Items Tagged with "Access Control"
July 19, 2012 Added by:Dan Dieterle
Wow, not one, but two massive password dumps in one day. Hackers leaked a very large number of Billabong and Yahoo passwords in plain text with no need to try to crack them. We looked at the passwords using the analysis tool Pipa, and here is what we found...
July 18, 2012 Added by:Danny Lieberman
The Cloud Security Control model looks great, but it doesn’t mitigate core vulnerabilities in your software. Once you choose the right service model and vendor, put aside the security reference models and focus on hardening your application software. It’s your code that will be running in someone else's cloud...
July 17, 2012 Added by:Bill Mathews
Cloud security is tough for a lot of reasons, not least of which is because you probably only understand the basics of what you interface with - the controls the provider allows you to see. This lack of depth of management introduces many security related challenges. Having said that, let’s explore...
July 12, 2012 Added by:Headlines
The document is the next step toward updating Federal Information Processing Standard (FIPS) 201. Among its requirements are that all PIV cards contain an integrated circuit chip, a personal identification number and protected biometric data—a printed photograph and two electronically stored fingerprints...
July 09, 2012 Added by:Dan Dieterle
The Social Engineering Toolkit included with Backtrack 5 is a great way for penetration testers to see how well their network and users would stand up to Social Engineering attacks. In this tutorial I will demonstrate how SET can be used to set up a realistic looking website to harvest e-mail usernames and passwords...
July 03, 2012 Added by:Nick Owen
Assuming that the anti-malware companies cannot keep malware off PCs, what can be done? Well, actually stronger authentication can be applied at certain points in the online banking process to reduce exposure. When people think of two-factor authentication, they typically mean session authentication...
July 02, 2012 Added by:Ahmed Saleh
Your passwords should be treated as "high sensitive information", and you are responsible for taking the appropriate steps to select and secure this information. Information system users should be aware of the characteristics of weak and strong passwords in order to ensure adequate protection of their information...
July 02, 2012 Added by:f8lerror
July 01, 2012 Added by:Dale Rapp
A weak WPA2 passphrase could be hacked allowing an unauthorized person to use the wireless network. Even worse this unauthorized person could decrypt the communications revealing emails you send, web sites you visit, and passwords you use for access to websites...
June 27, 2012 Added by:Headlines
"RSA has received many inquiries, press pickups, blog entries, and tweets regarding an alleged crack by researchers of the RSA SecurID 800 authenticator... an alarming claim and should rightly concern customers who have deployed the RSA SecurID 800 authenticator. The only problem is that it’s not true..."
June 27, 2012 Added by:Infosec Island Admin
Network segmentation involves separating one large network into smaller functional networks using firewalls, switches, and other similar devices. Effective segmentation restricts communication between networks and can lessen the extent to which a threat can move laterally through a network...
June 25, 2012 Added by:Headlines
"[These products are] designed specifically to deal with the case where somebody gets physical access to it or takes control of a computer that has access to it... Here, if the malware is very smart, it can actually extract the keys out of the token.That's why it's dangerous"...
June 25, 2012 Added by:Headlines
“The most disturbing findings were the number of companies that report they have no way to track what data is being stored in the cloud, no process to manage access to that data (or plans to do so), and that management doesn’t know where enterprise data is stored. This should act as a wakeup call for organizations..."
June 20, 2012 Added by:Dale Rapp
The bad guy doesn't need to know if a wireless network is hidden or connected to the network to capture unencrypted traffic, and this unencrypted traffic could be divulging emails you send, web sites you visit, and passwords you type into log in pages. Encryption should always be used...
June 20, 2012 Added by:Infosec Island Admin
A researcher identified a default backdoor user account with a weak password encryption vulnerability in the RuggedCom Rugged Operating System which could allow an attacker can use a simple publicly available script to generate the default password and gain administrative access to the unit...
June 19, 2012 Added by:Infosec Island Admin
An independent research group has identified an insufficient entropy vulnerability in Innominate’s mGuard network appliance product line which could allow an attacker to obtain the credentials of administrative users and potentially perform a Man-in-the-Middle (MitM) attack...