The California Consumer Privacy Act and The .US Domain

The California Consumer Privacy Act and The .US Domain

As I start this off I would be remiss to state that yes, I have a .us domain, however so do many Americans. You see, the .us top level domain (TLD) is only available to those who reside within the United States. There are other requirements too such as keeping your WHOIS records up to date. Ensuring that WHOIS records show that those who register a .us domain reside

Read More

Password Rotation and the Problem of Not Doing It

Password Rotation and the Problem of Not Doing It

Since the release of NIST SP 800-63-3 I have been asked, “Why does our company still perform password rotation?” This question is easier said than done. It is one that requires user awareness training, implementation of auditing and alerting software, and most importantly – multifactor authentication. All of which are necessary, though it can take months to years to implement depending on a companies resources and regulatory requirements. User

Read More

The CIA’s Newest Website Is Now On Tor
The CIA’s Newest Website Is Now On Tor

The CIA’s Newest Website Is Now On Tor

Tor which is short for, “The Onion Router” began its life back in the late 1990’s and early 2000’s. The The Onion Router (Tor) network began its life, much like the internet we use today as a U.S. government project. Its design allows journalist and activists access to the internet in a completely secure and anonymous way. Freeing themselves from censorship found in many countries. Recently however, the Tor

Read More

Facebook Exposes Millions of Passwords in Clear Text

Facebook Exposes Millions of Passwords in Clear Text

Facebook has been under the spot light for quite some time now for its poor security and privacy practices. With this latest privacy blunder, its obvious that the company has not learned from its past. Last week it was uncovered that the company is storing passwords in clear text. This not only affects Facebook users, but InstaGram users too. It was not revealed as to why these passwords were

Read More

Connecting Debian based systems to OpenLDAP

Connecting Debian based systems to OpenLDAP

Why is LDAP Important? Most compliance requirements nowadays require that users authenticate to IT resources against some type of centralized authentication store. This is to ensure properly auditing and logging of successful and unsuccessful attempts being made along with standardizing on a given password policy. There are many different ways to accomplish this, one of which is using the Lightweight Directory Access Protocol or LDAP. LDAP got its roots

Read More

State Sponsored Probing Internet of Things Devices

State Sponsored Probing Internet of Things Devices

In order to beef up security of consumer based Internet of Things devices, Japan will now scan IoT devices within its borders. Beginning mid-February, the National Institute of Information and Communications Technology will attempt to break into an estimated 200 million devices. The institute has compiled a list of generic usernames and passwords commonly used by manufacturers for default login credentials. Is this a good thing? In 2018, the

Read More

2019 State of Password and Security Behaviors

2019 State of Password and Security Behaviors

This year Yubico teamed up with the Ponemon Institute to deliver the 2019 State of Password and Authentication Security Behaviors report. The report was sampled from around 15,000 participants from around the globe which touched on topics which included privacy and security. The report depicts the grim reality of which we still live in today with regards to passwords and their use. For instance, 69% of respondents share passwords

Read More

The Need for Better Transparency

The Need for Better Transparency

We hear of new data breaches almost everyday, so many that we have reached the pinnacle of “breach fatigue.” A feeling where consumers are tired of hearing about theft of personal information due to carelessness on part of a company. From Equifax, Yahoo!, to Cambridge Analytica, our personal, sensitive information is out on the public internet. Poor cyber security practices is just one of the main issues of data theft

Read More

DNS over HTTPS

DNS over HTTPS

How does DNS work? Protecting your privacy online is a hot topic for many. Though many websites have transitioned from HTTP to HTTPS, allowing web traffic to be secured, this does not protect your overall privacy. The internet still relies on older protocols to ensure you are accessing the right website or other online resources. DNS, or the Domain Name Service, is one of those protocols we rely heavly

Read More

Russian Hackers Targeting US and UK Critical Infrastructure

Russian Hackers Targeting US and UK Critical Infrastructure

Over the last few weeks, Russian hackers have coordinated attacks against personal, government, corporations, and Internet Service Providers. These attacks are currently being directed toward IoT devices, home based modems, and corporate routers, switches and firewalls. This is in an attempt to create an organized attack against the US and UK and potentially bring down critical infrastructure. There are a couple of reasons why these attacks are occurring against

Read More