Why I don’t scan networks with my own credentials

I scan the network I’m paid and sworn to protect on a nearly daily basis. I experienced a problem with the account I use for that, and I tested┬áby scanning a small quantity of machines (my own and my cubicle neighbor’s) with my own account to make sure the problem was the account, not the tool.

Fixing the account has become a problem–my boss’ problem now–but when I told him about it, I said I could scan the network with my personal admin account, but didn’t want to. One reason has to do with liability and HR. The other, believe it or not, is technical.

Read more

The problem with dictionary passwords

Consulting firm Deloitte is warning that 8-character passwords will be obsolete this year. Sound familiar? Of course, the Slashdot crowd blamed it as security “experts” (their words) creating hype to make money.

Well, I’m a certified security professional who doesn’t have a dog in this fight, except that I don’t want your accounts getting stolen. So here’s the problem with many of the solutions the Slashdot crowd posed.

Read more

WordPress Appliance - Powered by TurnKey Linux