See our Wednesday and Friday post. This is for everyone I ever met who can’t remember their passwords. You know who you are. Check the logo on St. Peter’s laptop. Looks like you will need an iCloud Keychain.Continue Reading →
On Wednesday, we looked at the built-in password manager provided by Google Smart Lock. Today we will review Apple’s iCloud Keychain. Keychain works automatically with iPhones, iPads, and Macs, and is shared an updated to all your devices automatically. Most of the Apple users I talk to are familiar with Keychain. Keychain works with devices that are using ...Continue Reading →
We are advocates of using a password manager to create, manage, and securely store the dozens (or hundreds) of unique and long passwords that we need to be using these days. For many people, password managers can seem difficult to set up and a bit of a hassle to use. The good news its that there are two easy and built-in alternatives, Continue Reading →
Thanks to Datarecovery.com, for alerting us to this issue. They have seen a high number RDP (Remote Desktop Protocol) attacks lately. Generally, these attacks are targeting Microsoft Windows-based servers, where port 3389 has been left open.
The attacker scans for open port 3389, and then uses a password dictionary attack to break the server password. Once the password is found, the attacker can exploit the server or sell access to the server ...Continue Reading →
We have covered this issue before, but it bears repeating. The new NIST Digital Identity Guidelines are out, and they have thrown out some old password chestnuts because they did not work, or did not work as intended.
Below are the significant changes to password policy.
Over the last four posts, we have focused on the US-CERT alert, but cybersecurity firm Symantec has actually been working this case since 2011. Their report on Dragonfly can be found on their website. While they are cautous when providing attribution, reading between the lines indicates that Dragonfly is probably a Russian based group, possibly working on behalf ...Continue Reading →
Is the U.S. energy sector under attack? The ambitious and sophisticated exploits like this one are usually the work of a nation-state. Who wants to turn off the lights? Last Wednesday we took a look at the US-CERT alert warning about the ongoing cyber-attack against the U.S. electric grid, and on Friday we took a look at many of the tactics, ...Continue Reading →
Somebody wants to punch our lights out – literally turn off the electric power grid. Who would want to do this? Russia? North Korea? Cybersecurity firm Symantec has attributed this attack to a group they have identified as the Dragonfly Group, who may have been responsible for the attack on the Ukrainian electric grid in 2015 and 2016. ...Continue Reading →
Three billion (3,000,000,000) is the current tally of breached user IDs, passwords, and customer account information at Yahoo. This is most assuredly all of the user account information they were holding about their customers. If you were or are a Yahoo account holder, just assume your information is among the lost.
Earlier we reported that this breach may have been less significant because Continue Reading →