Items Tagged with "Passwords"
April 05, 2011 Added by:Rafal Los
Multi-factor authentication systems that use one-time passwords give the attacker a very small window within which to strike. They have that one session, and then they have to orchestrate the attack again, whereas with a password compromise you can keep attacking over and over...
April 01, 2011 Added by:Headlines
F-Secure posted a nice April Fool's day article that was so subtle it slipped into several security news feeds unnoticed. While the article itself may be just a fun prank, readers would be wise not to let the sardonic wit overshadow the important message about password security...
March 29, 2011 Added by:Robert Siciliano
Passwords are the bane of the security community. We are forced to rely on them, while knowing they’re only as secure as our operating systems, which can be compromised by spyware and malware. There are a number of common techniques used to crack passwords...
March 27, 2011 Added by:J. Oquendo
For those searching for password storage systems, there is no shortage of helpful and even free programs. There is also no shortage of documents explaining why or how to create strong passwords. However, what I noticed in most documents and even programs is their lack of creativity...
March 23, 2011 Added by:Ted LeRoy
The crackers are using automated tools that scan for valid ssh logins using a username list. The sites and names that come up can be processed again, checking for weak passwords or brute force vulnerabilities. The tools and method are not new, but the number of attacks seems much higher lately...
March 22, 2011 Added by:Rob Fuller
I ran into the 'getvncpw' meterpreter script issue on pentests in the past but didn't know much about the whacked out version of DES that RFB (the VNC protocol) was using. Not being a fan of manually editing a binary and compiling each time, I had a password to crack I wanted to find another way...
March 22, 2011 Added by:Headlines
Network administrators may be conducting their own personal risk assessments in the course of their daily duties. They may be weighing factors such as performance pay incentives, the thoroughness of security audits, and time constraints when deciding what is or is not a priority...
March 11, 2011 Added by:Brent Huston
You have to be sharp to see through a social engineering attack. The challenge is to retain that sharpness while in the midst of multiple tasks. Most of the time, the attacker will take advantage of a busy receptionist, a chaotic office, or tired staff when they try their dastardly deed...
February 28, 2011 Added by:Rafal Los
Take a look at the authentication scheme from a 360-degree view and see if the strong authentication 2-factor provides extends to all platforms (mobile device? HTML-only?) If not, then your account is protected by the lowest common denominator, for most sites that's a simple username and password...
February 23, 2011 Added by:Brent Huston
Passwords are the bane of every system administrator’s existence. Policies are created to secure organizations, but when enforced they cause people to have trouble coming up with the multitude of passwords necessary. As a result, people use the same passwords in multiple places...
February 22, 2011 Added by:Roman Yudkin
The burden of so many complex passwords is too high, especially if the user believes the odds of their credentials being stolen are small. Advice on choosing strong passwords and never re-using them is rejected as a poor cost/benefit tradeoff. No wonder users have bad password practices...
February 20, 2011 Added by:Rob Fuller
Brute force, even though it's gotten so fast, is still a long way away from cracking long complex passwords. That's were word lists come in handy. It's usually the crackers first go-to solution, slam a word list against the hash, if that doesn't work, try rainbow tables..
February 12, 2011 Added by:Dan Dieterle
iPhone passwords may not be as secure as one might believe. According to German security researchers from the Fraunhofer Institute Secure Information Technology (Fraunhofer SIT), if you have physical access to the phone, passwords can be recovered from a locked Apple iPhone in six minutes...
February 10, 2011 Added by:Headlines
"Starting Thursday all Google users can choose to turn on a so-called 'two-factor authentication' feature, which will require them to type in a special, short-lived second password in addition to their normal password to get into their account..."
February 08, 2011 Added by:Headlines
Consumers know that leaving their Wi-Fi network open is not good, but the reality is that many have not taken the steps to protect themselves. Consumers can activate Wi-Fi security protections in a few simple steps, but much like the seatbelts in your car, it won't protect you unless you use it...
February 07, 2011 Added by:Rafal Los
Conferences are more than just going to interesting talks, meeting people, and attending after-parties. Sometimes, if the conferences is really a gem - like ShmooCon - you actually learn something. After attending this year's conference, I think it relevant to share my thoughts...