Problems with Password Manager Phone Apps

If you use a password manager app on your smartphone, it may be vulnerable to package name spoofing, which would allow the password manager’s autofill feature to enter your login credentials on a spoofed web form.  This vulnerability applies to popular apps from LastPass, Dashlane, Keeper, and 1Password.

I have been an advocate for password managers.  They are part of the solution to creating ...

Continue Reading →
0

Exploit Targets Info Tech Support Companies

The holy grail of a cyber-attacker is the ability to achieve remote access to a computer on a network.  It is even better when the attacker can get administrator privileges.  Then they have the ability to do anything they need to do on the compromised computer to cross the network and compromise other computers and servers.  Who has this kind of access already?  ...

Continue Reading →
0

Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.


Ten Tips for New Cybersecurity Pros (free PDF)

New to cybersecurity?  Building a successful cybersecurity career begins with taking good foundational steps. In this ebook, two InfoSec professionals share their advice for those just starting out.


Want a Great Job with the FBI?  Launch a Bot-Net

A la “Catch Me If You Can” Frank Abignale fame, ...

Continue Reading →
0

Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.


[INFOGRAPHIC] Introducing The Psychology of Passwords

From LastPass – It feels like almost every day there’s another data breach in the news, or a case of user credentials up for sale on the Dark Web. Despite the headlines, and repeated warnings from experts about weak passwords and the dangers of password reuse, users have yet to change their online ...

Continue Reading →
0

Replacing Passwords and Pins with Icons

We have discussed the sorry state of passwords in many recent articles.  There is an alternative to passwords and pins that may be coming to a smartphone near you.  It is called SemanticLock and it uses emoji-like icons to unlock your smartphone.

Most smartphones go unsecured mainly because most people find it difficult to enter a password using the on-screen keyboard.  4 to 6 digit numeric PINs are slightly ...

Continue Reading →
0

Phishing on Facebook – Angler Phishing

Cyber-criminals are masquerading as customer service sites on Facebook, luring disgruntled customers to their Facebook page in order to trick them into divulging their user name, password, and other personal information.  This is called “angler phishing.”

The way this usually works is this.  Let’s say you have a bad experience with your bank.  Then you write and post a negative comment on Facebook or Twitter about bad service you received at your bank, for example.  A cyber-crime crew will be searching ...

Continue Reading →
0

Using a Password Manager to Improve Password Security

Two weeks ago when we started this series on password security, we revealed some sad statistics.  60% of people use the same password on multiple accounts.  The average person has 26 password protected accounts, but only used 5 passwords across those accounts.  And 85% of people keep track of passwords through memorization.

People reuse passwords just because it is easier.  I get it, I have over 100 password protected accounts (not 26) and it is not possible for me to keep ...

Continue Reading →
0

Creating a Stronger Password

During the last week and a half we have been investigating the sorry state of password security.  Now for some more hopeful information.  In this post, we will look at the current recommended standards for creating a secure password, and policy recommendations from the National Institute of Standards and Technology (NIST).

Our recommendations for password strength is to use passwords with at least 12 or more characters.  The reason is that longer passwords are more secure in the face of automated ...

Continue Reading →
0

How I Got Your Password – Part 2

Did you know that the easiest way for me to get your password is just to ask for it? This is one way that cyber-criminals can get one of your passwords. In  our last post we focused on password cracking.  Today we will look at all the other ways that an clever attacker can compromise your password.

  • Social Engineering – Sometimes the easiest way to get password information is just to ask for it.  Social engineering is a type of con ...
Continue Reading →
0

Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.


World’s first and oldest cybercrime (1830) predates electrical telegraphy.  Read how two French bond traders hacked France’s military semaphore telegraph.

Forget VPNfilter – here’s BACKLASH, a networking hack from way, way back

With a name like BACKLASH, you might think this hack comes from the era of mechanical devices, with gears and pulleys. You’d be right!


A pair of ...

Continue Reading →
0
Page 1 of 13 12345...»