Search:

Items Tagged with "Passwords"


7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Credential Management

June 13, 2012 Added by:Infosec Island Admin

Credential caching should be disabled on all machines. A common technique employed by attackers is referred to as “pass the hash.” The pass the hash technique uses cached password hashes extracted from a compromised machine to gain access to additional machines on the domain...

Comments  (0)

B64e021126c832bb29ec9fa988155eaf

Recovering Clear Text Passwords – Updated

June 13, 2012 Added by:Dan Dieterle

When I wrote about WCE last, I noticed that for some reason the output didn’t seem right for accounts that did not have passwords. WCE seemed to mirror a password from another account when a password was not present. Hernan from Amplia Security (creator of WCE) created a fix for this...

Comments  (0)

54a9b7b662bfb0f0445d1661d7ed180b

Password Protection Pointers

June 12, 2012 Added by:Jayson Wylie

The best password is the one that only you know. Even better one is one that nobody else can find out. Crackers are getting away from massive rainbow tables and moving on to graphics processors for quick password compromise. It is possible to categorize your passwords to define the sensitivity of their purpose....

Comments  (0)

48f758be63686a73484a7380e94f73d0

If I Told You, I'd Have to Kill You

June 11, 2012 Added by:Ed Bellis

All of these breaches present a great opportunity to learn what does and doesn’t work in information security. But when we get responses like the one posted by Last.FM not only do we not learn anything, we don’t have any reason to believe they have either...

Comments  (0)

B64e021126c832bb29ec9fa988155eaf

Analysis of Passwords Dumped from LinkedIn

June 11, 2012 Added by:Dan Dieterle

People put a lot of personal information on LinkedIn - their education and job experience, along with the groups that they belong to - treasure trove of information to Social Engineers. Of all the online social sites, LinkedIn users should really choose a long complex password to secure their account...

Comments  (0)

Baed7cd90281d85b6943e9bf3cfc9fe0

ZOMG: LinkedIn was Hacked and our Passwords Were Leaked

June 10, 2012 Added by:Scot Terban

LinkedIn and other companies like Sony have shown time and again, they DON’T CARE about YOUR data. Always remember this people. So, you want an account on these places, then you best make a throw away password and limit your data on the sites that host it. Otherwise, your data will be up for the taking...

Comments  (1)

296634767383f056e82787fcb3b94864

LinkedIn Failed to Meet Standards or Better Standards are Needed

June 10, 2012 Added by:Jeffrey Carr

LinkedIn doesn't have a CSO or CISO, which for a publicly traded company communicates that security is not a priority. Considering they still don't know how this breach occurred and the minimal attention payed to password security, I can't help but wonder how secure the credit card information is...

Comments  (0)

E313765e3bec84b2852c1c758f7244b6

Hooray! An Open-Source Password Analyzer Tool...

June 08, 2012 Added by:Brent Huston

The time it takes to crack a password is the only true measure of its worth. Morris has created a tool for administrators that allows them to configure a password policy based on the time to crack, the possible technology that an attacker might be using, and the password protection technology in use...

Comments  (0)

145dfdfe39f987b240313956a81652d1

It’s Time to Convert from Passwords to Passphrases

June 08, 2012 Added by:Stacey Holleran

The traditional password must die. The whole concept is fatally flawed. The sheer volume of attacks should be a wake-up call to anyone utilizing a password (pretty much everyone). Now is the time to practice vigilance and to secure systems, accounts and security applications such as firewalls with Passphrases...

Comments  (0)

94c7ac665bbf77879483b04272744424

LinkedIn Fails Security Due Diligence

June 07, 2012 Added by:Marc Quibell

Poor security practices led to the password database ending up in Russia. We can also say that the best security practices were not applied to the security of our passwords: LinkedIn did not "salt their hash" and therefore the passwords were much more vulnerable to simple brute force attacks...

Comments  (0)

54b393d8c5ad38d03c46d060fa365773

How and Why to Alert Your Employees of the LinkedIn Breach

June 07, 2012 Added by:Jason Clark

Cyber security teams should send out an employee alert explaining why LinkedIn passwords need to be changed and best practices for doing so. You may not have direct IT control over individual LinkedIn accounts, but your communication may alleviate social engineering attacks on employees and your network...

Comments  (0)

F29746c6cb299c1755e4087e6126a816

Should You Be Worried About the LinkedIn Breach?

June 06, 2012 Added by:Kelly Colgan

People who rely on LinkedIn for professional networking keep a wealth of information stored on their profile pages. With news of a possible data breach exposing 6.5 million user passwords, LinkedIn users need to take steps to protect their personal data. Here are five tips we recommend you follow...

Comments  (3)

69dafe8b58066478aea48f3d0f384820

LinkedIn Hacked: Change Your Password

June 06, 2012 Added by:Headlines

Reports indicate that as many as 6.4 million passwords have been compromised. Though the passwords are in encrypted form, reports indicate that they are being cracked at a rapid rate, with somewhere near 300,000 passwords already revealed, putting those LinkedIn members' accounts at risk...

Comments  (0)

B64e021126c832bb29ec9fa988155eaf

Recovering Remote Windows Passwords in Plain Text with WCE

June 05, 2012 Added by:Dan Dieterle

After obtaining a remote session using Backtrack’s Social Engineering Toolkit, I ran Bypassuac to get System level authority and at the Meterpreter prompt simply ran wce.rb. Mimikatz seems to do a better job at recovering passwords, but WCE is just as easy to use. Both offer other features and functions...

Comments  (1)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: RuggedCom Weak Cryptography for Passwords

May 30, 2012 Added by:Infosec Island Admin

A researcher identified a default backdoor user account with a weak password encryption vulnerability in the RuggedCom Rugged Operating System which could allow an attacker can use a simple publicly available script to generate the default password and gain administrative access to the unit...

Comments  (0)

9a824a3f55b26adad5431f6715dbec2e

LinkedIn: Vulnerability in the Authentication Process

May 22, 2012 Added by:Pierluigi Paganini

This attack is possible due to an error in validating of the security token (CSRF token) that allows an unlimited number of requests using the same token for different users. The only mechanism against the attack is a CAPTCHA challenge-response test after dozens of attempts...

Comments  (0)

Page « < 1 - 2 - 3 - 4 - 5 > »


Popular Topics
Access Control  Anonymous  Application Security  Attacks  Authentication  Best Practices  China  Cloud Computing  Cloud Security  Compliance  Cyber Crime  Cyber Security  Cyber Warfare  Cyberwar  Data Loss  Data Loss Prevention  Denial of Service  Employees  Encryption  Enterprise Security  Espionage  Exploits  FBI  Government  Hacking  Hacktivist  Headlines  ICS  ICS-CERT  Identity Theft  Industrial Control Systems  Information Security  Information Technology  Infosec  Infrastructure  Law Enforcement  Legal  Managed Services  Management  Military  Mobile Devices  National Security  Network Security  PCI DSS  Passwords  Penetration Testing  Policies and Procedures  Policy  Privacy  Regulation  Risk Management  SCADA  Security  Security Audits  Security Awareness  Security Strategies  Social Engineering  Social Media  Stuxnet  Tools  Training  Vulnerabilities  breach  breaches  fraud  hackers  internet  malware  report  vendors