The National Institute for Standards and Technology is working on new password guidelines which will be mandated for government sector users, and strongly recommended for businesses as well. Still in draft from, the standards can be found on the document Special Publication 800-63-3: Digital Authentication Guidelines. Here are some of the recommended changes, so far. We approve, and in many cases have been ...
Another out of cycle post, this one directed to anyone who is running balloting operations for the upcoming elections. I make jokes all the time about our next president being elected by the Russian Cyber Army, the Chinese Peoples Liberation Army Unit 61398, the ISIS Cyber Caliphate, or the Syrian Electronic Army. But this is ...
The rare Tuesday post. I got an announcement from the FBI on Friday that I thought was important enough to share that I am squeezing into to my regular publishing schedule on what is typically an off-day. Anyway, now is your chance to stick it to the criminals who have been distributing Locky, CryptoWall, CryptoLocker and other ransomware exploits. If you or your business has been victimized ...
Many small businesses are being dragged into the arena of IT risk assessment by larger client companies, suppliers, or regulators. Common scenarios include credit card (PCI) or HIPAA compliance. Since the Target breach, smaller vendors and supplier companies who have a network connection into the IT operations of a larger company are being required to undergo the same sort of vulnerability and risk assessment ...
I discovered a while ago that my LG smart phone can be used fairly easily to make a surreptitious video of a meeting simply by turning on the video camera and slipping the phone into a shirt pocket. The camera lens clears the edge of the pocket nicely, and there is no indication, at least on my phone, the the camera is rolling. This is a great way to keep a record ...
A recent rule by the Supreme Court has given the FBI authority to hack your computer if it is inadvertently part of a criminal botnet. Recent changes to a procedural rule known as Rule 41 allows the FBI to obtain a search warrant to use “network investigative techniques” or NIT (or more commonly called hacking) to search computers engaged in criminal activity anywhere in the world. This includes innocent computer ...
Happy Friday the 13th. In honor of all the governmental and law enforcement agencies that want to deny the privacy and security of encrypted communications to the general public, today we will be looking at encrypted messaging apps for your smart phone.
When the bad guys can break into your digital assets and steal your information with impunity, encryption is a necessity. Encryption is the lock on your data. I am a ...
Continue Reading →
As we all know, Apple refused to assist the FBI in cracking the iPhone 5c of the San Bernardino “terrorist” killers. The FBI took Apple to court. Then the FBI dropped the case after successfully hacking the phone. Then they successfully hacked another phone in a different case in New York. Information appeared linking Israeli mobile security firm Cellebrite to the successful breach ...
The US House of representatives passed the Email Privacy Act. Finally the Congress passes a bill that actually protects the public from warrantless search and seizure of email records. What makes this vote special is that it was unanimous – 419-to 0! When does that ever happen? Rarely, but considering this bill would protect our representatives too, maybe not all that surprising.
This ...
Continue Reading →
We wrote last year about how the IRS and their Get Transcript service was instrumental in helping identity thieves file fraudulent tax returns for big refunds. The problem was that the IRS used static user identity information that was available elsewhere online. They promised to fix this security problem, but have not. This year, many users of the IP PIN system that was supposed to harden ...