirus programs. You can use a version of KeyScrambler for a long time to defeat old and new, known and unknown keyloggers. The software has yet another notable feature. It lets you see live encryption of your keystrokes as you type. This lets you have a better picture of what has been encrypted by KeyScrambler.

The latest version of the software is KeyScrambler 2.4.1.1 and is compatible with IE (version 6 or 7), Firefox (version 1.5 and above) and Flock (version 1.0 and above) web- browsers. The pre-requisite to install KeyScrambler is that your computer must have Windows 2000/2003/XP/Vista (32-bit and 64-bit) and Internet connection.

Interested users can download KeyScrambler 2.4.1.1 by clicking http://qfxsoftware.com/

Add Classic UI to Microsoft Office 2007


A unique menu ribbon has been introduced in the new Microsoft Office 2007.Those that have started using Microsoft Office 2007 recently may find this new menu a little confusing. The fact is that we have got used to the classic menu style as it used to be in older versions of Microsoft Office and we are more comfortable with that menu style. For those that would like a classic UI for Microsoft Office 2007, can use the add-on named RibbonCustomizer.
RibbonCustomizer adds a new tab called ‘Classic UI’ to your Microsoft Office 2007. This Classic UI tab consists of all the old buttons that used to be present on the menu of older versions of Microsoft Office.

Here is how you can install RibbonCustomizer add-on to work with Microsoft Office 2007:

1. Download RibbonCustomizer installer file by clicking here.
2. Run any application of Microsoft Office 2007 package.
3. Go to View Tab, click the drop down arrow on ‘Customize Ribbon’ and then go to ‘Customize Schemes’.
4. Set the Classic UI to either be the first or the last tab in the menu.
5. Now just click on the ‘Classic UI’ tab and you will notice classic menu appear.
http://pschmid.net/office2007/ribboncustomizer/starter.php

Over 38 Million Tutorials Available for Download

FreeTutorialFor.me is a resource pool for people having DIY attitude. It is an online database of more than 38 million tutorials on different topics.
FreeTutorialFor.me has a search engine interface powered by Google which makes it really easy to find a tutorial. Just go to FreeTutorialFor.me website, enter the search term and click ‘Search’. You will be then produced with page/pages containing all related tutorials.

You can view these tutorials online by clicking the ‘View’ button next to the tutorial link or you can download them to you hard disk for viewing offline by clicking on the link.

So go ahead and satiate your DIY spirit at FreeTutorialFor.me

The Easiest way to Unlock Password Protected PDF Files

You might have heard of many softwares and apps (like PDF Unlocker) that guarantee to crack open password protected PDF files. In case those apps don’t work for you or you want a simpler way to open protected PDF files, here is a simple trick.

In this trick I will show how you can open a password protected PDF file without using any extra software and by using just your Gmail account.

Here is how you should proceed to open a password protected PDF file:

* Login to your Gmail account
* Click on “Compose Mail”
* Add the password protected PDF file to the email as an attachment.
* Give your own email in the sender address
* Send email

You will now receive the email with the attachment. You can open this attachment as a HTML file without entering password. In case you are not familiar with opening a document in html mode using Gmail, you can read it here. http://mail.google.com/support/bin/answer.py?answer=30719&hl=en

PPT2YouTube makes it easy to convert a PowerPoint Presentation to a Video

In case you need to convert your PowerPoint presentations to videos, PPT2YouTube is a good and cost free choice. PPT2YouTube is a free application software that lets you easily convert a PowerPoint Presentation (PPT) to a video file which can be uploaded to YouTube.

You can import your PowerPoint presentation to this application and PPT2YouTube tool will automatically convert PowerPoint to MP4 with animations, transitions, sounds and video clips retained.The interface of the application is very user-friendly. All you need to do is add the PowerPoint presentation to the application, specify the output destination and output file quality. Then start the conversion process and you will be done.

PS – For best results, it is suggested to choose ‘MP4 (Divx, Xvid) format with 640X480 resolution and 30 frames per second’ for your output video file.
http://www.acoolsoft.com/free-powerpoint-to-youtube-overview.html

Listen to the latest music tracks from different cities around the Globe

Here is an awesome service for music lovers around the world. Named as CitySounds.fm, it lets you listen to the latest music tracks from cities across the globe.

CitySounds.fm uses SoundCloud to collect latest music tracks submitted by users of different cities. Just head to CitySounds.fm website and you will be shown a flash interface where you will see hundreds of tracks from 32 cities across the world.
To listen to the music tracks from a city, just click on the city name. The city block will thence expand and you will see top 8 tracks from that city. Clicking on a track name will start playing it.
In case you would to download track that you liked here, just click on the yellow colored double arrow head present beside the track name. Clicking the yellow colored double arrow head will take you to the SoundCloud page where the track is originally saved. You can then download the track from there.

Just head to CitySounds.fm and hang on for some minutes to enjoy the music from cities around the globe.

Embedit.in lets you embed almost any sort of files in your websites

Previously, we have seen a number of web apps that lets you embed files in your websites. To be true, most of these service supported embedding of only certain file formats. This means that if you have to embed a file format which is not on their ‘supported file format list’, you got to be dumb.

Embedit.in is a new yet fantastic file sharing web application that lets you embed almost any file into your website. It supports a number of file formats such as .css, .js, .csv, .txt, .sql, .doc, .docx, .ppt, jpg, .gif, .png, .psd, .html, pptx, .xls, .xlsx and more.

Using Embedit.in is very easy. Just head over Embedit.in website and browse for the file you wish to embed. Alternatively, you can also enter URL of the file you wish to embed. Once an upload file is selected, you will be given to choose one of the six third party accounts (Google, Yahoo, Twitter, Wordpress, AOL, Open ID). Here, you need to specify the website where you will be embedding the file and you will be given an embed code. You can also customize the embed widget by customizing its height, width, color, etc.

embedit.in Embedit.in lets you embed almost any sort of files in your websites

Besides allowing you to share file, Embedit.in also provides detailed analysis of how many people viewed, downloaded or printed your document.

PrettySlide: Turn your FaceBook Photo Albums into a Photo Slideshow

The most convenient way to view photo album is by using ‘Next’ and ‘Previous’ buttons for changing photo. This is where a photo slideshow comes in very handy. Now if you wish to apply the same convenience to your FaceBook photo albums, you can use PrettySlide.

Named as PrettySlide, it is a web based FaceBook app that lets you turn any of your FaceBook photo albums into a neat and customizable slideshow. There is no need of registration. Just head over to PrettySlide website and login to your FaceBook account using FaceBook connect. Now choose a FaceBook album which you wish to create a slideshow of. Choose one of the five different slideshow themes available and there you go.
You will now be given a permanent URL for the slideshow you created. You can share this URL to let others view your FaceBook photo album in a slideshow. The style of the slideshow can be changed even after creation. Besides, PrettySlide also lets you create photo slideshow from only certain photos rather than a whole album.

Wednesday, August 12, 2009

“Vanish” Uses BitTorrent to Make Data Disappear





Encrypts messages with a secret key and then distributes pieces of it across random nodes so that as peers leave the swarm it gradually degrades over time, allowing users to regain control over data stored on the web like Facebook PMs, e-mails to others, and even simple posts.

Researchers at the University of Washington have a created a way to automate encryption key expiration, which means data can become inaccessible over a given period of time.

It’s called Vanish and it creates a secret key to encrypt a user’s data, breaks the key into many pieces and then sprinkles the pieces across random nodes in the Distributed Hash Table (DHT) provided by the popular Vuze BitTorrent client. As machines constantly join and leave the swarm, the pieces of the key gradually disappear. By default it supports data timeouts of 8-9 hrs, though they say longer timeouts are possible.

“Data persists for much longer than users expect or want,” they note in emphasizing importance of Vanish. “This is especially true as more and more data gets stored on the web and in the cloud, archived by third parties, or just stored on random backup tapes.”

The researchers say Vanish is important in today’s Web-centered world because a “users’ sensitive data can persist “in the cloud” indefinitely (sometimes even after the user’s account termination.” By using Vanish you can regain control over the lifetime of things like Facebook PMs, Google Docs, e-mails, etc..

It can also complicate efforts by authorities or other parties to subpoena sensitive data.

“Computing and communicating through the Web makes it virtually impossible to leave the past behind,” they add. “College Facebook posts or pictures can resurface during a job interview; a lost or stolen laptop can expose personal photos or messages; or a legal investigation can subpoena the entire contents of a home or work computer, uncovering incriminating or just embarrassing details from the past.”

The overarching benefit of using Vanish is that it lessens the risks of sensitive data being exposed. A PM or e-mail from years past doesn’t have to resurface to the embarrassment of yourself or others.

Overall it’s pretty useful to have. The only downside is that the people you communicate with have to also have Vanish installed so that they can decrypt your messages.

It’s available as a Firefox plugin.

Watch the screencast for more info…..

Thursday, August 6, 2009

Gmail flaw shows value of strong passwords

By Becky Waring

The disclosure of a back door allowing bad guys to repeatedly guess Gmail passwords should remind us all to protect our accounts with long and strong character strings.

There's a straightforward way to protect your online accounts — use signin phrases that are easy for you to remember but hard for others to guess.

The latest vulnerability affecting Gmail accounts was recently revealed by security researcher Vicente Aguilera Díaz in a posting on the Full Disclosure security list. (Aguilera previously revealed a Gmail flaw known as session-riding, which Google subsequently fixed, as reported by WS contributing editor Scott Spanbauer on April 23 and May 7.)

According to Aguilera's new security alert, Google allows anyone with a Gmail account to guess another Gmail user's password 100 times every two hours, or 1,200 times per day. No "captcha" keeps hacker bots from guessing passwords in this way. Worst of all: If a hacker controls, say, 100 Gmail accounts, 120,000 guesses can be made per day. Because Gmail accounts are free, many hackers control far more than 100 accounts, of course.

To its credit, Gmail requires fairly long passwords of 8 characters or more. However, as Aguilera points out, Gmail allows users to create extremely weak passwords such as aaaaaaaa.

A quick survey of my friends and relatives revealed that not one of them uses strong passwords. Most people have no idea how to create them. Yet everyone I asked expressed guilt at using easy-to-crack passwords: pet names, birthdays, and common dictionary words.

Most people's passwords could be guessed in far fewer than 10,000 attempts. And, despite using weak passwords, the people I interviewed say they rarely change their signin strings. (One-third of the people surveyed use the same password for every Web site they sign in to, and the infamous Conficker worm needed to try only 200 common passwords to break into many systems, according to an analysis by the Sophos security firm.)

Here's the topper: many respondents to my informal survey admitted to keeping an unencrypted file on their systems that lists every password they use!

You may not think the password to your webmail account is valuable. But anyone with access to your account can use it to send spam and ruin your online reputation. More seriously, you may have entered the same password at an online banking site, such as PayPal, or a site where your credit-card number is stored for easy ordering, such as Amazon.

Use tough passwords but make them easy to recall

You can see whether your current passwords — you do use more than one, right? — are rated "strong" by using Microsoft's online Password Checker. I bet you'll be unpleasantly surprised by the results.

Microsoft's Password Checker
Figure 1. Test the strength of your passwords by entering them in Microsoft's Password Checker.

The three keys to strong passwords are length, randomness, and use of different types of characters. Each additional character multiplies the potential combinations a brute-force attack must try.

Random passwords use upper- and lower-case letters, numbers, and symbols. When at least three of these four categories are used, an eight-character password should suffice in most instances. According to the FrontLine security site, such a password would take a century or more to crack by a hacker using a single PC. The eight-character standard is also the minimum the Microsoft Password Checker deems "strong." Of course, the more characters in your password, the safer you'll be.

If you wish to create your own password, use a sentence or phrase you can recall easily and then tweak it for each account.

For example, start with the phrase "all good things come to those who wait." Then take the second letter of each word — or the only letter in the case of single-character words — to yield lohoohha. Then use upper case for every other consonant and substitute numerals or punctuation for certain vowels: loHooHh@.

(Never use any password-creation system you've read in a book or on the Web, including the example in the preceding paragraph. The password crackers read these articles, too.)

You can be as creative as you want with your rules. The goal is to produce a random-seeming combination of letters, numbers, and special characters — one generated by a set of rules you can remember and recreate.

Next, add a few characters denoting the site or the account for which the password is required. For example, you could add the first three letters of the site URL to the beginning, middle, or end of your base password, but five letters later in the alphabet, so "ama" for Amazon.com becomes frf.

By this time, you'll likely have a password that's at least 8 to 16 characters long and fairly random-looking — strong by any measure. When you need to change a password, keep the same rules and change just the base phrase.

Dos and don'ts to keep your passwords safe

Now that you know how to create strong passwords, follow these ten tips for using and protecting them.

* DO use a password manager such as those reviewed by Scott Dunn in his Sept. 18, 2008, Insider Tips column. Although Scott focused on free programs, I really like CallPod's Keeper, a $15 utility that comes in Windows, Mac, and iPhone versions and allows you to keep all your passwords in sync. Find more information about the program and a download link for the 15-day free-trial version on the vendor's site.

Callpod Keeper password manager
Figure 2. Callpod's Keeper password-management utility lets you sync passwords between Windows and Mac PCs and iPhones.

* DO change passwords frequently. I change mine every six months or whenever I sign in to a site I haven't visited in long time. Don't reuse old passwords. Password managers can assign expiration dates to your passwords and remind you when the passwords are about to expire.

* DO keep your passwords secret. Putting them into a file on your computer, e-mailing them to others, or writing them on a piece of paper in your desk is tantamount to giving them away. If you must allow someone else access to an account, create a temporary password just for them and then change it back immediately afterward.

No matter how much you may trust your friends or colleagues, you can't trust their computers. If they need ongoing access, consider creating a separate account with limited privileges for them to use.

* DON'T use passwords comprised of dictionary words, birthdays, family and pet names, addresses, or any other personal information. Don't use repeat characters such as 111 or sequences like abc, qwerty, or 123 in any part of your password.

* DON'T use the same password for different sites. Otherwise, someone who culls your Facebook or Twitter password in a phishing exploit could, for example, access your bank account.

* DON'T allow your computer to automatically sign in on boot-up and thus use any automatic e-mail, chat, or browser signins. Avoid using the same Windows signin password on two different computers.

* DON'T use the "remember me" or automatic signin option available on many Web sites. Keep signins under the control of your password manager instead.

* DON'T enter passwords on a computer you don't control — such as a friend's computer — because you don't know what spyware or keyloggers might be on that machine.

* DON'T access password-protected accounts over open Wi-Fi networks — or any other network you don't trust — unless the site is secured via https. Use a VPN if you travel a lot. (See Ian "Gizmo" Richards' Dec. 11, 2008, Best Software column, "Connect safely over open Wi-Fi networks," for Wi-Fi security tips.)

* DON'T enter a password or even your account name in any Web page you access via an e-mail link. These are most likely phishing scams. Instead, enter the normal URL for that site directly into your browser, and proceed to the page in question from there.

Following these tips will help you keep your personal data safe online.