All posts tagged passwords

Worried about the wrong things? It’s always the wrong thing.

Guy Wright’s piece titled Internet Security: We were worried about the wrong things is a bit old but it’s an important point. Security is a moving target. It’s always a moving target. I disagree, however, with the assertion that SSL (and its successor, TLS) were a waste of time.

Don’t e-mail yourself a list of all your passwords and bank account numbers to yourself from work

So my buddy, we’ll call him Bob, runs Data Loss Prevention (DLP) for a big company. DLP is software that limits what you can do with sensitive information, in order to block it from going out of the company. The NSA wasn’t using DLP back when Ed Snowden was working for them; they probably are now. Sometimes DLP […]

You’re telling me someone gave a stranger his password?

I was talking breaches last week when a very high-up joined the conversation in mid-stream. “Start over, Dave.” “OK. I’m talking about breaches.” “I know what you’re talking about,” he said, knowingly and very clearly interested.

This week’s photo leak is a reminder of the need for good passwords

This week, numerous celebrities, mostly female, had their Apple accounts hacked and intimate photos stolen and leaked. There are several things we all need to learn from this. We don’t know yet exactly what happened, though I’ve heard several theories. One possibility is that the celebrities’ accounts were hacked recently. Another is that someone who’s […]

IT personnel and knowing things they aren’t supposed to know

On Slashdot, a newcomer to the IT field asked a really good question: What do you do to avoid seeing things you’re not supposed to see? Clearly, some people do it better than others, but it seems to me it’s a fact of life that eventually you will see things you’re not supposed to see. […]

Password advice in the wake of Heartbleed

I’ve seen a lot of bad password advice lately. Guessing passwords is just too easy for a computer to do, especially as they get more and more powerful. Formulas are bad, but unavoidable, so here’s what I recommend if you’re not going to use a password manager creating completely random passwords: Unverifiable (or difficult to […]

Passwords you need to change in Heartbleed’s wake

Heartbleed, a serious vulnerability in a piece of Internet backend software called OpenSSL, is the security story of the week. Vulnerable OpenSSL versions allow an attacker to see parts of a web session they aren’t supposed to see, including passwords in transit. Timing is critical. If a site upgrades to a new version after you […]

Why you need to guard your Backup Exec servers

If you have a Windows domain, there’s a fairly good chance you have Backup Exec servers, because you probably want to take backups. Because you need them. (As a security guy, I no longer care how you get backups; just that you’re getting them somehow.) Backup Exec is a popular solution for that. But there’s […]

Why the Target data breach news keeps getting worse, and what you need to do

As you probably know, last year some still-unknown criminals stole a whole bunch of credit and debit card data from Target. And the story keeps changing. First there weren’t any PINs. Then they got the PINs, but no personally identifiable data. Well, the latest news indicates they got credit card numbers, names, addresses, phone numbers, […]

Beyond compliance: Maturity models

A lot of organizations equate security with regulatory compliance–they figure out what the law requires them to do, then do precisely that. Forward-thinking organizations don’t. They see security as a way to get and maintain a competitive advantage, and rather than measure themselves against regulations that are often nearly out of date by the time […]