End of the Road for SHA-1?

sha-1SHA-1 or Secure Hashing Algorithm 1 was developed in 1993 by the National Security Agency (NSA).  It has been used to provide both hashing functions and digital signatures that validate that a certain document, web site, or other resource is genuine, original, and unchanged.

SHA-1 is used in common services such as SSL (secure websites) and TLS (secure email).  There has been discussion about the low security of SHA-1 going back to 2005. ...

Continue Reading →
0

Password Policy Improvements

password2On Monday we attacked the utility of current password policies and standards.  Today we will offer up an array of improvements.

To be truly effective from a security perspective, password policies need to be designed to withstand both online and offline password cracking methods. We discussed offline methods in our post last month, so we will not do more than recap them ...

Continue Reading →
0

Current Password Policies Don’t Work

good-passwordMost corporate password policies are a waste off time and do not add anything extra to providing secure authentication.  Many of these policies were put in place to meet the standards of various compliance bodies (PCI-DSS, HIPAA, etc.)  But basically these policies are not keeping up with the state of the art in password cracking, as we discussed last November in our post on ...

Continue Reading →
0

Retailing Hall of Shame – Office Depot Tech Support Scam

office-depotIt was recently reported in Naked Security that a Seattle television news crew interviewed an Office Depot employee who alerted them to the practice of selling in-store repair scams to customers who came in looking for computer help.  This whistle-blower told a story where employees where encouraged and even pressured to run the chain’s “PC Health Check” on evey ...

Continue Reading →
0

How Are Passwords Cracked?

password1The answer to this question is complicated, but not impossible to understand.  The first thing to know is that most passwords are not cracked by guessing, or trying thousands of possibilities one at a time on a typical login screen.  Most systems will lock the account after a certain small number of failed attempts, like 5 or 6. This makes the kind of ...

Continue Reading →
1

Cybersecurity Tips for the Holidays

cyber-mondayWe have Black Friday coming at the end of this week, and Cyber Monday next week.  A lot of money will be changing hands between now and Christmas.  We want to make sure that you are not a victim of some cyber-criminal’s Merry Christmas purchases with your money.  A safe and secure shopping experience both online and in person can be yours if you follow some simple tips:

  • Make sure your computer ...
Continue Reading →
0

Cybersecurity Top 10

cybersecurity_436x270As we approach year-end, many small and medium sized business owners and managers are coming to the realization that their best intentions for creating a cybersecurity program in their organization have fallen short.  This was the year, you promised yourself, that we get a handle on computer and network security.

Well it is not too late to get a start, and here is a ...

Continue Reading →
0

Fixing Your Infected IoT Devices

mirai-botnetThe Mirai and Bashlight botnets have caused quite a stir in the cybersecurity and IT realms.  The easy ability to round up and deploy millions of devices in a botnet using automated tools has raised the bar.  How we respond to DDoS attacks will have to change.

Nevertheless, you can remove your IoT devices from the bot-net and keep them from being reacquired.  Here are some easy solutions:

First, as clever as these ...

Continue Reading →
0

Mirai and Bashlight Show the Power of IOT Botnets

mirai-botnetI was tempted to post this article late in October, when Brian Krebs suffered with the DDoS attack on his website, or when the Mirai botnet attack on DynDNS was in full swing, but decided to wait it out until after the election, in case it turns out that the Dyn attack was a precursor to an attack to disrupt the elections.  And as of today, it appears that it was ...

Continue Reading →
0

CIS Controls Can Help You Stop Cyber Attacks

cislogowebOn of the more hopeful presentations from the Cyber Security Summit was presented by Tony Sager from the Center for Internet Security.  Titled “Making Best Practices Common Practices: The CIS Controls,” Tony provided us with a road map for implementing secure practices in our networks.

There are 20 CIS controls.  Tony said that implementing the first 5 (20%) would reduce your risk by 80%. ...

Continue Reading →
0
Page 43 of 61 «...2030404142434445...»