This article is an amusing collision between our last two topics – the problems with two-factor and multi-factor authentication and our four-part story on Google’s data mining habits. Google has developed and released their Titan MFA security key as a more secure way to implement multi-factor authentication that can’t be attacked through phishing and man-in-the-middle exploits.  So if you can stand ...
A quick Saturday digest of cybersecurity news articles from other sources.Here are a couple of tiny, portable security devices that provide hardware firewall, VPN, and TOR capability. Check them out.
10/25/2018 09:15 PM EDT Â Original release date: October 25, 2018
The Federal Trade Commission (FTC) has ...
Continue Reading →
If you use a password manager app on your smartphone, it may be vulnerable to package name spoofing, which would allow the password manager’s autofill feature to enter your login credentials on a spoofed web form. This vulnerability applies to popular apps from LastPass, Dashlane, Keeper, and 1Password.
I have been an advocate for password managers. They are part of the solution to creating ...
Continue Reading →
A quick Saturday digest of cybersecurity news articles from other sources.
From the About Damn Time Dept.
Often it seems that security policies are designed with the assumption that average computer users are ID10Ts (idiot users). Related terms such as PEBKAC (Problem Exists Between Keyboard And Chair), PICNIC (Problem In Chair, Not In Computer), IBM error (Idiot Behind Machine error) and other similar phrases illustrate the dark side of our interactions with our users. Sometimes we allow our ...
A quick Saturday digest of cybersecurity news articles from other sources.08/10/2018 08:25 AM EDT Â
Original release date: August 10, 2018
As summer break ends, many students will return to school with mobile devices, such as smart phones, tablets, and laptops. Although these devices can help students with their schoolwork and stay in touch with family and friends, there are risks associated with using them. However, there ...
Continue Reading →Bad actors are using compromised WordPress.com accounts and the popular Jetpack plugin to add a malicious plug-in of their own that turns compromised websites into a vehicle for perpetrating a fake tech support scam. Attackers are using stolen user names and passwords from other breaches and trying these credentials on WordPress.com to find accounts. They are even searching whois records for website domain names registered with the same email account as the stolen user name.
A quick Saturday digest of cybersecurity news articles from other sources.
Most of the small business clients I work with do not have a huge budget for a cybersecurity program, and something like a managed security service program (MSSP) is beyond their reach. They have money for a firewall, and endpoint security, but that is about it. Sound like your business? Then read on.
There are eight simple, free or low-cost things that small business IT professionals or IT support providers can do ...
Continue Reading →
I rarely repost entire articles from the web, but this one from US-CERT’s National Cyber Awareness System is great just as it is, so we are reposting it below. The recommendations in this article apply to small business networks as well.
12/15/2015 09:41 AM EST Â Original release date: December 15, 2015 | Last ...
Continue Reading →