Network Access Control
Does Multi-Factor Authentication Even Matter Anymore?
April 05, 2011 Added by:Rafal Los
Multi-factor authentication systems that use one-time passwords give the attacker a very small window within which to strike. They have that one session, and then they have to orchestrate the attack again, whereas with a password compromise you can keep attacking over and over...
Comments (10)
F-Secure's April Fools Hack Article is No Joke
April 01, 2011 Added by:Headlines
F-Secure posted a nice April Fool's day article that was so subtle it slipped into several security news feeds unnoticed. While the article itself may be just a fun prank, readers would be wise not to let the sardonic wit overshadow the important message about password security...
Comments (0)
RSA Breach Long Term Impact for Security Professionals
March 30, 2011 Added by:Nick Owen
With the explosion of cloud-based services, organizations are relying on the security of their vendor's vendors. What lessons can we learn from the RSA and Comodo episodes, and how should it impact decision making? Here are some longer-term items to think about...
Comments (0)
Check Your Password Security
March 29, 2011 Added by:Robert Siciliano
Passwords are the bane of the security community. We are forced to rely on them, while knowing they’re only as secure as our operating systems, which can be compromised by spyware and malware. There are a number of common techniques used to crack passwords...
Comments (0)
Advanced Password Security 101
March 27, 2011 Added by:J. Oquendo
For those searching for password storage systems, there is no shortage of helpful and even free programs. There is also no shortage of documents explaining why or how to create strong passwords. However, what I noticed in most documents and even programs is their lack of creativity...
Comments (4)
Increase in SSH Brute Force Username Guessing
March 23, 2011 Added by:Ted LeRoy
The crackers are using automated tools that scan for valid ssh logins using a username list. The sites and names that come up can be processed again, checking for weak passwords or brute force vulnerabilities. The tools and method are not new, but the number of attacks seems much higher lately...
Comments (15)
Insider Threats and Data Theft
March 21, 2011 Added by:Danny Lieberman
Network DLP is a poor security countermeasure against the WikiLeaks class of data breach. Network DLP can network-intercept but not analyze obfuscated data and is blind to removable media and smart phones. The best technical countermeasure against a leak must be at the point of data use...
Comments (0)
RSA Fail - Security Lessons Unlearned
March 18, 2011 Added by:J. Oquendo
Security pros have to wonder about the security state as a whole when the founders of "two factor" key fobs take a hit. One would believe that in the event someone compromised a machine inside of RSA, their own security - two factor key fobs - would have prevented escalation between other machines...
Comments (4)
HBGary Federal Security Fail... Again
March 17, 2011 Added by:J. Oquendo
IP based authentication is somewhat helpful, but can be hurtful. While an administrator can define who can and cannot visit locations, servers, pages, this can become a cumbersome process. It also does little against a potential client side attack where an attacker accesses a trusted machine...
Comments (0)
Who’s NAPping on Your Network? (Part Two)
March 17, 2011 Added by:Global Knowledge
In the last post I described a high-level overview of 802.1x authentication. Now, let’s dive a bit deeper into the use of 802.1x as a foundation for Network Access Protection (NAP) enforcement of health policies in a Windows Server 2008 network infrastructure...
Comments (0)
Insider Threats and IRS Network Security Controls
March 16, 2011 Added by:Headlines
The report indicates the IRS failed to limit employee access to sensitive information in accordance with employee's job duties, leaving the agency vulnerable to insider threats. The report also found that the IRS had failed to update critical database software and enable key auditing capabilities...
Comments (0)
Improved DoD Data Security Measures Slated for 2013
March 11, 2011 Added by:Headlines
At issue is how best to control access to sensitive data in an effort to prevent further breaches while also maintaining post-9/11 efforts to increase information sharing between multiple government agencies responsible for defending the nation...
Comments (0)
Vein Pattern Recognition: A Privacy-Enhancing Biometric
March 03, 2011 Added by:Ben Rothke
Vascular pattern recognition is one of many available biometric authentication technologies. VPR, like many biometric technologies, has the potential to increase security and protect privacy. But that can only be done if the biometric solution is properly deployed...
Comments (0)
Faking It - When is Two Factor Authentication Not?
February 28, 2011 Added by:Rafal Los
Take a look at the authentication scheme from a 360-degree view and see if the strong authentication 2-factor provides extends to all platforms (mobile device? HTML-only?) If not, then your account is protected by the lowest common denominator, for most sites that's a simple username and password...
Comments (15)
All Your Data Are Belong To Us!
February 23, 2011 Added by:Brent Huston
Passwords are the bane of every system administrator’s existence. Policies are created to secure organizations, but when enforced they cause people to have trouble coming up with the multitude of passwords necessary. As a result, people use the same passwords in multiple places...
Comments (1)
Brute Forcing Passwords and Word List Resources
February 20, 2011 Added by:Rob Fuller
Brute force, even though it's gotten so fast, is still a long way away from cracking long complex passwords. That's were word lists come in handy. It's usually the crackers first go-to solution, slam a word list against the hash, if that doesn't work, try rainbow tables..
Comments (1)
- Five Things Your InfoSec Team Should Do in the Next 30 Days
- The Disclosure Debate Continues….. (part 1,453, 769) to be Continued
- The Danger of Mixing Cyber Espionage with Cyber Warfare
- Improving Security by Failing Faster
- BYOD: Should It Be the Wave of the Future?
- Trend Micro Discovers "SafeNet" - a New Targeted Espionage Operation Online
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)