Research firm IOActive recently released a an article that revealed some serious security deficiencies on popular Linksys Smart Wi-Fi products. They have notified Linksys, and Linksys is working on the firmware upgrades that will be necessary to fix these issue, and they have issued a security advisory.
Among the vulnerabilities discovered:
Happy World Password Day. I have been following the progress that NIST is making in formulating new standards for user authentication. Something I found surprising was that NIST is not recommending using biometrics as a form of authentication. The two main reasons are that biometrics, such as fingerprints, iris scans, and voice recognition, are not a secret. For instance, you leave your fingerprints behind everywhere you touch ...
We have discussed the dangers to what NIST identifies as Critical Infrastructure that exists because SCADA and other industrial control systems are designed to be run on “air-gapped” networks that are not connected to the public Internet. Unfortunately, many of these systems are being connected to the Internet, if only in a tangential way.
The German security firm OpenSource Security recently found hard ...
Continue Reading →
I use LastPass to manage all my passwords, and recommend LastPass to my clients and followers. Often, when I am talking about storing passwords in the cloud, as LastPass does, I get concerned questions about the safety of storing your digital “keys” online. What happens if LastPass is breached?
Well, the bad news is that they were breached around June 15, 2015. I remember getting the email alert from them at the ...
Continue Reading →
CAPTCHA, or Completely Automated Procedures for Telling Computers and Humans Apart, was a system first theorized by cryptographer Alan Turing in 1950. We find these little “I am not a robot” challenges popping up all over the place, especially when creating a new account, registering for a web service the first time, or sometimes as form of poor man’s two-factor authentication. ...
Users of the Apple iOS 10.3 phone operating system are being offered two-factor authentication (2FA) for their Apple IDs. This offers an additional layer of security for iCloud data, too.
As we have discussed in previous posts, the benefits of 2FA are that your account cannot be breached with only a stolen password. In addition to the password, a one-time passcode is required ...
Continue Reading →
According to the Department of Homeland Security (DHS), there are seven strategies that will prevent 85% of targeted attacks. To this list I have added a few of my favorites.
Social networks are a tremendous source of personal information leakage. Actually, more like a waterfall. As we learned in the last post, attackers use social networks to perform reconnaissance against their chosen targets. Since few of us are going to delete all our social network accounts and move of the grid, we have to find a way to live ...
Controlling your professional information can mean managing the information you disclose on professional networking sites such as LinkedIn. It can also mean protecting the client and employee information you have gathered through your employment. It may mean securing your computer network from outside and inside attackers, or your website from compromise. It may mean properly securing online assets ...
As a regular reader of this blog, you are probably using a long, unique, 20 character password with two-factor authentication, and a password manager to keep it all straight. But let’s say that you fall for a phishing scam, and give away the password to your email account. The attacker can now use your email account to request password reset emails from your other online accounts, and you have yourself one ...