Since the release of NIST SP 800-63-3 I have been asked, “Why does our company still perform password rotation?” This question is easier said than done. It is one that requires user awareness training, implementation of auditing and alerting software, and most importantly – multifactor authentication. All of which are necessary, though it can take months to years to implement depending on a companies resources and regulatory requirements. User
Tor which is short for, “The Onion Router” began its life back in the late 1990’s and early 2000’s. The The Onion Router (Tor) network began its life, much like the internet we use today as a U.S. government project. Its design allows journalist and activists access to the internet in a completely secure and anonymous way. Freeing themselves from censorship found in many countries. Recently however, the Tor
Facebook has been under the spot light for quite some time now for its poor security and privacy practices. With this latest privacy blunder, its obvious that the company has not learned from its past. Last week it was uncovered that the company is storing passwords in clear text. This not only affects Facebook users, but InstaGram users too. It was not revealed as to why these passwords were
Why is LDAP Important? Most compliance requirements nowadays require that users authenticate to IT resources against some type of centralized authentication store. This is to ensure properly auditing and logging of successful and unsuccessful attempts being made along with standardizing on a given password policy. There are many different ways to accomplish this, one of which is using the Lightweight Directory Access Protocol or LDAP. LDAP got its roots
In order to beef up security of consumer based Internet of Things devices, Japan will now scan IoT devices within its borders. Beginning mid-February, the National Institute of Information and Communications Technology will attempt to break into an estimated 200 million devices. The institute has compiled a list of generic usernames and passwords commonly used by manufacturers for default login credentials. Is this a good thing? In 2018, the
This year Yubico teamed up with the Ponemon Institute to deliver the 2019 State of Password and Authentication Security Behaviors report. The report was sampled from around 15,000 participants from around the globe which touched on topics which included privacy and security. The report depicts the grim reality of which we still live in today with regards to passwords and their use. For instance, 69% of respondents share passwords
We hear of new data breaches almost everyday, so many that we have reached the pinnacle of “breach fatigue.” A feeling where consumers are tired of hearing about theft of personal information due to carelessness on part of a company. From Equifax, Yahoo!, to Cambridge Analytica, our personal, sensitive information is out on the public internet. Poor cyber security practices is just one of the main issues of data theft
How does DNS work? Protecting your privacy online is a hot topic for many. Though many websites have transitioned from HTTP to HTTPS, allowing web traffic to be secured, this does not protect your overall privacy. The internet still relies on older protocols to ensure you are accessing the right website or other online resources. DNS, or the Domain Name Service, is one of those protocols we rely heavly
Over the last few weeks, Russian hackers have coordinated attacks against personal, government, corporations, and Internet Service Providers. These attacks are currently being directed toward IoT devices, home based modems, and corporate routers, switches and firewalls. This is in an attempt to create an organized attack against the US and UK and potentially bring down critical infrastructure. There are a couple of reasons why these attacks are occurring against
It was just announced today that 9 Iranians were involved in hacking 144 universities. They targeted professors and research departments in order to gain access to vital intel. In today’s realm of cybersecurity this does not surprise me. Many small to even larger institutions do not adequately protect they’re network, most do not even have a border firewall. These institutions fully trust their entire network, from the student and