You are viewing 'authentication'
Be Your Own Personal Security Expert
Security breaches seem to be all over the headlines these days. In the last year we've seen Anthem, JP Morgan Chase, E-bay, Target and many more have security breaches which have resulted in the disclosure of personal information to unknown groups and people.
What do you do in that situation? Call the breached company and complain? It's too late for that. You need to protect yourself and your information.
Step 1: Change your password(s)
I don't mean change your password from 'password' to 'Password1'. I don't mean take a random password and apply it to all of the websites you use. I mean, replace the password with a strong password on any site that used a password even remotely similar to the one you used with the breached entity. Hopefully you had a strong one in place to begin with. Entropy doesn't forgive you for not wanting to remember random strands of... read more >
Protecting Credit Card Data and Meeting PCI DSS Requirements
Have you ever walked into a grocery store and found the milk on a shelf next to the mustard? Or while walking the seemingly endless aisles of a supermarket and seen the ice cream next to ice scrapers?
Unless some mischievous kids were having fun, the answer is “of course not.” There's an almost perfect order to the retail store layout, even if it is a bit overwhelming.
Does this look like segmentation?
Not only are the dairy products kept in a somewhat contained area, they are also refrigerated and protected. Do you think it's a coincidence that high-value items like jewelry and electronics are in central locations with lots of lights and minimal visual barriers?
Of course not.
This is done by design. These valuable items are prone to theft so they require an elevated level of visibility and additional protection to safeguard them. Many items are locked away and can only be accessed by... read more >
We always hear about passwords. They are weak. And, when they are not weak, there is another website compromise that results in the exposure of millions of accounts, like from CyberVor or the more recent exposure of Gmail accounts.
Do you think passwords are still important? Do you worry about your passwords?
We’ve been kicking around computer and information security for a while now. Why don’t we have a better answer?
You are not surprised that an analysis of compromised passwords shows the most commonly used passwords are old stalwarts like “123456” and “password," right?
Or are you surprised that surveys say 70-80% of passwords being used online are classified as “weak," which often means a password that is less than eight lower-case characters or are simple... read more >
A List of Do's and Don'ts
Employees return from lunch and swipe their badges across proximity readers at the main entrance and the side door leading from the smoking area. The chatter of multiple conversations via mobile and in-person merges with the oh-so-familiar beeps, accompanied by the green (or was it red) light and the routine motions of “badging in” is just that... routine.
The hacker observes discretely. He identifies the vulnerability. Adopting the guise of an employee, he raises his smartphone to his head and joins the line of tailgaters. He exploits the vulnerability.
The above scenario is constantly used by penetration testers, security consultants, disgruntled and... read more >
Demonstrating Entry Access Through Application Vulnerabilities
Security assessors doing intrusion testing often rely on automated tools to help find vulnerabilities within applications. The most common entry-point into an application is almost always a username with a weak password.
As strong as you make the application, the user will still try to set a weak password. Not because they want weak passwords, but that weak passwords tend to be easier to remember. Companies that have a strong password policy will typically see an increased call volume to the help desk for password resets or assistance in logging into the application.
Finding a balance between security and usability is paramount and will often vary between companies depending on the use of the applications. Other driving factors include accessibility to the user once authenticated, including credit card information, medical information and... read more >