There is a lot of talk in the cybersecurity world about Industrial Control Systems (ICS) and Supervisory Control And Data Acquisition (SCADA) systems that run the US power grid, water utilities, gas piplines, oil refineries, and countless factories. We discussed how all this might play out in the electrical grid when I reviewed Ted Koppel’s new book Lights Out.
We saw the kind of damage that an IoT botnet could ...
Continue Reading →DEC


SHA-1 or Secure Hashing Algorithm 1 was developed in 1993 by the National Security Agency (NSA). It has been used to provide both hashing functions and digital signatures that validate that a certain document, web site, or other resource is genuine, original, and unchanged.
On Monday we attacked the utility of current password policies and standards. Today we will offer up an array of improvements.
Most corporate password policies are a waste off time and do not add anything extra to providing secure authentication. Many of these policies were put in place to meet the standards of various compliance bodies (PCI-DSS, HIPAA, etc.) But basically these policies are not keeping up with the state of the art in password cracking, as we discussed last November in our post on ...
If you have been the victim of a ransomware scam, or fake tech support scam, or other computer incident, intrusion, or breach, you may be wondering if you should report it to the police.
The site Adult Friend Finder, the “world’s largest sex and swingers site” recently exposed 412 million user credentials due to poor, or in some cases, non-existent password hashing practices. The biggest group losses were:
It was recently reported in Naked Security that a Seattle television news crew interviewed an Office Depot employee who alerted them to the practice of selling in-store repair scams to customers who came in looking for computer help. This whistle-blower told a story where employees where encouraged and even pressured to run the chain’s “PC Health Check” on evey ...