New password guidelines say everything we thought about passwords is wrong
My essay about the future of passwords just got published by VentureBeat:
New password guidelines say everything we thought about passwords is wrong
1 Comment
VentureBeat accepts confidential submissions using secure tools such as PGP. They promise to protect the identity of the source.
KrebsOnSecurty just reported that Stoney's -- the privately-held restaurant chain that operates approximately 150 company-owned and franchised locations in 17 states from Maryland to Florida -- got hacked. It would be interesting to know whether they accept EMV (aka chip&pin) cards or still use old good magnetic stripes. I guess the answer is no as in most restaurants in the US waiters still take away your card to swipe it at the point of sale instead of bringing the chip card reader device to the table.
But the solution is so obvious - just use other factors such as biometric -- Apple's Touch ID, for example -- for authentication instead of outdated passwords and pins!
Experts at Newcastle University analysed the movement of a smartphone as the screen was used. They say they cracked four-digit Android pins with 70% accuracy on the first guess and 100% by the fifth. The team of cyber-experts claim tech companies know about the problem but can't figure out what to do about it. Dallas’s 156 emergency sirens have been hacked and sounded about 15 times, with no tornado in sight4/10/2017 I knew that this is easy, but I did not know that it is in fact so easy. What's next? I guess there will be new open cybersecurity positions in Dallas city soon.
The city is now looking at the cybersecurity of its public services. "This is yet another serious example of the need for us to upgrade and better safeguard our city’s technology infrastructure," said Mayor Mike Rawlinson. At nearly quarter to midnight on Friday, all 156 of Dallas' emergency alarm systems went off. They're designed to warn denizens of the Texas city about severe storms, tornados and other dangerous weather. But there was no sign of any natural cataclysm coming on the weekend. It soon emerged that hackers had set off all 156 of the outdoor warning sirens. The Dallas Office of Emergency Management swiftly set to work turning all the alarms off before determining how to prevent further attacks. Here is some data showing that hospital ransomware attacks are still on the rise.
NHS hospital trusts in England reported 55 cyber attacks in 2016, according to data obtained by the BBC. The figures come from NHS Digital, which oversees cyber security, and show an increase on 16 attacks in 2015. NHS Digital said the figures showed a "rise in reporting, not necessarily a rise in cyber attacks". But Oliver Farnan, from the Oxford Cyber Security Centre, said ransomware attacks had become more common. I think the following statements by Amazon CIO are true, but still they don't do everything that's required for decent security, and there are a lot of controls that companies have to implement by themselves in addition to those provided out of the box.
"We can make investments in security that are almost impossible for individual companies to make by themselves" "Security of information stored in the public cloud has always been superior to what organisations can achieve on-premise" It turns out Mac is not a safe harbor anymore according to this article.
The dramatic increase in Apple Mac OS malware samples went from 50,000 in Q3 2016 to about 320,000 in Q4. McAfee Labs VP Vincent Weafer says the increase can be partially attributed to hackers setting their sights beyond Windows targets. More people are using multi-platform environments in their homes and businesses, he explains, and attackers are taking advantage. I will keep my old Book Pro for a while...
Both the Mac Pro and MacBook Pro have been frequent targets. But bashing the Mac Pro piñata became everyone’s favorite pastime this week. The trigger was a meeting Apple executives Phil Schiller, Craig Federighi and John Ternus had with a small group of journalists (full transcript here courtesy of TechCrunch).Phil Schiller even said “we’re sorry” referring to “a pause in upgrades and updates.” Craig Federighi focused on mistakes (via TechCrunch) that Apple has made. This is true.
Cybercriminals are testing the strength of your organization's defensive wall, looking for the one crack they need to launch their attacks. Oftentimes that flaw isn't a "what," but a "who." Employees only need to download a bad attachment, click a malicious link, or give attackers one piece of information they need to break in. Security is a business-wide responsibility. "Companies need to realize if their employees are picking up the phone and answering emails, they are making security decisions every day that can affect the company," says Michele Fincher, COO for Social-Engineer, Inc. "They don't realize how many good decisions employees need to make to be secure." |
Books
Recent Posts
Categories
All
Archives
October 2024
|