Better Two-Factor Security from Google Titan

This article is an amusing collision between our last two topics – the problems with two-factor and multi-factor authentication and our four-part story on Google’s data mining habits.  Google has developed and released their Titan MFA security key as a more secure way to implement multi-factor authentication that can’t be attacked through phishing and man-in-the-middle exploits.  So if you can stand ...

Continue Reading →
0

Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.


Tiny Hardware Firewall VPN Client

Here are a couple of tiny, portable security devices that provide hardware firewall, VPN, and TOR capability.  Check them out.


FTC Releases Cyber Resources for Small Businesses

10/25/2018 09:15 PM EDT  Original release date: October 25, 2018

The Federal Trade Commission (FTC) has ...

Continue Reading →
0

Problems with Password Manager Phone Apps

If you use a password manager app on your smartphone, it may be vulnerable to package name spoofing, which would allow the password manager’s autofill feature to enter your login credentials on a spoofed web form.  This vulnerability applies to popular apps from LastPass, Dashlane, Keeper, and 1Password.

I have been an advocate for password managers.  They are part of the solution to creating ...

Continue Reading →
0

Security Policies That Respect Users

Often it seems that security policies are designed with the assumption that average computer users are ID10Ts (idiot users).  Related terms such as PEBKAC (Problem Exists Between Keyboard And Chair), PICNIC (Problem In Chair, Not In Computer), IBM error (Idiot Behind Machine error) and other similar phrases illustrate the dark side of our interactions with our users.  Sometimes we allow our ...

Continue Reading →
0

Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.


Back-to-School Cyber Safety

08/10/2018 08:25 AM EDT  

Original release date: August 10, 2018

As summer break ends, many students will return to school with mobile devices, such as smart phones, tablets, and laptops. Although these devices can help students with their schoolwork and stay in touch with family and friends, there are risks associated with using them. However, there ...

Continue Reading →
0

WordPress JetPack Exploit Hijacks Websites for Tech-Support Scam

Bad actors are using compromised WordPress.com accounts and the popular Jetpack plugin to add a malicious plug-in of their own that turns compromised websites into a vehicle for perpetrating a fake tech support scam.  Attackers are using stolen user names and passwords from other breaches and trying these credentials on WordPress.com to find accounts.  They are even searching whois records for website domain names registered with the same email account as the stolen user name.

Continue Reading →
0

How to Block Malware on Small Business Networks

Most of the small business clients I work with do not have a huge budget for a cybersecurity program, and something like a managed security service program (MSSP) is beyond their reach.  They have money for a firewall, and endpoint security, but that is about it.  Sound like your business?  Then read  on.

There are eight simple, free or low-cost things that small business IT professionals or IT support providers can do ...

Continue Reading →
0
Page 1 of 21 12345...»