Connecting Debian based systems to OpenLDAP

Connecting Debian based systems to OpenLDAP

Why is LDAP Important? Most compliance requirements nowadays require that users authenticate to IT resources against some type of centralized authentication store. This is to ensure properly auditing and logging of successful and unsuccessful attempts being made along with standardizing on a given password policy. There are many different ways to accomplish this, one of which is using the Lightweight Directory Access Protocol or LDAP. LDAP got its roots

Read More

State Sponsored Probing Internet of Things Devices

State Sponsored Probing Internet of Things Devices

In order to beef up security of consumer based Internet of Things devices, Japan will now scan IoT devices within its borders. Beginning mid-February, the National Institute of Information and Communications Technology will attempt to break into an estimated 200 million devices. The institute has compiled a list of generic usernames and passwords commonly used by manufacturers for default login credentials. Is this a good thing? In 2018, the

Read More

2019 State of Password and Security Behaviors

2019 State of Password and Security Behaviors

This year Yubico teamed up with the Ponemon Institute to deliver the 2019 State of Password and Authentication Security Behaviors report. The report was sampled from around 15,000 participants from around the globe which touched on topics which included privacy and security. The report depicts the grim reality of which we still live in today with regards to passwords and their use. For instance, 69% of respondents share passwords

Read More

The Need for Better Transparency

The Need for Better Transparency

We hear of new data breaches almost everyday, so many that we have reached the pinnacle of “breach fatigue.” A feeling where consumers are tired of hearing about theft of personal information due to carelessness on part of a company. From Equifax, Yahoo!, to¬†Cambridge Analytica, our personal, sensitive information is out on the public internet. Poor cyber security practices is just one of the main issues of data theft

Read More

DNS over HTTPS

DNS over HTTPS

How does DNS work? Protecting your privacy online is a hot topic for many. Though many websites have transitioned from HTTP to HTTPS, allowing web traffic to be secured, this does not protect your overall privacy. The internet still relies on older protocols to ensure you are accessing the right website or other online resources. DNS, or the Domain Name Service, is one of those protocols we rely heavly

Read More

Russian Hackers Targeting US and UK Critical Infrastructure

Russian Hackers Targeting US and UK Critical Infrastructure

Over the last few weeks, Russian hackers have coordinated attacks against personal, government, corporations, and Internet Service Providers. These attacks are currently being directed toward IoT devices, home based modems, and corporate routers, switches and firewalls. This is in an attempt to create an organized attack against the US and UK and potentially bring down critical infrastructure. There are a couple of reasons why these attacks are occurring against

Read More

CloudFlare’s new DNS over HTTPS service

CloudFlare’s new DNS over HTTPS service

Get your sights set on yet another free DNS service provider. This time CloudFlare is getting into the ring with players from OpenDNS (now Cisco’s Umbrella), Google, and Quad9 by providing DNS resolution free to anyone. What makes CloudFlare’s DNS service different from the others, building in privacy to every DNS query by combining DNS-over-HTTPS (DOH’). Typical DNS traffic is sent in clear text which means your internet service

Read More

The Clarifying Lawful Overseas Use of Data (CLOUD) Act

The Clarifying Lawful Overseas Use of Data (CLOUD) Act

On March 23, 2018 President Trump signed a $1.3 Trillion dollar spending bill to keep the US government from shutting down. In that spending bill, congress snuck in The Clarifying Lawful Overseas Use of Data (CLOUD) Act. The premise of the CLOUD Act is widely overreaching in that it allows the US Government to access data which resides in foreign countries. According to the Electronic Freedom Foundation the act

Read More

US targets 9 Iranians over university hacks

US targets 9 Iranians over university hacks

It was just announced today that 9 Iranians were involved in hacking 144 universities. They targeted professors and research departments in order to gain access to vital intel. In today’s realm of cybersecurity this does not surprise me. Many small to even larger institutions do not adequately protect they’re network, most do not even have a border firewall. These institutions fully trust their entire network, from the student and

Read More