Items Tagged with "Passwords"


Is Your WPA2 Protected Wireless Network Really Secure

July 01, 2012 Added by:Dale Rapp

A weak WPA2 passphrase could be hacked allowing an unauthorized person to use the wireless network. Even worse this unauthorized person could decrypt the communications revealing emails you send, web sites you visit, and passwords you use for access to websites...

Comments  (0)


ICS-CERT: RuggedCom Weak Password Cryptography

June 20, 2012 Added by:Infosec Island Admin

A researcher identified a default backdoor user account with a weak password encryption vulnerability in the RuggedCom Rugged Operating System which could allow an attacker can use a simple publicly available script to generate the default password and gain administrative access to the unit...

Comments  (0)


Video: On the Recent Password Breaches

June 16, 2012

LinkedIn, LastFM and eHarmony all suffered major password database breaches recently. But really, with so many breaches happening, did anyone even notice?

Comments  (0)


Better Passwords Don't Make Us Secure: Best Practices Advice

June 14, 2012 Added by:Marc Quibell

On today's Internet, it's not about better passwords, because passwords are another weak, vulnerable form of authentication. You can make it longer, more complex... whatever, but it doesn't change the fact that it's still weak and vulnerable. Practice safe computing and at least you will lower your risk...

Comments  (0)


Ten Networking Alternatives After LinkedIn's Security Breach

June 13, 2012 Added by:Allan Pratt, MBA

Much has been written about the LinkedIn security breach and the millions of passwords at risk. Hopefully by now all users have changed them and made them more complex. When it comes to professional social networking sites though, LinkedIn is not the only game in town. Here are the Top 10 alternatives...

Comments  (0)


ICS-CERT: Credential Management

June 13, 2012 Added by:Infosec Island Admin

Credential caching should be disabled on all machines. A common technique employed by attackers is referred to as “pass the hash.” The pass the hash technique uses cached password hashes extracted from a compromised machine to gain access to additional machines on the domain...

Comments  (0)


Recovering Clear Text Passwords – Updated

June 13, 2012 Added by:Dan Dieterle

When I wrote about WCE last, I noticed that for some reason the output didn’t seem right for accounts that did not have passwords. WCE seemed to mirror a password from another account when a password was not present. Hernan from Amplia Security (creator of WCE) created a fix for this...

Comments  (0)


Password Protection Pointers

June 12, 2012 Added by:Jayson Wylie

The best password is the one that only you know. Even better one is one that nobody else can find out. Crackers are getting away from massive rainbow tables and moving on to graphics processors for quick password compromise. It is possible to categorize your passwords to define the sensitivity of their purpose....

Comments  (0)


If I Told You, I'd Have to Kill You

June 11, 2012 Added by:Ed Bellis

All of these breaches present a great opportunity to learn what does and doesn’t work in information security. But when we get responses like the one posted by Last.FM not only do we not learn anything, we don’t have any reason to believe they have either...

Comments  (0)


Analysis of Passwords Dumped from LinkedIn

June 11, 2012 Added by:Dan Dieterle

People put a lot of personal information on LinkedIn - their education and job experience, along with the groups that they belong to - treasure trove of information to Social Engineers. Of all the online social sites, LinkedIn users should really choose a long complex password to secure their account...

Comments  (0)


ZOMG: LinkedIn was Hacked and our Passwords Were Leaked

June 10, 2012 Added by:Infosec Island Admin

LinkedIn and other companies like Sony have shown time and again, they DON’T CARE about YOUR data. Always remember this people. So, you want an account on these places, then you best make a throw away password and limit your data on the sites that host it. Otherwise, your data will be up for the taking...

Comments  (1)


LinkedIn Failed to Meet Standards or Better Standards are Needed

June 10, 2012 Added by:Jeffrey Carr

LinkedIn doesn't have a CSO or CISO, which for a publicly traded company communicates that security is not a priority. Considering they still don't know how this breach occurred and the minimal attention payed to password security, I can't help but wonder how secure the credit card information is...

Comments  (0)


Hooray! An Open-Source Password Analyzer Tool...

June 08, 2012 Added by:Brent Huston

The time it takes to crack a password is the only true measure of its worth. Morris has created a tool for administrators that allows them to configure a password policy based on the time to crack, the possible technology that an attacker might be using, and the password protection technology in use...

Comments  (0)


It’s Time to Convert from Passwords to Passphrases

June 08, 2012 Added by:Stacey Holleran

The traditional password must die. The whole concept is fatally flawed. The sheer volume of attacks should be a wake-up call to anyone utilizing a password (pretty much everyone). Now is the time to practice vigilance and to secure systems, accounts and security applications such as firewalls with Passphrases...

Comments  (0)


LinkedIn Fails Security Due Diligence

June 07, 2012 Added by:Marc Quibell

Poor security practices led to the password database ending up in Russia. We can also say that the best security practices were not applied to the security of our passwords: LinkedIn did not "salt their hash" and therefore the passwords were much more vulnerable to simple brute force attacks...

Comments  (0)


How and Why to Alert Your Employees of the LinkedIn Breach

June 07, 2012 Added by:Jason Clark

Cyber security teams should send out an employee alert explaining why LinkedIn passwords need to be changed and best practices for doing so. You may not have direct IT control over individual LinkedIn accounts, but your communication may alleviate social engineering attacks on employees and your network...

Comments  (0)

Page « < 1 - 2 - 3 - 4 - 5 > »