Blog Posts Tagged with "Access Control"


Low-Cost Ways to Make Your Network More Secure

November 26, 2012 Added by:Marc Quibell

There are improvements you can introduce that are seamless, low-cost , don't present a new burden to your users, and/or are easy to implement. So in between your major IT Security projects that may or may not happen, why not improve you security posture and lower your overall risks?

Comments  (2)


E-mailing Passwords - Practice What You Preach

November 19, 2012 Added by:Bill Mathews

That’s right, I got an email with my username and password listed right there. That probably doesn’t anger normal people (let alone drive them to write an article about it), but I have never been accused of being normal so I’m pretty annoyed. Here, in no particular order, are my reasons for the anger and frustration...

Comments  (6)


On Password Hell

November 06, 2012 Added by:Joel Harding

I had one sysadmin a few years ago who demanded we all use 64 character passwords and every other character had to switch type. It was something like ^y?M3aI`B[a/ and so on... It took two minutes to type it in and I had to carry a paper with the password written on it. I was so glad when he left...

Comments  (1)


Does it Make Sense to Keep Changing Your Passwords?

October 31, 2012 Added by:Rafal Los

I'm running a small experiment on myself in which I've set up an account on a public, high-traffic web-based system out there that has a ton of my personal information. I've not changed my password in almost 6 months, but I still feel relatively good and certain that I am the only one who has access to my stuff...

Comments  (0)


Admin Rights - Your Achilles Heel

October 31, 2012 Added by:Paul Kenyon

Every organization experiences user frustrations and complications that result in support calls to the help desk. While each call may seem to suggest a unique problem, there could be a common root cause amongst them. Help desk calls often seem to be black and white – the machine works and now it doesn’t...

Comments  (0)


Is it really so simple to crack your password?

October 29, 2012 Added by:Pierluigi Paganini

The numerous attacks and data breaches occurred during the last 12 months demonstrate that despite attention to security, the principal causes of the incidents are leak of authentication processes, absence of input validation on principal applications, and of course the human factor...

Comments  (0)


Top Ten Ways to Prevent Data Breaches

October 11, 2012 Added by:Paul Kenyon

Users with admin rights are loose cannons -- you just don’t know when or where they are going to strike, and the results can be devastating to the company’s security infrastructure. Once a problem occurs, it often unravels into a downward spiral taking your business - and reputation - down with it...

Comments  (3)


Landmark Ruling: Insiders Aren't Hacking if You Gave them Access

October 08, 2012 Added by:Rafal Los

What happens if you go perusing through your corporate file-share lists, applications directories and such... and find some interesting stuff that you aren't technically supposed to have access to yet the controls in place have no problem giving you permission? Does anyone notice?

Comments  (0)


When Log Files Attack: IEEE Data Leak

September 28, 2012 Added by:Tripwire Inc

The fact that usernames and passwords were being logged to a plaintext file itself is problematic, even if the passwords are being hashed when stored in a database, if such data is logged in plain text it defeats the entire purpose...

Comments  (0)


CFAA Does Not Bar Misappropriation when Employee Authorized

September 27, 2012 Added by:David Navetta

The CFAA only permits claims for accessing a protected computer “without authorization” and “exceeds authorized access” “only when an individual accesses a computer without permission or obtains or alters information on a computer beyond that which he is authorized to access...”

Comments  (0)


Accessibility and the Untold Issue Around Cloud Computing

September 26, 2012 Added by:Ben Kepes

The decision was made during the consultation process that universal design and accessibility issues should be outside the scope of the document. That was a necessary decision as the drive was to come up with a readily consumable document that vendors could easily comply with...

Comments  (0)


Microsoft Forcing Users to Use Less Secure Passwords

September 18, 2012 Added by:Dan Dieterle

Looks like Windows 8 is capped at a 16 character limit for compatibility with existing Microsoft Accounts. With the decrease of the character set, by limiting special characters for compatibility with Microsoft’s other services, the passwords are less secure than before...

Comments  (2)


The OTHER Problem with Passwords

August 29, 2012 Added by:Wendy Nather

Organizations are motivated to prioritize ease of use over security if they feel their target audience won't be able to use advanced features without support. The result is that the password reset process to an address of record is the easiest way to get into an account. And of course attackers know this too...

Comments  (1)


Understanding Your BYOD Policy

August 28, 2012 Added by:Robert Siciliano

If you choose to use your personal device for work, then your employer will more than likely want control over that device. This means like in a company mobile liability policy, the employer may have remote capabilities to monitor activity and in the event of loss or employee termination, wipe the data...

Comments  (0)


Is a Password Enough? A Closer Look at Authentication

August 16, 2012 Added by:Robert Siciliano

Yahoo and LinkedIn were recently breached and usernames and passwords were stolen. These sites did something wrong that allowed those passwords to get hacked. However passwords themselves are too hackable. If multi-factor authentication was used, then the hacks may be a moot point and the data useless...

Comments  (0)


ICS-CERT: Siemens COMOS Privilege Escalation Vulnerability

August 16, 2012 Added by:Infosec Island Admin

Siemens has reported a privilege escalation vulnerability in the Siemens COMOS database application. Authenticated users with read privileges could escalate their privileges by exploiting this vulnerability. Thus, the attacker is able to gain administrator access to the database...

Comments  (0)

Page « < 1 - 2 - 3 - 4 - 5 > »
Most Liked