Blog Posts Tagged with "Access Control"

D03c28fd5a80c394905c980ee1ecdc88

Ten Things I’ve Learned About Cloud Security

July 17, 2012 Added by:Bill Mathews

Cloud security is tough for a lot of reasons, not least of which is because you probably only understand the basics of what you interface with - the controls the provider allows you to see. This lack of depth of management introduces many security related challenges. Having said that, let’s explore...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

NIST Releases Federal ID Security Standard Draft for Comment

July 12, 2012 Added by:Headlines

The document is the next step toward updating Federal Information Processing Standard (FIPS) 201. Among its requirements are that all PIV cards contain an integrated circuit chip, a personal identification number and protected biometric data—a printed photograph and two electronically stored fingerprints...

Comments  (1)

B64e021126c832bb29ec9fa988155eaf

Harvesting Credentials with the Social Engineering Toolkit

July 09, 2012 Added by:Dan Dieterle

The Social Engineering Toolkit included with Backtrack 5 is a great way for penetration testers to see how well their network and users would stand up to Social Engineering attacks. In this tutorial I will demonstrate how SET can be used to set up a realistic looking website to harvest e-mail usernames and passwords...

Comments  (3)

Aecf1189abe745df32ec68f5864649a6

Does Two-Factor Authentication Need Fixing?

July 03, 2012 Added by:Nick Owen

Assuming that the anti-malware companies cannot keep malware off PCs, what can be done? Well, actually stronger authentication can be applied at certain points in the online banking process to reduce exposure. When people think of two-factor authentication, they typically mean session authentication...

Comments  (1)

C64d6029dda7a794e966cb3f6f6b5534

Password Security: The Main Vein

July 02, 2012 Added by:Ahmed Saleh

Your passwords should be treated as "high sensitive information", and you are responsible for taking the appropriate steps to select and secure this information. Information system users should be aware of the characteristics of weak and strong passwords in order to ensure adequate protection of their information...

Comments  (1)

71d85bb5d111973cb65dfee3d2a7e6c9

How Fast Can Your Password Be Cracked? Instantly...

July 02, 2012 Added by:f8lerror

Instantly with a JavaScript keylogger. In this brief tutorial, we show you how we can use the Metasploit JavaScript Keylogger auxiliary module in a penetration testing phishing campaign or user awareness training. This is intended for informational and/or educational purposes only...

Comments  (0)

964eef19f95b77a2606d36daf6deb25f

Is Your WPA2 Protected Wireless Network Really Secure

July 01, 2012 Added by:Dale Rapp

A weak WPA2 passphrase could be hacked allowing an unauthorized person to use the wireless network. Even worse this unauthorized person could decrypt the communications revealing emails you send, web sites you visit, and passwords you use for access to websites...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

RSA: Claims of SecurID 800 Token Crack are Whack

June 27, 2012 Added by:Headlines

"RSA has received many inquiries, press pickups, blog entries, and tweets regarding an alleged crack by researchers of the RSA SecurID 800 authenticator... an alarming claim and should rightly concern customers who have deployed the RSA SecurID 800 authenticator. The only problem is that it’s not true..."

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Longer Term Security Recommendations

June 27, 2012 Added by:Infosec Island Admin

Network segmentation involves separating one large network into smaller functional networks using firewalls, switches, and other similar devices. Effective segmentation restricts communication between networks and can lessen the extent to which a threat can move laterally through a network...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Researchers Crack RSA SecurID Tokens, Extract Keys

June 25, 2012 Added by:Headlines

"[These products are] designed specifically to deal with the case where somebody gets physical access to it or takes control of a computer that has access to it... Here, if the malware is very smart, it can actually extract the keys out of the token.That's why it's dangerous"...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Two-Thirds of Management Don’t Know Where Their Data Is

June 25, 2012 Added by:Headlines

“The most disturbing findings were the number of companies that report they have no way to track what data is being stored in the cloud, no process to manage access to that data (or plans to do so), and that management doesn’t know where enterprise data is stored. This should act as a wakeup call for organizations..."

Comments  (1)

964eef19f95b77a2606d36daf6deb25f

Is Hiding the Wireless SSID All the Network Security You Need?

June 20, 2012 Added by:Dale Rapp

The bad guy doesn't need to know if a wireless network is hidden or connected to the network to capture unencrypted traffic, and this unencrypted traffic could be divulging emails you send, web sites you visit, and passwords you type into log in pages. Encryption should always be used...

Comments  (3)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: RuggedCom Weak Password Cryptography

June 20, 2012 Added by:Infosec Island Admin

A researcher identified a default backdoor user account with a weak password encryption vulnerability in the RuggedCom Rugged Operating System which could allow an attacker can use a simple publicly available script to generate the default password and gain administrative access to the unit...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Innomate MGuard Weak HTTPS and SSH Keys

June 19, 2012 Added by:Infosec Island Admin

An independent research group has identified an insufficient entropy vulnerability in Innominate’s mGuard network appliance product line which could allow an attacker to obtain the credentials of administrative users and potentially perform a Man-in-the-Middle (MitM) attack...

Comments  (0)

02a6d0efd54c7388e26f125d8df83671

Top Five Fundamentals of Network Security

June 14, 2012 Added by:Megan Berry

There are many factors that can bring down your networks and compromise data, including criminals, carelessness and disgruntled employees. The hardware, software, and policies that make up the layers of network security defend your company’s systems from these threats. What are the most common threats?

Comments  (1)

94c7ac665bbf77879483b04272744424

Better Passwords Don't Make Us Secure: Best Practices Advice

June 14, 2012 Added by:Marc Quibell

On today's Internet, it's not about better passwords, because passwords are another weak, vulnerable form of authentication. You can make it longer, more complex... whatever, but it doesn't change the fact that it's still weak and vulnerable. Practice safe computing and at least you will lower your risk...

Comments  (0)

Page « < 1 - 2 - 3 - 4 - 5 > »