I scan the network I’m paid and sworn to protect on a nearly daily basis. I experienced a problem with the account I use for that, and I tested by scanning a small quantity of machines (my own and my cubicle neighbor’s) with my own account to make sure the problem was the account, not the tool.
Fixing the account has become a problem–my boss’ problem now–but when I told him about it, I said I could scan the network with my personal admin account, but didn’t want to. One reason has to do with liability and HR. The other, believe it or not, is technical.
I had a job interview Monday. I have at least one observation from it–the things on my resume that impress recruiters don’t necessarily impress a good hiring manager. Not on their own, at least.
Let’s do some post-mortem.
AT&T has a new password policy that forbids the use of certain common words in passwords, including some words of a colorful nature.
Yes, it reduces the number of possible passwords, but that isn’t exactly a bad thing.
Consulting firm Deloitte is warning that 8-character passwords will be obsolete this year. Sound familiar? Of course, the Slashdot crowd blamed it as security “experts” (their words) creating hype to make money.
Well, I’m a certified security professional who doesn’t have a dog in this fight, except that I don’t want your accounts getting stolen. So here’s the problem with many of the solutions the Slashdot crowd posed.
Here’s a blow-by-blow account of a security researcher’s attempts to crack the compromised Linkedin database. This is a very good example of ethical hacking.