ReadWriteWeb

The biggest geeks in all of technology work in IT security. Sorry front-end mobile developers, cloud gurus, data center managers and do-it-yourself robot builders. Enterprise IT security is run by geeks who love to play cat and mouse with a good botnet, argue over the merits of Blue Coat versus AnchorFree and have a panic button programmed on their highly encrypted smartphones that goes straight to Symantec's headquarters. These are the geek's geeks.

In honor of yesterday's Safer Internet Day, we present a tribute to the IT security folks that keep most of us running during the day and from drowning in a sea of spam and malware. We know the "$#!& people say" meme is a little played out, but we feel that's mostly because there have been some really mediocre entries into the genre recently. The video below is sure to leave you giggling if you belong to the geeky group of IT security experts. Check it out.

Last May Geeks Are Sexy reported that anyone with access to your computer could access passwords stored in Google's Chrome browser with just a few mouse clicks. When the story inexplicably resurfaced in several Twitter posts this morning, it was time to call Google and find out why they hadn't fixed the perceived glitch.

The Geeks Are Sexy post showed how users could find passwords that are saved to for websites that require a log-in in the "Manage Passwords Section" of the "Personal Stuff" tab under " Preferences" in Chrome. The passwords initially appear to be blocked out but can be revealed by clicking on the account and then clicking a "Show" button.

A database containing 44,000 usernames and password hashes associated with accounts registered on the Mozilla add-ons website was accidentally made public, the organization and makers of the Firefox Web browser said on Monday. The partial database of user accounts was mistakenly left on a Mozilla public server, which would have allowed anyone to access the account usernames and the password hashes.

The good news? Says Mozilla: no one did. Well, no one except for the one security researcher who found them.

As we reported earlier today, Amazon is now offering a Cluster GPU Instance. Security blogger Thomas Roth decided to find out how quickly the system could be used to crack SHA1 hashes. He was able to crack 14 hashes with passwords ranging in length from one to six characters in 49 minutes. "This just shows one more time that SHA1 is deprecated," he writes. "You really don't want to use it anymore!" Roth shares his process in this post. In the comments he notes the cost of cracking the passwords was only between four and five dollars.

A new survey from Gartner Research delivers some bad news regarding our online security practices: two-thirds of U.S. consumers use the same one or two passwords for all the websites they access. And they like it that way. Although people claim they're concerned about security, they still tend to use unsafe password management techniques rather than exploring new methods - be they new hardware, software, or new authentication frameworks like OpenID.

As early adopters and technology enthusiasts, we're known for signing up for every new service presented to us. Due to the sheer number of web sites out there, most of us have devised a system for remembering all those passwords: we make them all the same. (Nod sheepishly if this is you). This system, although easy, is dangerously insecure. A hacker would only need to comprise your password one time in order to gain access to all your accounts. But what alternatives do we have?