KeePass – Cloudless Password Management

Let’s say you have finally committed to creating new, unique, and long passwords for all your online, network, business, and machine user accounts.  How are you going to keep track of the dozens, if not hundreds of uniquely different passwords?  Using a system makes your passwords guessable, and writing them down in a spiral notebook is a hassle, and makes your ...

Continue Reading →
0

Integrated Password Managers – Apple iCloud Keychain

On Wednesday, we looked at the built-in password manager provided by Google Smart Lock.  Today we will review Apple’s iCloud Keychain.  Keychain works automatically with iPhones, iPads, and Macs, and is shared an updated to all your devices automatically.  Most of the Apple users I talk to are familiar with Keychain.  Keychain works with devices that are using ...

Continue Reading →
0

Integrated Password Managers – Google Smart Lock

We are advocates of using a password manager to create, manage, and securely store the dozens (or hundreds) of unique and long passwords that we need to be using these days.  For many people, password managers can seem difficult to set up and a bit of a hassle to use.  The good news its that there are two easy and built-in alternatives, Continue Reading →

0

Google Offers Advanced Protection Program for High Risk Individuals

If you are a high risk or high net worth user of Google’s popular Gmail platform, Google Drive, or other Google services such as YouTube or Google Analytics, Google has come up with an advanced security program for you.

Continue Reading →

0

Remote Desktop Protocol Attacks Against Windows Servers

Thanks to Datarecovery.com, for alerting us to this issue.  They have seen a high number RDP (Remote Desktop Protocol) attacks lately. Generally, these attacks are targeting Microsoft Windows-based servers, where port 3389 has been left open.

The attacker scans for open port 3389, and then uses a password dictionary attack to break the server password. Once the password is found, the attacker can exploit the server or sell access to the server ...

Continue Reading →
0

NIST Password Policy Review

We have covered this issue before, but it bears repeating.  The new NIST Digital Identity Guidelines are out, and they have thrown out some old password chestnuts because they did not work, or did not work as intended.

Below are the significant changes to password policy.

  • An end to password complexity rules.  Following this policy, users tended to create shorter passwords that used obvious character ...
Continue Reading →
0

Dragonfly Wants To Punch Our Lights Out? Round Four

Over the last four posts, we have focused on the US-CERT alert, but cybersecurity firm Symantec has actually been working this case since 2011.  Their report on Dragonfly can be found on their website.  While they are cautous when providing attribution, reading between the lines indicates that Dragonfly is probably a Russian based group, possibly working on behalf ...

Continue Reading →
0

Dragonfly Wants To Punch Our Lights Out? Round Three

Is the U.S. energy sector under attack? The ambitious and sophisticated exploits like this one are usually the work of a nation-state.  Who wants to turn off the lights?  Last Wednesday we took a look at the US-CERT alert warning about the ongoing cyber-attack against the U.S. electric grid, and on Friday we took a look at many of the tactics, ...

Continue Reading →
0

Dragonfly Wants To Punch Our Lights Out? Round Two

Somebody wants to punch our lights out – literally turn off the electric power grid. Who would want to do this?  Russia?  North Korea?  Cybersecurity firm Symantec has attributed this attack to a group they have identified as the Dragonfly Group, who may have been responsible for the attack on the Ukrainian electric grid in 2015 and 2016.  ...

Continue Reading →
0
Page 1 of 10 12345...»