Author Archive
Google may be doing Harm
Posted by: | CommentsGoogle is gathering your personal and corporate data.
Google Inc. (GOOG) supposively has the motto, “do no harm.” But who defines what is harmfull? Employees recently testified to the U.S. Federal Communications Commission that they didn’t initially know that their mapping-service project software was gather personal data, even though an undisclosed engineer told a few fellow workers. The software would access payload data like e-mails, text messages, passwords, internet-usage, and other highly sensitive personal information. The FCC ended up not penalizing Google for data gathering, but assessed a $25,000 fine for not cooperating with the FCC during the initial inquiry. The fine would not even be considered a slap on the wrist. Read More→
Rumors of Password Death Are Greatly Exaggerated
Posted by: | Comments
McAfee recently revealed that 72 different organizations around the world have been victims of cyber-spying. With attacks likely to increase, it is important to note that strengthening your access controls ensures that you have a higher level of security for all those who are attempting to access the network.
However, PKI is not the panacea that some hope it would be, and the death of passwords is greatly exaggerated. From a security perspective PKI is without a doubt the best, but when it comes to high cost of ownership, time consuming implementations and specialized support staff here as well PKI wins.
Passwords are free and very easy to control, but the weakness is not in passwords but rather how people choose them, manage them and types them. Almost every breach that involved passwords was not because of passwords but because of the password used by the individual. It is no wonder that accounts and companies are getting hacked through passwords especially when IT keeps making password security more burdensome on the user. Employees are being forced to write them down, come up with easy ones to remember and use the same ones everywhere. If security is cumbersome, employees will always circumvent it for their own convenience. That is a fact. Read More→
The Difference Between Anti-Virus and MalWare
Posted by: | Comments
With all the cyber attacks reported in the news and with the increase in email SPAM with malware attachments, company CEO’s are asking me about their protection strategies. When I start discussing anti-virus and anti-malware software, I often get the same response, “Aren’t they the same thing”? They are not and that prompted me to write this report on the differences as well as some actionable tips and strategies to consider.
First, let’s get some understanding as to the differences between malware, viruses and some of the other attack terms used in the industry. Some you are undoubtedly very familiar with, while others may be fairly new. What they all have in common however, is that they are designed to do maximum damage by disrupting computers and stealing vital information. Read More→
Morto Windows Worm Spread by Attacking Weak Passwords
Posted by: | CommentsUnsafe Password Management Practices
The result of poor password management and insecure systems is all too evident in the press lately with thousands of password breaches for Sony Playstation Network, Gawker media’s sites, RockYou.com and many others.
The new password -guessing Windows worm “Morto” is spread by attacking weak passwords. “Morto” takes advantage of the fact that so many computers, servers and networks secure the front door with a simple hook ‘n’ latch security system. By that, I mean the weakness in complexity and management of password logons. It is not that passwords are insecure, but rather how users pick and manage their passwords. Morto works by attempting to log in to accounts using a series of incredibly weak passwords, such as “12345,” “admin,” “password,” and “test,” along with some brute-force dictionary guesses. It also attempts overly common logon names, including “administrator,” “admin,” “backup,” and “sql.” Read More→
Preventing Data Loss With Password Manager Tools
Posted by: | Comments
It is impossible to understate the importance of having and using strong, secure online passwords, both personally and for companies. As tools like Firesheep have shown, gaining access to an email or Facebook account can be alarmingly simple.
One of the primary reasons individuals reuse the same passwords is because keeping track of 100 different logins is difficult, if not impossible. This is where password management applications become crucial, especially in a business environment. For business accounts, using a separate, unique password for each major service — and making sure that none of these passwords are the same as those associated with personal accounts should be mandatory in a business environment. Read More→
