Archive for Employee Security
Rumors of Password Death Are Greatly Exaggerated
Posted by: | Comments
McAfee recently revealed that 72 different organizations around the world have been victims of cyber-spying. With attacks likely to increase, it is important to note that strengthening your access controls ensures that you have a higher level of security for all those who are attempting to access the network.
However, PKI is not the panacea that some hope it would be, and the death of passwords is greatly exaggerated. From a security perspective PKI is without a doubt the best, but when it comes to high cost of ownership, time consuming implementations and specialized support staff here as well PKI wins.
Passwords are free and very easy to control, but the weakness is not in passwords but rather how people choose them, manage them and types them. Almost every breach that involved passwords was not because of passwords but because of the password used by the individual. It is no wonder that accounts and companies are getting hacked through passwords especially when IT keeps making password security more burdensome on the user. Employees are being forced to write them down, come up with easy ones to remember and use the same ones everywhere. If security is cumbersome, employees will always circumvent it for their own convenience. That is a fact. Read More→
The Difference Between Anti-Virus and MalWare
Posted by: | Comments
With all the cyber attacks reported in the news and with the increase in email SPAM with malware attachments, company CEO’s are asking me about their protection strategies. When I start discussing anti-virus and anti-malware software, I often get the same response, “Aren’t they the same thing”? They are not and that prompted me to write this report on the differences as well as some actionable tips and strategies to consider.
First, let’s get some understanding as to the differences between malware, viruses and some of the other attack terms used in the industry. Some you are undoubtedly very familiar with, while others may be fairly new. What they all have in common however, is that they are designed to do maximum damage by disrupting computers and stealing vital information. Read More→
Morto Windows Worm Spread by Attacking Weak Passwords
Posted by: | CommentsUnsafe Password Management Practices
The result of poor password management and insecure systems is all too evident in the press lately with thousands of password breaches for Sony Playstation Network, Gawker media’s sites, RockYou.com and many others.
The new password -guessing Windows worm “Morto” is spread by attacking weak passwords. “Morto” takes advantage of the fact that so many computers, servers and networks secure the front door with a simple hook ‘n’ latch security system. By that, I mean the weakness in complexity and management of password logons. It is not that passwords are insecure, but rather how users pick and manage their passwords. Morto works by attempting to log in to accounts using a series of incredibly weak passwords, such as “12345,” “admin,” “password,” and “test,” along with some brute-force dictionary guesses. It also attempts overly common logon names, including “administrator,” “admin,” “backup,” and “sql.” Read More→
Preventing Data Loss With Password Manager Tools
Posted by: | Comments
It is impossible to understate the importance of having and using strong, secure online passwords, both personally and for companies. As tools like Firesheep have shown, gaining access to an email or Facebook account can be alarmingly simple.
One of the primary reasons individuals reuse the same passwords is because keeping track of 100 different logins is difficult, if not impossible. This is where password management applications become crucial, especially in a business environment. For business accounts, using a separate, unique password for each major service — and making sure that none of these passwords are the same as those associated with personal accounts should be mandatory in a business environment. Read More→
Shady RAT World Wide Hacking
Posted by: | Comments
Recently McAffe published a worldwide hacking report about what they are calling Shady RAT.
The United Nations, Olympic committees, governments, U.S. real estate company, a major media organization based in New York, a satellite communications company and other companies around the world, totaling 72 organizations, have been hacked by a “state actor”.
While there are suspicions as to which country was involved,it has not yet been proven. McAfee’s vice-president of threat research, Dmitri Alperovitch, wrote in a 14-page report that, “Even we were surprised by the enormous diversity of the victim organizations and were taken aback by the audacity of the perpetrators. What is happening to all this data … is still largely an open question. However, if even a fraction of it is used to build better competing products or beat a competitor at a key negotiation (due to having stolen the other team’s playbook), the loss represents a massive economic threat.” Read More→
