password database Archives - The Silicon Underground

Common security attacks and countermeasures

Dave Farquhar — Wed, 03 May 2017 11:00:33 +0000

As a security professional, I talk to a lot of people about common security attacks and countermeasures. I’m not always certain the people I’m talking to know what these things mean. I am almost certain they aren’t willing to ask.

The post Common security attacks and countermeasures appeared first on The Silicon Underground.

New password advice from GCHQ

Dave Farquhar — Thu, 17 Sep 2015 11:00:59 +0000

The GCHQ is the British equivalent of the NSA. They recently published a new document containing the GCHQ’s new password advice in light of the things we’ve learned in the last few years. It’s worthwhile reading, whether you’re a sysadmin or

The post New password advice from GCHQ appeared first on The Silicon Underground.

You need a Yubikey.

Dave Farquhar — Fri, 15 Nov 2013 01:39:06 +0000

I mentioned the Yubikey as the ultimate solution stolen passwords on the excellent Yahoo Marx Train forum, and another member asked me to elaborate on it. Rather than take up a lot of space with some off-topic discussion, I decided

The post You need a Yubikey. appeared first on The Silicon Underground.

Livingsocial got breached. Change your password, of course

Dave Farquhar — Sun, 28 Apr 2013 11:00:50 +0000

Livingsocial got breached. You need to change your password, if you have a Livingsocial account. There are two questions worth asking: How do you protect yourself, and how does this happen? Easy question first: Use a long, complex password. The

The post Livingsocial got breached. Change your password, of course appeared first on The Silicon Underground.

When your CISSP isn’t enough

Dave Farquhar — Wed, 24 Apr 2013 11:00:04 +0000

I had a job interview Monday. I have at least one observation from it–the things on my resume that impress recruiters don’t necessarily impress a good hiring manager. Not on their own, at least. Let’s do some post-mortem. Here’s something

The post When your CISSP isn’t enough appeared first on The Silicon Underground.

The ethics of writing nefarious security instructions

Dave Farquhar — Thu, 28 Mar 2013 10:00:05 +0000

This week I posted a link to a video showing how to crack a WPS-enabled wifi network, and this week, Ars Technica wrote a firsthand account of cracking a password list. I’m sure this raises questions of ethics in some

The post The ethics of writing nefarious security instructions appeared first on The Silicon Underground.

Some lessons from cracking the compromised Linkedin password database

Dave Farquhar — Tue, 12 Jun 2012 12:15:10 +0000

Here’s a blow-by-blow account of a security researcher’s attempts to crack the compromised Linkedin database as a result of its 2012 breach. This is a very good example of ethical hacking. It’s good to get into the mind of someone

The post Some lessons from cracking the compromised Linkedin password database appeared first on The Silicon Underground.

The solution to paper passwords

Dave Farquhar — Thu, 14 Oct 2010 01:34:57 +0000

I know your passwords are either written down or insecure. I know it just as surely as I know New Year’s Day is January 1. I know because passwords have to be incredibly complex to be secure, and I know

The post The solution to paper passwords appeared first on The Silicon Underground.