Search:

Items Tagged with "Authentication"


0a8cae998f9c51e3b3c0ccbaddf521aa

CloudBeat 2012 - "Whose job is cloud security?"

December 11, 2012 Added by:Rafal Los

People are still stuck on authentication, mainly passwords. We as an industry or customer base haven't been very good at figuring out how to manage identities, without sticking our customers with a million different sites which don't share common identities...

Comments  (0)

37d5f81e2277051bc17116221040d51c

What Makes My Passwords Vulnerable?

November 25, 2012 Added by:Robert Siciliano

Simple passwords: When 32 million passwords were exposed in a breach last year, almost 1% of victims were using 123456. The next most popular password was 12345. Other common choices are 111111, princess, qwerty, and abc123. Avoid these types of passwords, which are easily guessed...

Comments  (0)

D03c28fd5a80c394905c980ee1ecdc88

E-mailing Passwords - Practice What You Preach

November 19, 2012 Added by:Bill Mathews

That’s right, I got an email with my username and password listed right there. That probably doesn’t anger normal people (let alone drive them to write an article about it), but I have never been accused of being normal so I’m pretty annoyed. Here, in no particular order, are my reasons for the anger and frustration...

Comments  (6)

Bd07d58f0d31d48d3764821d109bf165

Four Turning Points in Cybersecurity History

November 18, 2012 Added by:Tripwire Inc

Enterprises adopted reputable standards for secure configurations, and implemented repeatable practices for creating secure infrastructure. This shift dramatically reduced the attack surface of enterprises, greatly increasing the difficulty of achieving a successful attack...

Comments  (0)

94ae16c30d35ee7345f3235dfb11113c

On Password Hell

November 06, 2012 Added by:Joel Harding

I had one sysadmin a few years ago who demanded we all use 64 character passwords and every other character had to switch type. It was something like ^y?M3aI`B[a/ and so on... It took two minutes to type it in and I had to carry a paper with the password written on it. I was so glad when he left...

Comments  (1)

65be44ae7088566069cc3bef454174a7

Please Don’t Tell Me You’re Still Using SSNs as IDs!

November 05, 2012 Added by:Rebecca Herold

I’ve been occasionally revisiting the topic of laws and regulations prohibiting the use of SSNs, most recently in 2008 when I identified over 45 U.S. federal and state laws regulating and often prohibiting, the use of SSNs as identifiers. I provide pointers at the end of this post to some other reports...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Does it Make Sense to Keep Changing Your Passwords?

October 31, 2012 Added by:Rafal Los

I'm running a small experiment on myself in which I've set up an account on a public, high-traffic web-based system out there that has a ton of my personal information. I've not changed my password in almost 6 months, but I still feel relatively good and certain that I am the only one who has access to my stuff...

Comments  (0)

9a824a3f55b26adad5431f6715dbec2e

Is it really so simple to crack your password?

October 29, 2012 Added by:Pierluigi Paganini

The numerous attacks and data breaches occurred during the last 12 months demonstrate that despite attention to security, the principal causes of the incidents are leak of authentication processes, absence of input validation on principal applications, and of course the human factor...

Comments  (0)

E313765e3bec84b2852c1c758f7244b6

Ask The Experts: Online Banking

October 24, 2012 Added by:Brent Huston

Instead of using your actual name as your login, why not use something different that is hard to guess and doesn’t reveal anything about your identity? It always pays to make it as tough on the cyber-criminals as possible..

Comments  (0)

4eb356e09746aadc2f4800877e8c24e8

Sidestepping Microsoft SQL Server Authentication

October 21, 2012 Added by:Brandon Knight

Penetration testers love compromising systems during assessments, and the most important portion of a penetration test is getting access to critical data and systems. So, post exploitation I generally head for the database servers. Depending on the permissions of the target there may be another hurdle to bypass...

Comments  (2)

09f36134733892ee0b4d16cf0fc98790

eSignatures Go Keyless in the Cloud

October 02, 2012 Added by:Victor Cruz

It has been 12 years since the US passed a law to facilitate the use of electronic records and electronic signatures. Called the Electronic Signatures in Global and National Commerce Act (ESIGN), its general intent in black and white is quoted in the very first section of the legislation...

Comments  (0)

8a958994958cdf24f0dc051edfe29462

Anomaly Detection: Front-Door Infrastructure Security

September 23, 2012 Added by:Larry Karisny

So what if we could create an anomaly algorithm that could audit, detect and approve positive input events in business processes. And if we could do this then wouldn’t risk management and security actually just be a byproduct of allowing these positive business events to occur?

Comments  (1)

5e402abc3fedaf8927900f014ccc031f

Will Your Smartphone Become your Wallet?

September 05, 2012 Added by:Allan Pratt, MBA

Will all smartphone users feel comfortable transforming their them into wallets? What about security? What if you lose your phone and the person who finds it hacks into your accounts? Now, these cool capabilities don’t sound so impressive. In fact, there are some serious consequences...

Comments  (0)

Ebe141392ea3ebf96ba918c780ea1ebe

The OTHER Problem with Passwords

August 29, 2012 Added by:Wendy Nather

Organizations are motivated to prioritize ease of use over security if they feel their target audience won't be able to use advanced features without support. The result is that the password reset process to an address of record is the easiest way to get into an account. And of course attackers know this too...

Comments  (1)

37d5f81e2277051bc17116221040d51c

Understanding Your BYOD Policy

August 28, 2012 Added by:Robert Siciliano

If you choose to use your personal device for work, then your employer will more than likely want control over that device. This means like in a company mobile liability policy, the employer may have remote capabilities to monitor activity and in the event of loss or employee termination, wipe the data...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Tridium Niagara Vulnerabilities Update

August 17, 2012 Added by:Infosec Island Admin

Independent security researchers have identified multiple vulnerabilities in the Tridium Niagara AX Framework software including directory traversal, weak credential storage, session cookie weaknesses, and predictable session IDs, all of which can be exploited remotely...

Comments  (0)

Page « < 1 - 2 - 3 - 4 - 5 > »


Popular Topics
Access Control  Anonymous  Application Security  Attacks  Authentication  Best Practices  China  Cloud Computing  Cloud Security  Compliance  Cyber Crime  Cyber Security  Cyber Warfare  Cyberwar  Data Loss  Data Loss Prevention  Denial of Service  Employees  Encryption  Enterprise Security  Espionage  Exploits  FBI  Government  Hacking  Hacktivist  Headlines  ICS  ICS-CERT  Identity Theft  Industrial Control Systems  Information Security  Information Technology  Infosec  Infrastructure  Law Enforcement  Legal  Managed Services  Management  Military  Mobile Devices  National Security  Network Security  PCI DSS  Passwords  Penetration Testing  Policies and Procedures  Policy  Privacy  Regulation  Risk Management  SCADA  Security  Security Audits  Security Awareness  Security Strategies  Social Engineering  Social Media  Stuxnet  Tools  Training  Vulnerabilities  breach  breaches  fraud  hackers  internet  malware  report  vendors