All posts tagged passwords

This week’s photo leak is a reminder of the need for good passwords

This week, numerous celebrities, mostly female, had their Apple accounts hacked and intimate photos stolen and leaked. There are several things we all need to learn from this. We don’t know yet exactly what happened, though I’ve heard several theories. One possibility is that the celebrities’ accounts were hacked recently. Another is that someone who’s […]

Password advice in the wake of Heartbleed

I’ve seen a lot of bad password advice lately. Guessing passwords is just too easy for a computer to do, especially as they get more and more powerful. Formulas are bad, but unavoidable, so here’s what I recommend if you’re not going to use a password manager creating completely random passwords: Unverifiable (or difficult to […]

Passwords you need to change in Heartbleed’s wake

Heartbleed, a serious vulnerability in a piece of Internet backend software called OpenSSL, is the security story of the week. Vulnerable OpenSSL versions allow an attacker to see parts of a web session they aren’t supposed to see, including passwords in transit. Timing is critical. If a site upgrades to a new version after you […]

Why you need to guard your Backup Exec servers

If you have a Windows domain, there’s a fairly good chance you have Backup Exec servers, because you probably want to take backups. Because you need them. (As a security guy, I no longer care how you get backups; just that you’re getting them somehow.) Backup Exec is a popular solution for that. But there’s […]

Why the Target data breach news keeps getting worse, and what you need to do

As you probably know, last year some still-unknown criminals stole a whole bunch of credit and debit card data from Target. And the story keeps changing. First there weren’t any PINs. Then they got the PINs, but no personally identifiable data. Well, the latest news indicates they got credit card numbers, names, addresses, phone numbers, […]

Beyond compliance: Maturity models

A lot of organizations equate security with regulatory compliance–they figure out what the law requires them to do, then do precisely that. Forward-thinking organizations don’t. They see security as a way to get and maintain a competitive advantage, and rather than measure themselves against regulations that are often nearly out of date by the time […]

You need a Yubikey.

I mentioned the Yubikey as the ultimate solution stolen passwords on the excellent Yahoo Marx Train forum, and another member asked me to elaborate on it. Rather than take up a lot of space with some off-topic discussion, I decided it would be better to write about it here. The Yubikey is the best solution […]

Not your father’s Celeron

I picked up a Celeron G1610 CPU last week and I’m using it to build a Linux box. Yeah, it’s a Celeron. But it performs like a 2011-vintage Core i3 or a 2010-vintage Core i5, consumes less power than either, and costs less than $50. It’s hard to go wrong with that.

Why your favorite web site’s password strength meter is full of hooey

Ars Technica talked three password crackers into doing their worst to a leaked database of 16,000 passwords, to see what they could learn. They learned a lot, and we can learn a lot from their experience as well. “qeadzcwrsfxv1331″ isn’t a good password. Neither is “Philippians4:13.” Neither is “correcthorsebatterystaple.” Neither is “Qbesancon321″ or “Qbe$@ncon321.” Password […]

Livingsocial got breached. Change your password, of course

Livingsocial got breached. You need to change your password, if you have a Livingsocial account. There are two questions worth asking: How do you protect yourself, and how does this happen?