Livingsocial got breached. You need to change your password, if you have a Livingsocial account. There are two questions worth asking: How do you protect yourself, and how does this happen?
All posts tagged passwords
Livingsocial got breached. Change your password, of course
Posted by Dave Farquhar on April 28, 2013
http://dfarq.homeip.net/2013/04/livingsocial-got-breached-change-your-password-of-course/
When your CISSP isn’t enough
I had a job interview Monday. I have at least one observation from it–the things on my resume that impress recruiters don’t necessarily impress a good hiring manager. Not on their own, at least. Let’s do some post-mortem.
Posted by Dave Farquhar on April 24, 2013
http://dfarq.homeip.net/2013/04/when-your-cissp-isnt-enough/
Linksys isn’t the only company building insecure routers
I warned a few days ago about Linksys routers being trivially easy to hack; unfortunately many other popular routers have security vulnerabilities too. The experts cited in the article have a few recommendations, which I will repeat and elaborate on.
Posted by Dave Farquhar on April 18, 2013
http://dfarq.homeip.net/2013/04/linksys-isnt-the-only-company-building-insecure-routers/
Although it’s counterintuitive, AT&T’s new password policy makes sense
AT&T has a new password policy that forbids the use of certain common words in passwords, including some words of a colorful nature. Yes, it reduces the number of possible passwords, but that isn’t exactly a bad thing.
Posted by Dave Farquhar on April 4, 2013
http://dfarq.homeip.net/2013/04/although-its-counterintuitive-atts-new-password-policy-makes-sense/
The ethics of writing nefarious security instructions
This week I posted a link to a video showing how to crack a WPS-enabled wifi network, and this week, Ars Technica wrote a firsthand account of cracking a password list. I’m sure this raises questions of ethics in some people’s minds. To be honest, spreading this kind of information makes me a little uncomfortable [...]
Posted by Dave Farquhar on March 28, 2013
http://dfarq.homeip.net/2013/03/the-ethics-of-writing-nefarious-security-instructions/
How to pick a decent password
Although I write about passwords about 8 times a week, it seems, it occurs to me that I haven’t–at least not recently, that I can find–written about how to make up a halfway decent password. So, here’s how to make a decent–I won’t say great–password.
Posted by Dave Farquhar on March 6, 2013
http://dfarq.homeip.net/2013/03/how-to-pick-a-decent-password/
The problem with dictionary passwords
Consulting firm Deloitte is warning that 8-character passwords will be obsolete this year. Sound familiar? Of course, the Slashdot crowd blamed it as security “experts” (their words) creating hype to make money. Well, I’m a certified security professional who doesn’t have a dog in this fight, except that I don’t want your accounts getting stolen. [...]
Posted by Dave Farquhar on February 11, 2013
http://dfarq.homeip.net/2013/02/the-problem-with-dictionary-passwords/
Long passwords aren’t necessarily good passwords
Well, crud. Not all long passwords are good passwords. I’ve suspected for a long time that street addresses aren’t good to use–the formula is too simple–but now it seems that even mashing together a sentence into a long password doesn’t work. (That isn’t something I do often, but I’ve done it at least once or [...]
Posted by Dave Farquhar on January 18, 2013
http://dfarq.homeip.net/2013/01/long-passwords-arent-necessarily-good-passwords/
8-character passwords are obsolete
In case you missed it, a researcher has built a system that can crack every possible 8-character password in less than six hours. If he’s got it, so do the bad guys.
Posted by Dave Farquhar on December 11, 2012
http://dfarq.homeip.net/2012/12/8-character-passwords-are-obsolete/
Ways to keep your password from being guessed–today
Articles like Ars Technica’s Why passwords have never been weaker — and crackers have never been stronger are getting more and more common these days. In a positive development, I don’t think the story had been live more than an hour or two before people started asking me questions. That’s good, because that tells me [...]
Posted by Dave Farquhar on August 23, 2012
http://dfarq.homeip.net/2012/08/ways-to-keep-your-password-from-being-guessed-today/