Password spraying is a new password exploit that is being used effectively against larger networks. It’s become enough of a problem to merit an alert from US-CERT entitled TA18-086A: Brute Force Attacks Conducted by Cyber Actors. Here’s how it works.
Typically, in a traditional brute-force password attack, the password cracking software runs a long list of every possible password against a system. In ...
Continue Reading →
A quick Saturday digest of cybersecurity news articles from other sources.Great story about dealing with creative content pirates on the Internet.
Great article from the Smithsonian takes a look ...
Continue Reading →
What would it be like if you could identify yourself and authenticate your account by the way you type? A Romanian company, TypingDNA, has created a Chrome extension that does just that.
I am a big advocate of two-factor authentication, but there are some problems. One of the three types of authentication is biometrics, which is “something you are.” NIST, in SP 800-63B states ...
Continue Reading →A quick Saturday digest of cybersecurity news articles from other sources.Saint Patrick’s Day, or the Feast of Saint Patrick  is a cultural and religious celebration held on 17 March, the traditional death date of Saint Patrick (c. AD 385–461), the foremost patron saint of Ireland.
Can you ...
Continue Reading →
I recently read an article from Heimdal Security about online safety. In this article Heimdal had asked 18 experts in the field of cybersecurity for their top 3 ideas about how to stay secure. The contributors included top cybersecurity professionals from several anti-malware companies, security bloggers, and cybersecurity industry professionals. The original article is here.
What I found interesting were the ...
Continue Reading →
The most devastating exploit that can happen to you is to have your email account hijacked. We have spilled a lot of pixels on this subject (see below). The reason we find this so dangerous is that it is that this is the attack most likely to happen to you.
Google recently released a study that analyzed how Gmail accounts are hijacked. If you have an Android smartphone, you have a Gmail ...
Continue Reading →
Every year some pundit declares that the password will soon be dead. I have been proclaiming for several years now that the password, by itself, is no longer a suitably strong form of security, and have been a champion for two-factor authentication.
Microsoft has recently stated that their Windows Hello facial recognition system is a suitable replacement for passwords. Windows Hello was ...
Continue Reading →
A quick Saturday digest of cybersecurity news articles from other sources.Google removed 60 games that contained code to display porn pop-ups and other malicious activities. Click through to see list of bad apps. If you installed any of them, you will need to remove these yourself.
Privileged accounts, typically administrator accounts, are the all powerful user accounts who can do anything on a computer, server, network, or domain. These are the top targets for cyber-criminals and other malicious hackers. And they generally are poorly managed. Here are some common mistakes we see when conduction security reviews for clients.
Let’s say you have finally committed to creating new, unique, and long passwords for all your online, network, business, and machine user accounts. How are you going to keep track of the dozens, if not hundreds of uniquely different passwords? Using a system makes your passwords guessable, and writing them down in a spiral notebook is a hassle, and makes your ...