Password Policy Improvements

password2On Monday we attacked the utility of current password policies and standards.  Today we will offer up an array of improvements.

To be truly effective from a security perspective, password policies need to be designed to withstand both online and offline password cracking methods. We discussed offline methods in our post last month, so we will not do more than recap them here. ...

Continue Reading →
0

Current Password Policies Don’t Work

good-passwordMost corporate password policies are a waste off time and do not add anything extra to providing secure authentication.  Many of these policies were put in place to meet the standards of various compliance bodies (PCI-DSS, HIPAA, etc.)  But basically these policies are not keeping up with the state of the art in password cracking, as we discussed last November in our post on Continue Reading →

0

Should I Report My Cyber-Crime To the Cops?

ic3If you have been the victim of a ransomware scam, or fake tech support scam, or other computer incident, intrusion, or breach, you may be wondering if you should report it to the police.

If you report your crime to the police, it is unlikely that it is going to be solved and the perpetrator arrested.  Many local police departments have a computer fraud officer or even a larger group, but there may ...

Continue Reading →
0

Adult Site Breach Exposes Weak Hashing

affThe site Adult Friend Finder, the “world’s largest sex and swingers site” recently exposed 412 million user credentials due to poor, or in some cases, non-existent password hashing practices. The biggest group losses were:

  • 339 million users of AdultFriendFinder.com
  • 62 million users of webcam site cams.com
  • 7.1 million users of Penthouse.com
  • 1.4 million users of stripshow.com

As we discussed last week, the reason that the Yahoo breach went unreported is ...

Continue Reading →
0

Retailing Hall of Shame – Office Depot Tech Support Scam

office-depotIt was recently reported in Naked Security that a Seattle television news crew interviewed an Office Depot employee who alerted them to the practice of selling in-store repair scams to customers who came in looking for computer help.  This whistle-blower told a story where employees where encouraged and even pressured to run the chain’s “PC Health Check” on evey computer ...

Continue Reading →
0

Sunday Funnies – Walmart Cashiers

walmart-cashiersFrom Pinterest.  As we approach the holiday season, we ask ourselves the perennial question – Why did Walmart put 24 checkout aisles in the store if they are only going to open 5 of them?

They remodeled the Walmart in Stillwater (actually Oak Park Heights) maybe ten years ago, and tore out a bunch of merchandise space to put in two dozen checkout ...

Continue Reading →
0

How Are Passwords Cracked?

password1The answer to this question is complicated, but not impossible to understand.  The first thing to know is that most passwords are not cracked by guessing, or trying thousands of possibilities one at a time on a typical login screen.  Most systems will lock the account after a certain small number of failed attempts, like 5 or 6. This makes the kind of password ...

Continue Reading →
1

Cybersecurity Tips for the Holidays

cyber-mondayWe have Black Friday coming at the end of this week, and Cyber Monday next week.  A lot of money will be changing hands between now and Christmas.  We want to make sure that you are not a victim of some cyber-criminal’s Merry Christmas purchases with your money.  A safe and secure shopping experience both online and in person can be yours if you follow some simple tips:

  • Make sure your computer is ...
Continue Reading →
0
Page 1 of 93 12345...»