Most corporate password policies are a waste off time and do not add anything extra to providing secure authentication. Many of these policies were put in place to meet the standards of various compliance bodies (PCI-DSS, HIPAA, etc.) But basically these policies are not keeping up with the state of the art in password cracking, as we discussed last November in our post on
Continue Reading →
As we approach year-end, many small and medium sized business owners and managers are coming to the realization that their best intentions for creating a cybersecurity program in their organization have fallen short. This was the year, you promised yourself, that we get a handle on computer and network security.
Well it is not too late to get a start, and here is a ...
Continue Reading →
The Mirai and Bashlight botnets have caused quite a stir in the cybersecurity and IT realms. The easy ability to round up and deploy millions of devices in a botnet using automated tools has raised the bar. How we respond to DDoS attacks will have to change.
Nevertheless, you can remove your IoT devices from the bot-net and keep them from being reacquired. Here are some easy solutions:
First, as clever as these ...
Continue Reading →
I was tempted to post this article late in October, when Brian Krebs suffered with the DDoS attack on his website, or when the Mirai botnet attack on DynDNS was in full swing, but decided to wait it out until after the election, in case it turns out that the Dyn attack was a precursor to an attack to disrupt the elections. And as of today, it appears that it was ...
Naked Security recently reported on the raid on a call center outside of Mumbai India that was engaged in defrauding US taxpayers of over $15 million dollars by pretending to be IRS collection agents. 70 people were arrested and over 600 call center operators remain under investigation. While this is good news, this scam was very successful and is likely to pop up again. We are reporting on it ...
NIST has created a self assessment tool for companies and organization who are working through the NIST Cyber Security Framework (NIST-CSF). This tool is called the Baldridge Cybersecurity Excellence Bulder and is designed to help companies implement the principles of the CSF.
According to NIST, organizations can use the Baldrige Cybersecurity Excellence Builder to:
Back on August 31 I received an email from the Department of Homeland Security about a set of FTC recommendations for people using rental cars. I have experienced this issue myself. Basically, it is simple and relatively convenient to connect a smartphone to the smart vehicle’s infotainment system in order to enjoy hands free phone calls, stored musical tracks, and the phone’s navigation application. The problem is that the ...
October is National Cyber Security Awareness Month. This was released by US-CERT, and I thought it was worth posting.
Continue Reading →“October is National Cyber Security Awareness Month, which is an annual campaign to raise awareness about cybersecurity. In partnership with DHS, the National Cyber Security Alliance (NCSA) has released the first in a series of tips focused on helping people protect their online activities and ...
You don’t need to be a journalist, freedom fighter, or living under an oppressive political regime to have the desire for some online privacy. Maybe you are trying to put the contents of your life back into the Pandora’s box you opened when you signed up on Facebook. Maybe you would like a little privacy in your online life.
Linux Tails is ...
Continue Reading →
As we add more mobile and portable devices to our digital collection, cybersecurity for mobile devices becomes more important. Smartphones, tablets, wearable tech, and ultra-portable laptops are certainly convenient and easy to carry, but that makes them easy for a thief to carry off. When these devices are stolen, you lose much more than the hardware. Every bit of information on the device is up for grabs too, from contact lists, personal information, ...