Data Security: Social Engineering Still More Effective Than Zero-Day Hacks.

According to a security company’s 100 penetration attempts, most organizations succumb to five attacks, none of which involve malware or zero-day flaws. The top five attacks, according to darkreading.com: abuse of weak domain user passwords — used in 66% of Praetorian pen testers’ successful attacks broadcast name resolution poisoning (like WPAD) — 64% local admin […] read more

Longer Passwords Is The Way To Security.

In a continuation to the post from last week, it looks like it’s not only the FTC’s Chief Technologist that is waging war against the periodic renewal of passwords. The National Institute of Science and Technology (NIST) is apparently onboard as well, and they will also be recommending that something be done about password complexity […] read more

Sharing Passwords is Hacking, Which is a Federal Crime.

The controversies regarding cyberspace just keep burning brightly. In the past couple of weeks, the Ninth Circuit Court of Appeals ruled that the unauthorized sharing and use of passwords can be deemed as hacking, and thus can be a violation of the Computer Fraud and Abuse Act (CFAA). As noted by motherboard.vice.com and others, this […] read more

IRS Hacked, 101K PINs For Electronic Tax Filing Stolen (aka, What’s New?).

According to csoonline.com, the IRS had to block unknown persons or person who was downloading a massive trove of PINs used for electronic tax filing: The attack occurred in January and targeted an IRS Web application that taxpayers use to obtain their so-called Electronic Filing (E-file) PINs. The app requires taxpayer information such as name, […] read more

License Plate Scanners, Prostitution, and Big Data: Big Mistake.

You have nothing to fear if you have nothing to hide. These words or their variation are uttered a lot by people who try to justify some very questionable actions. For example: In a statement issued by her office Wednesday, [LA City Council Member Nury] Martinez said, “If you aren’t soliciting, you have no reason […] read more

What If Encryption Backdoors Backfire?.

In light of the recent Paris terrorist attacks, and the suspicion that encryption may have played a pivotal role in them, calls for backdoors to encryption are slowly resurfacing in the media. The suspicion that the terrorists used encrypted communications of some sort is strongly beginning to look like conjecture and nothing more. It’s not […] read more

Ashley Madison Passwords Easy To Crack After All.

Ah, Ashley Madison.  Even as one tries to move away from it to other issues, new problems surface like toxic malaise at a swamp: fraudulent $19 data scrubbings, men being conned by bots, some of the weakest passwords known to mankind securing their servers, an ex-CTO who supposedly hacked the competition…  Michael Corleone, I get […] read more