passwords Archives

Home » passwords

Common security attacks and countermeasures

Dave Farquhar security May 3, 2017May 25, 2020Adobe Reader, chrome, denial of service, excel, firewall, password database, passwords, SEO, SQL

As a security professional, I talk to a lot of people about common security attacks and countermeasures. I’m not always certain the people I’m talking to know what these things mean. I am almost certain they aren’t willing to ask.

I know it’s more complicated than it was when I took my Security+ exam a decade ago. The stakes are much higher now. The attacks I had to identify caused inconvenience, but someone conducting a successful smurf attack on your printer won’t get you in the headlines. Today’s attacks will.

Dave Farquhar

David Farquhar is a computer security professional, entrepreneur, and author. He has written professionally about computers since 1991, so he was writing about retro computers when they were still new. He has been working in IT professionally since 1994 and has specialized in vulnerability management since 2013. He holds Security+ and CISSP certifications. Today he blogs five times a week, mostly about retro computers and retro gaming covering the time period from 1975 to 2000.

dfarq.homeip.net

Dangers of public wifi — and how to stay safe

Dave Farquhar security March 20, 2017November 28, 2018firewall, passwords, SSID, VPN

When it comes to the dangers of public wifi, many people tend to take one of two extreme approaches. Some don’t give it a thought at all. Some refuse to use it at all. Neither approach is completely practical. So what are the dangers of public wifi, and how can you avoid them?

Here are the dangers and the precautions to take against them.

Dave Farquhar

dfarq.homeip.net

What can I do to improve the security of my digital information?

Dave Farquhar security March 11, 2017August 12, 20181990s, Adobe Reader, apple, computer security, Libre Office, Microsoft Office, office 2007, password strength, passwords, toshiba, USB flash drive, Western Digital

On Monday, March 13 at approximately 10:30 AM CST, I will be appearing on KFUO Radio’s Faith and Family program to discuss home computer security with host Andy Bates. One of the questions he’s planning to ask: “What can I do to improve the security of my digital information?”

This, fortunately, may be the easiest question to answer and the easiest step to implement.

Dave Farquhar

dfarq.homeip.net

Best wireless security mode

Dave Farquhar security January 3, 2017February 9, 2018AES, decent password, NSA, passwords, WEP

What is the best wireless security mode? There are only four choices, and only one worth using, WPA2. But there are some other settings you have to use in order to make WPA2 secure.

Dave Farquhar

dfarq.homeip.net

Does HTTPS matter? Yes. Here’s why.

Dave Farquhar security September 20, 2016October 21, 2017passwords, turkey

“Does HTTPS matter?” a friend of a friend asked. “I heard it does. Is that still true?” Yes, yes, and yes. Here’s why.

HTTP connections are unencrypted. HTTPS connections are encrypted. You can tell when you’re using HTTPS because the URLs start with https:// instead of http://, and your location bar will have a lock in it. Encryption is good.

Dave Farquhar

dfarq.homeip.net

How a dictionary attack works

Dave Farquhar security September 19, 2016July 15, 2018cissp, cissp exam, NSA, passwords

A dictionary attack is a common way to steal a password. Here’s how a dictionary attack works, in layperson’s terms. More importantly, here’s how to beat the attack.

A dictionary attack is a much more efficient alternative to brute force hacking, but it requires a local copy of the user database to work. That usually means stealing the database first, if a bad guy is doing it. But nothing stops a company from doing a dictionary attack on its own user accounts to make sure people aren’t using insecure passwords. It’s unusual, but not unheard of.

Dave Farquhar

dfarq.homeip.net

Do I have enough CISSP work experience?

Dave Farquhar security June 15, 2016October 8, 2016antivirus, CERT, cissp, firewall, passwords, vulnerability

It seems like about once a month an aspiring coworker asks me how to get enough CISSP work experience. I think this shows a misunderstanding of the requirement, so I’m going to try to clear it up.

You don’t have to get your five years of work experience in one big lump. And that’s a good thing, because that would be hard to do. Sometimes you can get a security job without a cert and work your way toward it, but a lot of employers want you to come in with the certification already.

But that’s OK. As long as you’re doing something more than selling computers at retail, odds are you have some security experience that can count toward the requirement.

Dave Farquhar

dfarq.homeip.net

Why to change forum passwords right now

Dave Farquhar security February 18, 2016April 23, 2017passwords

If you regularly visit forums online, particularly forums powered by the forum software Vbulletin, you ought to change your forum passwords right now. The longer and more random you make them, the better.

Dave Farquhar

dfarq.homeip.net

Password management advice from CSO Online

Dave Farquhar security October 21, 2015October 19, 2015breach, passwords

Over at CSO Online, there’s a nice war story about tracking down and resetting 300 passwords.

I could pick nits at a few of his details, but that’s annoying and counterproductive. His overall advice is very good–manage your passwords, set them to something random, keep in mind that some sites just won’t allow for a very strong password so do the best you can, and protect your main e-mail password and your password management system password with all the diligence you can muster.

Dave Farquhar

dfarq.homeip.net

Vigilante router security

Dave Farquhar security October 7, 2015October 6, 2015android, malware, passwords, symantec, vulnerability

Last week, Symantec discovered a worm that infects routers and takes measures to make them more secure. For lack of anything else to call it, Symantec is calling it malware, and most of the security echo chamber is probably howling over this, but I think I understand why it was created.

Dave Farquhar

dfarq.homeip.net

← Previous