Items Tagged with "Access Control"


7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Siemens Synco OZW Web Server Vulnerability

August 13, 2012 Added by:Infosec Island Admin

Siemens has reported to ICS-CERT that a default password vulnerability exists in the Siemens Synco OZW Web Server device used for building automation systems. Siemens urges their customers to set a secure password on their device’s web interface. This vulnerability could be exploited remotely...

Comments  (2)

Bd07d58f0d31d48d3764821d109bf165

The Weakest Link in the Security Chain: Is it in Your Controls?

August 11, 2012 Added by:Tripwire Inc

Rather than brute-forcing the account, the hackers gained access by doing some creative social engineering by contacting Apple customer support. The problem is that we often turn over our data to 3rd-party providers without understanding what protocols they have in place to keep our data safe...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ENISA Calls for Joint Effort to Protect Login Credentials

August 10, 2012

In the cyber world our identity is reflected by our usernames and passwords. For users, keeping passwords safe is vital to avoid security incidents. But online service providers who store usernames and passwords are expected to do the same. Problems arise when security is compromised at either end of the chain...

Comments  (0)

F63d0b2876c57f0bb53f053dd6b7b747

Employee Fired for Spying on Management with RAT

August 08, 2012 Added by:Jeremy Sobeck

An executive discovered that an unauthorized remote access tool (RAT) on his computer. This type of attack requires very little sophistication. The company assumed the worst: confidential files had been stolen, malware had been installed, and the fired employee still had remote access to their systems...

Comments  (0)

Bd07d58f0d31d48d3764821d109bf165

What You Should Know When Choosing a FIM Solution

August 07, 2012

Before selecting a file integrity monitoring (FIM) solution, organizations must understand the technical differences between agentless and agent-based FIM. It’s actually these differences that deliver the benefits organizations want from their file integrity monitoring solution while minimizing the issues...

Comments  (0)

7c5c876d1933023ac375eead04302e1a

Go Ahead and Write Down Your Passwords

August 07, 2012 Added by:Boris Sverdlik

Another day, another password hack, and yet another reason not to reuse passwords... Here is a simple bash script to generate strong passwords. Port it to Python or even something more platform independent. Also, don't forget to set Auto Dismount to 15 minutes, so you don't leave it up and running...

Comments  (14)

B64e021126c832bb29ec9fa988155eaf

Billions of Hashes per Second with Multiforcer Password Cracker

August 07, 2012 Added by:Dan Dieterle

So what does it take to reach cracking speeds topping 154 Billion hashes per second with multiple hashes? The tool was created to help out pentesters who need to crack passwords, but can not submit hashes obtained to online cracking programs due to auditing agreement restrictions...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: ICONICS GENESIS32 and BizViz Vulnerabilities

August 06, 2012 Added by:Infosec Island Admin

Researchers identified an authentication bypass vulnerability leading to privilege escalation in the ICONICS GENESIS32 and BizViz applications whcih can allow an attacker to bypass normal authentication methods, granting full administrative control over the system...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Sielco Sistemi Winlog Buffer Overflow Vulnerability

August 03, 2012 Added by:Infosec Island Admin

Researchers Carlos Mario Penagos Hollmann of IOActive, Michael Messner, and Luigi Auriemma have separately identified multiple vulnerabilities in Sielco Sistemi’s Winlog application. These vulnerabilities can be remotely exploited. Exploit code is publicly available for these vulnerabilities...

Comments  (0)

7ddc1f3000a13e4dfec28074e9e7b658

Red Flag On Biometrics: Iris Scanners Can Be Tricked

August 02, 2012 Added by:Electronic Frontier Foundation

Among all the various biometric traits that can be measured for machine identification, the iris is generally regarded as being the most reliable. Yet Galbally’s team of researchers has shown that even the method traditionally presumed to be foolproof is actually quite susceptible to being hacked...

Comments  (0)

3e35900ae6facc6c146a85c435c71d82

Wireless Network Security: A Beginner's Guide

August 02, 2012 Added by:Ben Rothke

The T.J. Maxx data breach was due to insecure wireless connectivity. Estimates of the costs for this security fiasco are a staggering $4.5 billion. Had the staff at T.J. Maxx had this book at hand and used it, they may have been able to save themselves a significant amount of money...

Comments  (0)

Cb9aade927a0abf5b0bbdd2a4aaf8716

Leveraging Regular User Accounts to Achieve Compromise

July 31, 2012 Added by:Jake Garlie

One of the more common ways pentesters break in to networks is by leveraging regular user accounts which have been compromised. They can be used in various ways to compromise systems, data, applications, and more. Once valid user accounts are obtained, using them throughout the network rarely triggers any alarms...

Comments  (0)

942fc2242e6b54c078c5bb19c9fbf154

Five Security Tips for Android Phones and Tablets

July 31, 2012 Added by:Nicholas Cifranic

Android app stores such as Google Play have little or no security implementation, so anyone with a developer account may publish applications. Although Google has been attempting to enforce more controls to detect malicious apps, hackers are still publishing malware disguised as popular applications...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

BYOD: Challenges of Protecting Data - Part One

July 30, 2012 Added by:Rafal Los

Whether we're talking about cloud computing, or BYOD, or hacking in general - the buck stops with data. Some believe you can't ever classify all of your data and you should move on, while others believe that without making data custodians responsible for classification of critical data nothing else can happen...

Comments  (1)

7c5c876d1933023ac375eead04302e1a

BYOD too Big for Twitter...

July 29, 2012 Added by:Boris Sverdlik

It's not a question of technology, it really isn't. The one problem that we keep running into is that user's don't want us installing things on their personal devices. It's the whole entitlement mentality that our users have somehow attained through all of our babying. That's the cost of using their resources...

Comments  (1)

69dafe8b58066478aea48f3d0f384820

Senators Seek Investigation into Electric Grid Security Issue

July 20, 2012 Added by:Headlines

"These certificates protect access to control systems. They protect access to a $400 billion market. They protect access to trading systems. They also protect access to machines that do things like turn generators off. If you issue a fraudulent certificate or you're lax... the consequences could be disastrous..."

Comments  (0)

Page « < 1 - 2 - 3 - 4 - 5 > »