Items Tagged with "Access Control"


54a9b7b662bfb0f0445d1661d7ed180b

To Backdoor or Not?

June 03, 2012 Added by:Jayson Wylie

There is speculation of purposeful backdoor implementations for monitoring by the US government in the name of national security. If there is the ability for a government to monitor communications, how can we be assured that another government is not using the same means, but for different purpose?

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: RuggedCom Weak Cryptography for Passwords

May 30, 2012 Added by:Infosec Island Admin

A researcher identified a default backdoor user account with a weak password encryption vulnerability in the RuggedCom Rugged Operating System which could allow an attacker can use a simple publicly available script to generate the default password and gain administrative access to the unit...

Comments  (0)

E313765e3bec84b2852c1c758f7244b6

Quick Wireless Network Security Reminders

May 29, 2012 Added by:Brent Huston

I recently tested a couple of Android network stumblers on a drive around the city and I found that not a lot has changed for consumer wireless networks since I last stumbled. There are still a TON of unprotected networks, default SSIDs and WEP networks out there...

Comments  (2)

F2792196079f2c16cd02be6e9ff5b3da

Why AppSec Won't Always Bail You Out

May 24, 2012 Added by:DHANANJAY ROKDE

The approach of NetSec pros is different from the AppSec folks, as they concentrate on the attack-surface rather than get into the application itself. This is in no way comparison of the level of difficulty of either of the disciplines, NetSec pros just take it to the next level...

Comments  (0)

37d5f81e2277051bc17116221040d51c

IT Security: Preventing Insider Threats

May 24, 2012 Added by:Robert Siciliano

An employee at Fannie Mae, knowing he is about to be fired, installed a logic bomb set to detonate almost 3 months after his departure. The detonation would have taken the organization off line for almost a week and cost millions and millions of dollars...

Comments  (0)

Ebe141392ea3ebf96ba918c780ea1ebe

For Great Justice - I Mean Security...

May 22, 2012 Added by:Wendy Nather

Organizations that are IT-poor tend also to be security-poor because security becomes optional, a luxury and an omission for the small business that doesn't know it has something to lose -- or even if it does, it hasn't the faintest idea of how to address it...

Comments  (0)

A7290c5bd7bc2aaa7ea2b6c957ef639b

Social Media Seeks Control Through TOS Enforcement

May 21, 2012 Added by:David Navetta

So far, social media companies have only sought to squash undesirable behavior on their platforms from third party commercial entities, such as spammers or those seeking password sharing, but in the future such litigation could be viable against individual users...

Comments  (0)

71d85bb5d111973cb65dfee3d2a7e6c9

Guessable Passwords: The Unpatchable Exploit

May 20, 2012 Added by:f8lerror

During penetration assessments the tester attempts to compromise systems. Many users take short cuts with passwords, this is because they feel they are not a target, not important, or their access doesn’t matter. Penetration testers know this and so do the attackers...

Comments  (0)

2e541940bc9b12ea62726bb51ed8787d

BYOD - It's a Personal Matter

May 16, 2012 Added by:Phil Klassen

When you own something, especially a mobile device, there is a sense of entitlement that the individual has. So it's critical that you establish the fact that using a personal device to do company business is a privilege, not a right, and that privilege can be taken away...

Comments  (1)

E313765e3bec84b2852c1c758f7244b6

Follow Up to the Out of Band Authentication Post

May 16, 2012 Added by:Brent Huston

Sadly, there are more than a few who are struggling to get OOBA right or done at all. As with most things, it helps to do a little research. Organizations should perform due diligence on their vendors and factor vendor risks into the equation of purchases and project planning...

Comments  (0)

37d5f81e2277051bc17116221040d51c

How Does Your Bank Protect Your Data?

May 15, 2012 Added by:Robert Siciliano

Financial institutions have established a layered security approach that includes multi-factor authentication, as well as doing due diligence when it comes to identifying customers as real people whose identities haven’t been stolen...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

FBI Guidance of Combating the Insider Threat

May 15, 2012 Added by:Infosec Island Admin

The thief who is harder to detect and who could cause the most damage is the insider — the employee with legitimate access. They may steal solely for personal gain or be a “spy”—someone who is stealing company information or products in order to benefit another organization or country...

Comments  (0)

959779642e6e758563e80b5d83150a9f

Treat Passwords Like Cash

May 14, 2012 Added by:Danny Lieberman

Every Web site and business application has a different algorithm and password policy. For users, who need to maintain strong passwords using 25 different policies on 25 different systems sites, it’s impossible to maintain a strong password policy without making some compromises...

Comments  (0)

Da9f2c6651b84f7db75ae55d6e372103

Securing Your Company Against BYOD-Created Threats

May 14, 2012 Added by:Ashley Furness

The increasing emergence of Bring Your Own Device (BYOD) policies has both good and bad implications. Here are four strategies your company should implement to keep data secure while supporting employees' choice to use their own laptops, smartphones and tablets in the workplace...

Comments  (3)

E313765e3bec84b2852c1c758f7244b6

Twitter Hack! Five Ways to Avoid Being a Victim of Phishing

May 12, 2012 Added by:Brent Huston

Twitter is downplaying a security breach that exposed tens of thousands of user emails and passwords. The compromised Twitter accounts could have been the result of phishing attacks. Whenever you read about such breaches, it is always a good idea to change your password...

Comments  (0)

2e541940bc9b12ea62726bb51ed8787d

Firewalls: Stop Blocking by IP and Port

May 08, 2012 Added by:Phil Klassen

There has been some good discussions on firewalls, and the majority of the feedback is that firewalls are still an important part of the security infrastructure. However, I am surprised that the discussion revolves around legacy features and not those required to meet today's needs...

Comments  (3)

Page « < 3 - 4 - 5 - 6 - 7 > »