You are viewing 'authentication'

Protecting Your Personal Information and Identity After a Breach

Be Your Own Personal Security Expert

Jacob Faires

February 19, 2015 - Posted by Jacob Faires to Security Insight

security breach

Security breaches seem to be all over the headlines these days. In the last year we've seen Anthem, JP Morgan Chase, E-bay, Target and many more have security breaches which have resulted in the disclosure of personal information to unknown groups and people.

What do you do in that situation? Call the breached company and complain? It's too late for that. You need to protect yourself and your information.

Step 1: Change your password(s)

I don't mean change your password from 'password' to 'Password1'. I don't mean take a random password and apply it to all of the websites you use. I mean, replace the password with a strong password on any site that used a password even remotely similar to the one you used with the breached entity. Hopefully you had a strong one in place to begin with. Entropy doesn't forgive you for not wanting to remember random strands of... read more >

Retail Needs to Take a Lesson From...Retail

Protecting Credit Card Data and Meeting PCI DSS Requirements

Brian Drexler

February 05, 2015 - Posted by Brian Drexler to Security Insight

POS

Have you ever walked into a grocery store and found the milk on a shelf next to the mustard? Or while walking the seemingly endless aisles of a supermarket and seen the ice cream next to ice scrapers?

Unless some mischievous kids were having fun, the answer is “of course not.” There's an almost perfect order to the retail store layout, even if it is a bit overwhelming.

Does this look like segmentation?

Sure does.

Not only are the dairy products kept in a somewhat contained area, they are also refrigerated and protected. Do you think it's a coincidence that high-value items like jewelry and electronics are in central locations with lots of lights and minimal visual barriers?

Of course not.

This is done by design. These valuable items are prone to theft so they require an elevated level of visibility and additional protection to safeguard them. Many items are locked away and can only be accessed by... read more >

Passwords - to be or knOt2$B3

Jon-Louis Heimerl

December 11, 2014 - Posted by Jon-Louis Heimerl to Security Insight

password security

We always hear about passwords. They are weak. And, when they are not weak, there is another website compromise that results in the exposure of millions of accounts, like from CyberVor or the more recent exposure of Gmail accounts.

Do you think passwords are still important? Do you worry about your passwords?

We’ve been kicking around computer and information security for a while now. Why don’t we have a better answer?

You are not surprised that an analysis of compromised passwords shows the most commonly used passwords are old stalwarts like “123456” and “password," right?

Or are you surprised that surveys say 70-80% of passwords being used online are classified as “weak," which often means a password that is less than eight lower-case characters or are simple... read more >

Understanding the Techniques for Social Engineering

A List of Do's and Don'ts

Brent White

October 21, 2014 - Posted by Brent White to Security Insight

social engineering

This blog was co-written by Solutionary Professional Security Services Consultants Brent White and Tim Roberts.

Employees return from lunch and swipe their badges across proximity readers at the main entrance and the side door leading from the smoking area. The chatter of multiple conversations via mobile and in-person merges with the oh-so-familiar beeps, accompanied by the green (or was it red) light and the routine motions of “badging in” is just that... routine.

The hacker observes discretely. He identifies the vulnerability. Adopting the guise of an employee, he raises his smartphone to his head and joins the line of tailgaters. He exploits the vulnerability.

The above scenario is constantly used by penetration testers, security consultants, disgruntled and... read more >

Fuzzing Credentials with Burp Intruder

Demonstrating Entry Access Through Application Vulnerabilities

Will Caput

October 07, 2014 - Posted by Will Caput to Security Insight

penetration testing

Security assessors doing intrusion testing often rely on automated tools to help find vulnerabilities within applications. The most common entry-point into an application is almost always a username with a weak password.

As strong as you make the application, the user will still try to set a weak password. Not because they want weak passwords, but that weak passwords tend to be easier to remember. Companies that have a strong password policy will typically see an increased call volume to the help desk for password resets or assistance in logging into the application.

Finding a balance between security and usability is paramount and will often vary between companies depending on the use of the applications. Other driving factors include accessibility to the user once authenticated, including credit card information, medical information and... read more >

1 | 2 | 3 | 4 | Older Entries >>

Voted one of the Best Computer Security Blogs 2016
NTT Security (US), Inc. (formerly Solutionary) is a security consulting and managed security services provider. The NTT Security blog is a place for IT professionals to both learn and talk about the latest in IT security and compliance.

Get the NTT Security Blog delivered to your inbox!

Enter your Email:

(We will not share your email or use it for anything else.)

LATEST TWEETS