There has been a running battle on the subject of copyright in the digital age, between content creators and their customers, the content consumers. The doctrine of Fair Use has protected consumers who engage in making copies of protected works for their own use or for backup purposes. The content creators and the companies and lawyers that serve them have been trying to reduce or restrict the doctrine of fair use.
Back ...
Continue Reading →
Just received an email from WordFence, the WordPress security plugin-developer, that popular WordPress hosting company WPEngine had a breach that may have included customer user name and password information. The full text of the email I received follows.
Continue Reading →“We learned about an hour ago that there has been a data breach at WPEngine. Some of their customer login credentials have been exposed. ...
If you are involved in the management of a commercial bank, The Federal Financial Institutions Examination Council (FFIEC) has developed a Cybersecurity Assessment Tool that was released in June 2015. As a cybersecurity practitioner who provides security audits, compliance audits, vulnerability scans, and penetration tests, I was encouraged to see another example of a federal government agency getting serious about improving cybersecurity ...
I was surprised to discover proof that my business is a target of cyber-criminals. After installing some security and reporting tools on my websites, I was alerted to the almost constant state of attack that they were under. And all I am doing is writing a cybersecurity blog. And you, dear reader, what of your business? There is a good chance that you are too, but simply don’t know it ...
This week we have focused on the people part of the security puzzle. As we know, people are the weakest link and the easiest point of access. But beating this point into your employees will not help them be better at computer and network security, and just make them feel hopeless and badgered.
Getting employee buy-in requires a little bit of strategy mixed in with a lot of fun.
Facebook recently announced an improvement to it’s logon system. Login security seems to be taking a position from and center lately. Wednesday we wrote about Yahoo’s new authentication system, and today we will move on to Facebook’s Login Approvals.
Previously, Facebook users were able to get Login Notifications. When you entered your user name (usually your email address) and password from a new location, browser, or device, Facebook Notifications would send users ...
Continue Reading →
If you are having trouble managing “all those passwords” for your online resources, one solution would be to use a password manager like LastPass or Dashlane. Google has come up with a single sign-on (SSO) product that not only will log you into all your Google apps (Gmail, Voice, Blogger, YouTube, Apps, Drive, Analytics, AdWords, etc) but also integrates access into 17 ...
I’ve been warning about the dangers of self-aware machines for some time.
Here is a story about how a toaster disrupted a keynote address by ARM CEO Simon Segars at the annual ARM TechCon Conference. It seems that the toaster was toasting a bagel which got stuck, and started burning. The smoke caused the fire alarms to go of in the ...
Continue Reading →Would you buy your password from an 11-year old girl? I would, and maybe you should, too. Mira Modi, an 11-year old New Yorker, has very very cool service called Diceware. Using a technique developed by Arnold Reinhold, Mira uses dice to come up with a unique 6 word passphrase, which she will send to you in the US Mail. Her fee is two bucks.
Understanding that passwords are cracked by cyber-criminals one of two ways, either ...
Continue Reading →
Using BASIC or Visual BASIC programming scripts can add automation and other functions to documents created in the Microsoft Office productivity suite of products. Unfortunately, this feature can be used by cyber-attackers to send malware exploits in otherwise innocuous looking documents that most people would open without a second thought.
The macro virus goes back to 1995, the most infamous being the Melissa email macro virus that $80 million in damages to ...
Continue Reading →