Network Access Control
Top Ten Password Cracking Methods
December 05, 2011 Added by:Headlines
"A rainbow table is a list of pre-computed hashes - the numerical value of an encrypted password, used by most systems today - and that’s the hashes of all possible password combinations for any given hashing algorithm mind..."
Comments (2)
Top Ten Most Easily Guessed Passwords
November 21, 2011 Added by:Headlines
Are you using the password “password” or “123456″? If so congratulations, you are using one of the top two worst and easiest to guess passwords on the internet. Splashdata creates an annual list of the worst passwords to use on the net, and here are the top 10 for 2011...
Comments (0)
IBM AS400 (I-Series) Key Controls for User Accounts
November 09, 2011 Added by:Kevin Somppi
It is impossible to prove that a platform or program has no bugs; however, if you take the time to reasonably test and find the obvious vulnerabilities, and challenge the access which your user community has been granted, you stand a better chance of not being compromised...
Comments (1)
DARPA Advocates Improved Cyber Offense Capabilities
November 07, 2011 Added by:Headlines
"We are shifting our investments to activities that promise more convergence with the threat and that recognize the needs of the DoD. Malicious cyber attacks are not merely an existential threat to our bits and bytes. They are a real threat to our physical systems..."
Comments (0)
Size Isn't Everything
October 26, 2011 Added by:Javvad Malik
Having a long padded out password isn’t enough. Because there are a whole multitude of things that should be taken into consideration before declaring something is the answer to all your security issues. It’s a security concept called defense in depth...
Comments (1)
Reducing America’s Cyberwar Capabilities to a Maginot Line
October 13, 2011 Added by:Dan Dieterle
The United States has been ravished electronically by infiltrating sources that have pilfered military secrets, financial information and account credentials. According to some, our national infrastructure has also been infiltrated and key systems backdoored...
Comments (1)
Trusted Computing from Portable Devices
October 06, 2011 Added by:Emmett Jorgensen
There are many different ways that secure devices are being used as platforms for collaborative technologies to address growing market requirements. The ability to secure activities anywhere, at any time, from any machine is something that will gain traction over the next few years...
Comments (0)
AmEx Secures Website Admin Debugging Panel Error
October 06, 2011 Added by:Headlines
“An attacker could inject a cookie stealer combined with jQuery’s .hide() and harvest cookies which can, ironically enough, be exploited by using the admin panel provided by sloppy American Express developers," Femerstrand explained in a blog post...
Comments (0)
Usernames and Passwords Are Facilitating Fraud
September 30, 2011 Added by:Robert Siciliano
Here we are in 2011 and well over half a billion records have been breached. While not all of the compromised records were held by financial institutions or were accounts considered “high-risk”, many of those breached accounts have resulted in financial fraud or account takeover...
Comments (0)
Capturing Logins with Keyscan and Lockout_Keylogger
September 26, 2011 Added by:Dan Dieterle
Sometimes a penetration tester may have remote access to a user’s machine, but he may not have the password, or the user has a very long complex password that would take too long to crack. Backtrack 5′s Metasploit Framework has a utility for capturing keys pressed on a target machine...
Comments (0)
U.S. Bank Employee Pleads Guilty to Account Theft
September 01, 2011 Added by:Headlines
Hurtado accessed U.S. Bank’s computer system and changed the contact information for the accounts of two elderly customers at the bank. After changing their contact information, Hurtado then allegedly closed these accounts and took out cashier’s checks for the balance of each account...
Comments (1)
Sentence Your Password
August 23, 2011 Added by:Christopher Hudel
One risk is that by telling people to "Sentence their password", they may be steered unconsciously to create sentences that make sense which will significantly weaken the power of apparently random words. And of course, apparently random words may ultimately prove not to be too random...
Comments (0)
Minimum Password Lengths of 15 or More via GPO
August 21, 2011 Added by:Rob Fuller
Also known as "How to practice what we preach". I don't know how long I've been telling clients that they need to have a minimum password length of 15 characters so there is no chance LM will be stored. But I've never tried setting it myself. Well, a client called me out. You can't...
Comments (0)
Internet Security Alliance Pans Obama's Security Plan
August 17, 2011 Added by:Headlines
"This is a punitive model where we're trying to blame the victims of the attack. I don't think that the administration's proposal really does anything that I can see to enhance cybersecurity," said Larry Clinton, President of the Internet Security Alliance...
Comments (0)
ISO and IEC Publish Biometric Authentication Standard
August 15, 2011 Added by:Headlines
Unlike other authentication systems, the breach of biometric data is difficult to remedy. Users can not simply alter the authenticating data used to access secure networks, as one would with usernames and passwords - the data is permanently and uniquely identifiable to the individual user...
Comments (0)
Ten Password Tips that Never Go Out of Style
August 10, 2011 Added by:Allan Pratt, MBA
I know what you’re thinking: not another post about passwords. The truth is, no matter how many times those of us in the infosec arena talk, cajole, and plead with users to create complex passwords, they don’t follow directions. Instead, they come crying to us after something bad happens...
Comments (9)
- Improving Security by Failing Faster
- BYOD: Should It Be the Wave of the Future?
- Trend Micro Discovers "SafeNet" - a New Targeted Espionage Operation Online
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)
- Complimentary IT Security Resources [May 13, 2013]
- Steps Toward Weaponizing the Android Platform
- Mobile Security Processes Could Be Applied to Medical Devices: Bluebox