Blog Posts Tagged with "Passwords"
Talk of Password Demise Greatly Exaggerated
August 08, 2011 Added by:Emmett Jorgensen
Overall criminals and blackhat hackers have a variety of tools at their disposal to overcome passwords and encryption. But this doesn’t mean that passwords are obsolete. On the contrary, if used properly they are still incredibly effective at protecting our data...
Comments (1)
The Benefits of Multifactor Authentication
August 02, 2011 Added by:Robert Siciliano
Specifically the FFIEC states: “Since virtually every authentication technique can be compromised, financial institutions should not rely solely on any single control for authorizing high risk transactions, but rather institute a system of layered security, as described herein...."
Comments (0)
Authentication: Who Are You and Why Are You Here?
July 29, 2011 Added by:Mike Meikle
You may have robust network security, stringent password policies and a tightly locked down user environment, but if you don’t know what you own, both data and hardware, it is akin to having a bank vault door standing alone in a field...
Comments (0)
Password Hash: It's Okay to Inhale...
July 18, 2011 Added by:Vulcan Mindm3ld
The recent IRC Federal and HBGary SQL injection vulnerabilities allowed attackers access to a username/password table stored in the database. IRC Federal's “experts” simply stored unencrypted passwords while HBGary's “expert” third-party developers implemented unsalted, non-iterated MD5...
Comments (4)
Prosecutors Demand Laptop Password
July 11, 2011 Added by:Headlines
"Ordering the defendant to enter an encryption password puts her in the situation the Fifth Amendment was designed to prevent: having to choose between incriminating herself, lying under oath, or risking contempt of court..."
Comments (0)
How to Log In to Windows Without the Password
July 08, 2011 Added by:Dan Dieterle
This process works on a fully patched and updated Windows 7 system. When I checked it last year, it also worked on all of Windows server products. Windows protects these system files from being modified when Windows is booted, but booting in Linux to alter them just takes a couple minutes at most...
Comments (11)
Connexion Hack Team Dumps Military and Gov Accounts
July 08, 2011 Added by:Headlines
A new ad-hoc group of hacktivists calling itself "Connexion Hack Team" has published a list of email addresses associated with the US government including account information from the military, the Department of Homeland Security, the National Security Agency, and several state agencies...
Comments (1)
What the CISSP Won't Teach You - Part Trois
July 05, 2011 Added by:Boris Sverdlik
A dedicated attacker will not scour pastebin to get your password, although “inurl: password” used to be a common attack vector. More common amongst the dedicated attacker is getting as much background information as possible as an attacker builds the dossier on their target...
Comments (0)
Avoiding The Next Big Data Breach
June 21, 2011 Added by:Alexander Rothacker
It’s incumbent on the individuals that are responsible for the security of the data to ride this wave of activity, raise awareness, and move their security projects forward. There is no reason these large breaches should be occurring, not when the solutions already exist...
Comments (0)
Dropbox Confirms Password Security Glitch
June 21, 2011 Added by:Headlines
"This should never have happened. We are scrutinizing our controls and we will be implementing additional safeguards to prevent this from happening again. We are sorry for this and regardless of how many people were ultimately affected, any exposure at all is unacceptable to us..."
Comments (1)
Sony Breach Highlights Secure Password Storage
June 08, 2011 Added by:Emmett Jorgensen
Secure password storage is crucial to any secure system. From sites such as Sony to operating systems and data backups on encrypted hard drives, if the password is in plain text your account and data is not safe. After all, why try to guess a password if you can just copy and paste it?
Comments (0)
New John the Ripper Password Cracker Release
June 06, 2011 Added by:Headlines
A new version of John The Ripper, a free password cracking software tool, has been released. It is one of the most popular password testing/breaking programs as it combines a number of password crackers into one package, autodetects hash types, and includes a customizable cracker...
Comments (0)
Ten Steps To A More Secure Password
May 31, 2011 Added by:Global Knowledge
I make a point to preach password security to most co-workers I supported – especially those who dealt with personnel records, credit card info, and other potentially sensitive documents. Below are some tips that will make your passwords a hundred times harder to hack...
Comments (2)
Affected by the PSN Breach? Here’s What to Do Next...
May 24, 2011 Added by:Tom Eston
Sony has not confirmed or denied that credit card data was stolen; however, as a customer you should take the following precautions when using a PS3 or any game console, including XBOX Live and Nintendo’s Wii and DS systems...
Comments (0)
Sony Data Breach – Lessons for the End-Users
May 12, 2011 Added by:Nabeel Shamsi
One level of protection: Use virtual credit cards. Both Citi and Discover offer virtual credit cards, which can only be used at a single merchant. If someone gets your virtual card number, it is of no use to them...
Comments (0)
How LastPass Protected Passwords and What Changed
May 05, 2011 Added by:Eric Irvin
New passwords will now be hashed using PBKDF2 with SHA-256 hashing, a 256-bit salt, and 100,000 rounds of pseudo-randomization and salting. In comparison, BlackBerry uses 1 round and the Apple iOS4 uses 10,000 rounds. With this implementation, password cracking becomes extremely difficult...
Comments (0)
- The Danger of Mixing Cyber Espionage with Cyber Warfare
- Improving Security by Failing Faster
- BYOD: Should It Be the Wave of the Future?
- Trend Micro Discovers "SafeNet" - a New Targeted Espionage Operation Online
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)
- Complimentary IT Security Resources [May 13, 2013]
- Steps Toward Weaponizing the Android Platform