Visitors to my home who want to use our wireless network are often stupefied by the 63-character, hexadecimal WPA2 passcode. In spite of the legitimate security concerns that went into my choice of such a long code, this always embarrasses me. Of course, being embarrassed easily is all part of growing up and being British. (That’s a Monty Python reference in case you didn’t get it.)

So I’m happy to report yet another analysis of wireless passcode security and the relative ease of cracking them.

The upshot is that no passcode is uncrackable. Your only hope is to make your passcode so long and complex that it can’t be cracked in a reasonable timeframe. Using all of the maximum 63 characters is strongly recommended.

So, laugh all you want, and groan as you struggle to enter that monstrosity, but I’m not going to simplify it just for convenience.

Blizzard, the company that brought you the Diablo series, as well as World of Warcraft, runs a service called Battle.net. The service ostensibly helps online gamers find servers running their favourite Blizzard games. In fact the service is not much more than DRM: technology used by Blizzard to prevent people from playing their games. And prevent them it does. While Blizzard only really wants to prevent people with ‘pirated’ copies of games from playing, server outages and other technical glitches have caused problems for paying customers since the service began. Even people who purchased Diablo III with no intention of playing online must use Battle.net for the single player game, so they are affected by service outages.

Yesterday, Blizzard added insult to injury when they announced that Battle.net had been hacked. According to Blizzard, no financial (credit card) data was stolen, and although passwords may have been taken, those passwords were encrypted. Still, they are recommending that all Battle.net users change their password as soon as possible.

SANS has a breakdown of the implications to users.

When Blizzard announced that Diablo III would require use of the Battle.net service, even for single player games, I decided to protest by not buying the game, despite having enjoyed the previous two games immensely. That’s starting to look like a wise choice.

The latest SANS OUCH! newsletter (PDF) covers an increasingly-common scam in which the scammer calls their victim on the phone and talks their way into accessing the victim’s computer.

Here’s an except from the newsletter:

“You receive a phone call from a person claiming to be from a computer support company associated with Microsoft or another legitimate company. They claim to have detected your computer behaving abnormally, such as scanning the Internet, and believe it is infected with a virus. They explain they are investigating the issue and offer to help you secure your computer. They then use a variety of technical terms and take you through confusing steps to convince you that your computer is infected, scaring you into ultimately buying their product.”

SANS is a computer security company based in the USA. They publish several excellent newsletters, including OUCH! You can subscribe to any of these lists for free at http://www.sans.org/newsletters/.