000Webhost Loses Plaintext Passwords

000WebHost

This comes under the heading of “know who you are doing business with.”  Web hosting company 000webhost.com was breached this week and over 13 million customer records were stolen and posted for sale on the Internet.  The data includes customer names, emails and passwords in plaintext  (meaning the passwords were unencrypted).  Storing passwords in an unencrypted form should be a criminal act in itself, ...

Continue Reading →
0

Password Strategy Part 2

password1In our last article we recommended a publication from the GCHQ on passwords, and today we continue that discussion.  Many of the recommendations are suggestions we have covered before in previous posts, but the importance of having secure password procedures can not be overstated.

Change all default passwords

All of our network connected devices come “ready to go” right out of the box in most ...

Continue Reading →
0

Password Strategy Part 1

passwordToday we start a three article series on developing good password strategy for you small business.  As it happens, there is a great resource available courtesy of Her Majesty’s Government.  The British signals intelligence department, GCHQ, has published a guide to password policy entitled Password Guidance: Simplifying Your Approach.  This 12 page guide offers password advise in seven sections.  They are:

  • Change all default passwords on devices that you deploy on ...
Continue Reading →
0

Using LastPass

lp-956I recently accepted the position of Secretary in the Twins Cities chapter of the International Information Systems Security Certification Consortium (ISC)2-TC, and in order to send me the passwords for certain online chapter assets, it was requested that I sigh up for the password management product, LastPass.  I have written previously about LastPass, KeePass, and RoboForm as recently as June 16. ...

Continue Reading →
0

Have a WordPress Site? Better Secure It!

WordPresslogoWordPress has become an incredibly popular web design platform, and currently has about a 25% share of all web sites on the Internet.  As an open-source software product that is free to download and use, with a great support and documentation through WordPress.org, and a huge, international development community providing an endless array of themes, plug-ins and widgets, it is easy ...

Continue Reading →
0

Secret Questions Too Hard To Answer

passwordAs we have mentioned several times, humans represent the weakest link in cybersecurity.  This means we are terrible at creating strong passwords, and we are bad at remembering them, too.  So all of our online service providers have password reset systems that usually include a series of “secret” questions that are supposed to be both hard for an attacker to guess, but easy for the account holder to remember.  Unfortunately, this ...

Continue Reading →
0
Page 7 of 8 «...45678