Blog Posts Tagged with "Access Control"


Thirteen Tips to Secure Your Virtual Machine Environment

June 14, 2012 Added by:Brent Huston

Virtual environments are becoming more popular, enabling multiple OS environments and providing disaster recovery solutions. Safeguarding your virtual environment is vital, though it doesn’t have the same issues as a physical environment. Here are a few tips to keep things running smoothly...

Comments  (0)


ICS-CERT: Credential Management

June 13, 2012 Added by:Infosec Island Admin

Credential caching should be disabled on all machines. A common technique employed by attackers is referred to as “pass the hash.” The pass the hash technique uses cached password hashes extracted from a compromised machine to gain access to additional machines on the domain...

Comments  (0)


Recovering Clear Text Passwords – Updated

June 13, 2012 Added by:Dan Dieterle

When I wrote about WCE last, I noticed that for some reason the output didn’t seem right for accounts that did not have passwords. WCE seemed to mirror a password from another account when a password was not present. Hernan from Amplia Security (creator of WCE) created a fix for this...

Comments  (0)


Fashionable But Vulnerable: Mobile Devices in the Workplace

June 12, 2012 Added by:Simon Heron

Mobile devices are contributing to improved efficiency and are undoubtedly popular with employees, but they are also inherently vulnerable. To minimise the risks, organisations must develop specific mobile device management policies – and then enforce them...

Comments  (0)


Password Protection Pointers

June 12, 2012 Added by:Jayson Wylie

The best password is the one that only you know. Even better one is one that nobody else can find out. Crackers are getting away from massive rainbow tables and moving on to graphics processors for quick password compromise. It is possible to categorize your passwords to define the sensitivity of their purpose....

Comments  (0)


If I Told You, I'd Have to Kill You

June 11, 2012 Added by:Ed Bellis

All of these breaches present a great opportunity to learn what does and doesn’t work in information security. But when we get responses like the one posted by Last.FM not only do we not learn anything, we don’t have any reason to believe they have either...

Comments  (0)


Analysis of Passwords Dumped from LinkedIn

June 11, 2012 Added by:Dan Dieterle

People put a lot of personal information on LinkedIn - their education and job experience, along with the groups that they belong to - treasure trove of information to Social Engineers. Of all the online social sites, LinkedIn users should really choose a long complex password to secure their account...

Comments  (0)


Hooray! An Open-Source Password Analyzer Tool...

June 08, 2012 Added by:Brent Huston

The time it takes to crack a password is the only true measure of its worth. Morris has created a tool for administrators that allows them to configure a password policy based on the time to crack, the possible technology that an attacker might be using, and the password protection technology in use...

Comments  (0)


LinkedIn Fails Security Due Diligence

June 07, 2012 Added by:Marc Quibell

Poor security practices led to the password database ending up in Russia. We can also say that the best security practices were not applied to the security of our passwords: LinkedIn did not "salt their hash" and therefore the passwords were much more vulnerable to simple brute force attacks...

Comments  (0)


How and Why to Alert Your Employees of the LinkedIn Breach

June 07, 2012 Added by:Jason Clark

Cyber security teams should send out an employee alert explaining why LinkedIn passwords need to be changed and best practices for doing so. You may not have direct IT control over individual LinkedIn accounts, but your communication may alleviate social engineering attacks on employees and your network...

Comments  (0)


Should You Be Worried About the LinkedIn Breach?

June 06, 2012 Added by:Kelly Colgan

People who rely on LinkedIn for professional networking keep a wealth of information stored on their profile pages. With news of a possible data breach exposing 6.5 million user passwords, LinkedIn users need to take steps to protect their personal data. Here are five tips we recommend you follow...

Comments  (3)


Google's Worst Security Idea Ever

June 06, 2012 Added by:Jeffrey Carr

Google announced that it will notify a subset of its Gmail customers if they're the victim of a State-sponsored attack. Google's advice is FUD-inducing for people who aren't targets and insufficient for those who are. I have to wonder what Google was thinking when it created this awful program...

Comments  (0)


Keeping Technology Staff Honest

June 05, 2012 Added by:Jayson Wylie

Technology staff, on occasion, have had an all-access pass to all data on Window’s networks. This creates an environment where the support staff has exposure in having access to sensitive and confidential stuff stored in the most private parts of the organization’s data stores...

Comments  (0)


Ensuring Data Integrity via Checks, Tests, and Best Practices

June 04, 2012 Added by:Fergal Glynn

As a process, data integrity verifies that data has remained unaltered in transit. As a state or condition, it is a measure of the validity and fidelity of a data object. As a function related to security, means information is exactly as it was inputted and is auditable to affirm its reliability...

Comments  (0)


To Backdoor or Not?

June 03, 2012 Added by:Jayson Wylie

There is speculation of purposeful backdoor implementations for monitoring by the US government in the name of national security. If there is the ability for a government to monitor communications, how can we be assured that another government is not using the same means, but for different purpose?

Comments  (0)


ICS-CERT: RuggedCom Weak Cryptography for Passwords

May 30, 2012 Added by:Infosec Island Admin

A researcher identified a default backdoor user account with a weak password encryption vulnerability in the RuggedCom Rugged Operating System which could allow an attacker can use a simple publicly available script to generate the default password and gain administrative access to the unit...

Comments  (0)

Page « < 2 - 3 - 4 - 5 - 6 > »
Most Liked