Buy Your Password From 11-Year Old Girl?

Would you buy your password from an 11-year old girl?  I would, and maybe you should, too.  Mira Modi, an 11-year old New Yorker, has very very cool service called Diceware.  Using a technique developed by Arnold Reinhold, Mira uses dice to come up with a unique 6 word passphrase, which she will send to you in the US Mail.  Her fee is two bucks.

Understanding that passwords are cracked by cyber-criminals one of two ways, either ...

Continue Reading →
0

How Secure Is Your Smartphone?

smartphone-securityI read an article recently on Dark Matters, by Bob Monroe, that talked about smartphones from the perspective on an attacker – just how good of an attack surface is your average smartphone?  Pretty good, as it turns out, which is not so good for you and me.

The first problem is that these little computers are very chatty.  If they are turned on, they are talking to the nearest cell ...

Continue Reading →
0

What To Do When Your Personal Information Is Breached

penetration_test_436x270We recently learned that credit report service Experian had a breach of T-Mobile customer information.  This is just another addition to the pile of Personally Identifying Information (PII) that has been exfiltrated from sundry organizations including the Office of Personnel Management, various BlueCross BlueShield organizations, and Harvard University.

So what to do when this happens to you?  When you are notified by the offending ...

Continue Reading →
0

Word and Excel Macro Viruses Are Back

macro-virusUsing BASIC or Visual BASIC programming scripts can add automation and other functions to documents created in the Microsoft Office productivity suite of products.  Unfortunately, this feature can be used by cyber-attackers to send malware exploits in otherwise innocuous looking documents that most people would open without a second thought.

The macro virus goes back to 1995, the most infamous being the Melissa email macro virus that $80 million in damages to US ...

Continue Reading →
0

000Webhost Loses Plaintext Passwords

000WebHost

This comes under the heading of “know who you are doing business with.”  Web hosting company 000webhost.com was breached this week and over 13 million customer records were stolen and posted for sale on the Internet.  The data includes customer names, emails and passwords in plaintext  (meaning the passwords were unencrypted).  Storing passwords in an unencrypted form should be a criminal act in itself, ...

Continue Reading →
0

Scary Disguises Hide Malware Too

goblinIt’s Halloween tomorrow, the traditional time when we dress up in scary or not-so scary costumes to disguise our identity and trick our friends and family.  It’s good to remember that malware often uses disguises to trick us into committing an action that releases the attack.  What follows are my scary Halloween stories.

  • Social Engineering – In this exploit the attacker may present themselves in person, over the phone, or by email, ...
Continue Reading →
0

Really Secure Email

ProtonMailOK, so Monday I lampooned the Director of the CIA for using AOL email to transmit top secret CIA files (yikes).  And of course we all remember the Hillary Rodham Clinton kerfuffle over her use of her own private email service to transmit State Department documents (better).  One has to assume that this pretty flagrant violation of what has to be well known government policies by people who probably know better has ...

Continue Reading →
0
Page 48 of 56 «...2030404647484950...»