[SFDXA] ARRL.org Passwords

Bill bmarx at bellsouth.net
Wed Oct 8 22:14:22 EDT 2014 

> The ARRL released a news article yesterday concerning the hacking of a
> server in the League's network late last month. That article can be
> found here:
> http://www.arrl.org/news/arrl-investigating-web-server-breach
> 
> My professional background is in digital forensic investigations and
> includes teaching in the Digital Forensics and Cyber Security program
> at Valencia College in Orlando so I'd like to make some cyber security
> suggestions to you.
> 
> If your password on arrl.org hasn't been changed since before early
> 2010, you need to change it now. If your password is newer than early
> 2010, I'd recommend that it be changed as a precautionary measure. If
> you've utilized the same password on arrl.org and other websites,
> especially if those other websites are banking and finance related, you
> need to change the passwords on those sites as well.
> 
> Hackers will use passwords from one compromised website to attempt to
> access the person's accounts on other websites. Ideally each website
> that you access should have a unique password; likewise, each email
> account you have should have a unique password.
> 
> Passwords should be made up of a combination of upper case letters,
> lower case letters, numbers, and symbols including:
> !@#$%^&*()_+=-.?<>,. (note: not all websites will accept all of those
> symbols in a password). Passwords should not be such easily guessed
> things as the names of relatives and pets. The best passwords are
> random strings rather than names and words and should be 8 characters
> or longer.
> 
> Now the question that this immediately generates is how do I remember
> dozens or hundreds of random passwords? The answer is that you don't;
> you only need to memorize one that is a master password used by
> software that secures all of the information for all of your
> email/website accounts. There are many such programs available, both
> paid and free, that can securely protect your passwords on your home
> computer, your mobile devices such as smartphones and tablets, and on a
> flash drive so you can have them available wherever you are.
> 
> Because everyone's needs are different, I won't advise using any
> particular solution. I will, however, give you an example of a free
> solution for PCs that has also been ported to most other platforms. The
> software is named "Password Safe" and is available at no cost from:
> http://passwordsafe.sourceforge.net/ (click on the "Download latest
> version" found on that page to access the program itself).
> http://pwsafe.org/relatedprojects.shtml has information on ports of
> Password Safe to other platforms. Again this is not an endorsement of
> this program, just an example of what is available.
> 
> One of the Motions I prepared for the July 2014 Board Meeting was for
> the creation of an IT Strategic Planning Committee. The committee would
> be tasked with examining the existing Information Technology operations
> of the League and creating a strategic plan for addressing current and
> future needs. The committee would be composed of Directors and Vice
> Directors having a current background in Information Technology. 
> 
> As I did not believe that I had enough support to directly get the
> Motion passed, I altered the Motion before I submitted it. The edited
> Motion directed the Administration and Finance Committee of the Board
> to study establishing the IT Strategic Planning Committee and provide
> recommendations to the Board at the January 2015 meeting. The Motion
> was seconded by Dr. David Woolweaver, the West Gulf Division Director,
> and was passed by the Board.
> 
> The full text of the Motion can be found as item 40, beginning at the
> bottom of page 13, in the Minutes of the Board Meeting:
> http://www.arrl.org/files/file/About%20ARRL/Board%20Meetings/2014_July_ARRL_Board_Minutes.pdf
> 
> I do not serve on the Administration and Finance Committee and am
> unaware of any discussions by that committee on the proposal.
> 
> I'll report back when I know more.
> 
> 73 de K4AC
> 
> --------------------------------------------------------------------
> ARRL Southeastern Division
> Director: Doug Rehman, K4AC
> k4ac at arrl.org

More information about the SFDXA mailing list