Items Tagged with "Passwords"
KPN Hack: Why was Customer Notification Delayed?
February 13, 2012 Added by:Pierluigi Paganini
The login credentials were stored in plain text in the repository that had been exposed, and that is absurd. This is a failure of the basic security procedures that should be recognized internationally, and is an offense for which there should be heavy penalties...
Comments (0)
Hacker Boasts of Intel Corporation Network Breach
February 13, 2012 Added by:Headlines
A hacker who goes by the handles "WeedGrower" and "X-pOSed" claims to have breached tech giant Intel and to have gained access to an Intel.com subscriber database that contains sensitive information including passwords, social security and credit card numbers...
Comments (0)
ICS-CERT: Brute Force and SSH Scanning Attacks
February 06, 2012 Added by:Headlines
ICS-CERT is aware that systems that provide SSH command line access are common targets for “brute force” attacks. As recently as this week, ICS-CERT received a report from an electric utility experiencing unsuccessful brute force activity against their networks...
Comments (0)
On Forgotten Passwords and Security
February 03, 2012
What do you do when a user forgets their password? There are a number of different approaches that can be taken. The challenge when allowing a user to self-service is that you could potentially open up a number of avenues for attack...
Comments (0)
Disappointing Ruling in Compelled Laptop Decryption Case
February 01, 2012 Added by:Electronic Frontier Foundation
A federal district court has handed down an unfortunate early ruling in a case. Prosecutors asked the court to force the defendant to either type an encryption passphrase into the laptop to decrypt the information or turn over a decrypted version of the data...
Comments (0)
Designing Applications for Compromise
January 24, 2012 Added by:Rafal Los
Make sure you're thinking ahead and designing applications to be resilient in the face of a complete compromise - including the information therein and connected accounts - so your users can still get back to the application even after it's been ravaged by hackers...
Comments (0)
Do Not Encrypt Passwords - Why, You Ask?
January 12, 2012
Encrypting passwords is bad. Try hashing them with a little bit of salt on top. Confused about the terminology - maybe i can clear your confusion with the use of a shoe, a box and a pen & paper...
Comments (2)
Fallout from the Christmas Hack of Stratfor
January 03, 2012 Added by:Richard Stiennon
The most painful lesson the Stratfor hack is about to demonstrate is the importance of email security. Anonymous will be recruiting volunteers to analyze the 3.3 million emails they stole that have the potential for real harm equal to the infamous WikiLeaks State Department leak...
Comments (0)
Crazy Fast Password Recovery with Hashcat
January 02, 2012 Added by:Dan Dieterle
Hashcat is a multi-threaded cracker, so if your CPU can run several threads, it will use them. But the real speed comes into play when using the horsepower of a GPU. If your GPU can run hundreds of threads, all of this power is used to break passwords...
Comments (1)
Analyzing Passwords for Patterns and Complexity
December 20, 2011 Added by:Dan Dieterle
This is a great tool to see patterns in password security. After years of users being warned about password security, it is disheartening to see the majority of users are still using simple passwords. More alarming is the number of password dumps available from compromised websites...
Comments (0)
Passwords: Give Them the Respect They Deserve
December 16, 2011
Passwords are everywhere on the internet. You need them to log onto your banking, emails and a ton of other websites. They are extremely important, yet do we give them the respect they deserve?
Comments (0)
NIST Revision Expands Government Authentication Options
December 16, 2011 Added by:Headlines
“Changes made to the document reflect changes in the state of the art. There are new techniques and tools available to government agencies, and this provides them more flexibility in choosing the best authentication methods for their individual needs, without sacrificing security..."
Comments (0)
Closing the Gate Before the Horse Bolts – On Passwords for the Cloud
December 12, 2011 Added by:Ben Kepes
Passwords it seems are both the bane of our existence and, apparently, the most important thing in our lives. Unfortunately the Cloud doesn’t really change this, good password protocols are as important in the Cloud as they were in an on-premise world and potentially even more so...
Comments (0)
Fraudsters Defeat Poor Risk Management - Not Two-Factor Authentication
December 08, 2011 Added by:Nick Owen
Carriers are not incentivized to secure their users accounts. SMS is really just an email sent to a phone over a provider that barely cares about security. 99% of SMS messages don't require security so don't expect the carriers to add any soon...
Comments (0)
A Checklist for Customer Cloud Security
December 06, 2011 Added by:Ben Kepes
In our cloud security whitepaper we spent time talking about why Cloud Computing is potentially more secure than traditional models of IT delivery while at the same time pointing out the fact that there’s still security issues that organizations need to think about when using Cloud...
Comments (0)
Top Ten Password Cracking Methods
December 05, 2011 Added by:Headlines
"A rainbow table is a list of pre-computed hashes - the numerical value of an encrypted password, used by most systems today - and that’s the hashes of all possible password combinations for any given hashing algorithm mind..."