358 Lotus blogs updated hourly. Who will post next? Home | Downloads | Events | Pods | Blogs | Search | myPL | About 
Latest 7 Posts
Backyard SSO Hero
Mon, Oct 20th 2014 291
How to Make an Authentication Cocktail
Fri, Oct 17th 2014 219
Breach Fatigue: Don’t Be a Victim
Tue, Oct 7th 2014 145
UPS Hacked!
Wed, Sep 17th 2014 142
The IT Professional vs. The Deadly Data Breach
Mon, Sep 15th 2014 96
You Have a Case of Identity Theft!
Mon, Aug 25th 2014 93
PayPal for Mobile: How Secure is Your PayPal Account?
Mon, Jul 21st 2014 4700
Top 10
PayPal for Mobile: How Secure is Your PayPal Account?
Mon, Jul 21st 2014 4700
Backyard SSO Hero
Mon, Oct 20th 2014 291
How to Make an Authentication Cocktail
Fri, Oct 17th 2014 219
How to Mend a Broken Heart: The Heartbleed Bug and what you need to know to protect yourself
Fri, Apr 11th 2014 207
Data Breach on Campus: Over 300,000 Exposed at University of Maryland
Fri, Feb 21st 2014 154
Breach Fatigue: Don’t Be a Victim
Tue, Oct 7th 2014 145
UPS Hacked!
Wed, Sep 17th 2014 142
From Hacktivist to Cybersleuth
Fri, Jun 20th 2014 126
Press Release: Get the Level of Identity Management Your Campus NEEDS for Office 365
Fri, Jun 27th 2014 115
More Compromised Students and Faculty
Thu, Jul 17th 2014 105

Kimberly Johnson
Blog Title PistolStar's Authentication Blog
Blog Description Usability. Security. Auditing. Compliance.
Blog URL http://blog.pistolstar.us/blog
RSS Feed http://blog.pistolstar.us/blog/?feed=rss
PlanetLotus Feed http://planetlotus.org/profiles/rss/pistolstar
Validate Feed feedvalidator.org or validator.w3.org
Feed Last Checked Dec 04, 2014 1:12:38 PM EST. Realtime Update:
Landed Here Oct 15, 2009
Location Amherst, NH, USA
Posts: # / 1st / Latest - -
Total Hits 12,341. myPL RSS Selections: 45

Recent Blog Posts

Backyard SSO Hero
Mon, Oct 20th 2014 8:13a   Larry Conroy
So, my neighbor, Penny, peaks her head over the fence and asks me what I think about this SSO stuff.  What makes her think I even want to chat in the first place . . . the game is on and I’m stuck out here?  Can’t she see all these leaves taunting me because the leaf blower won’t start?  A more appropriate discourse would have been something like, “Hey, my kids are looking for something to do. Can they rake your leaves for you?” But never the less, as I reluctantly get off my knees [read] Keywords: applications email google outlook password security sharepoint

How to Make an Authentication Cocktail
Fri, Oct 17th 2014 7:12a   Rob Bellefeuille
Who doesn’t enjoy a good cocktail? James Bond liked his “shaken, not stirred” and most like them “on the rocks.” All this talk of cocktails is making me thirsty! However, today we are not here to talk about drinking a delicious drink; we are here to talk about an authentication cocktail. What is an “authentication cocktail?” An authentication cocktail is the pairing of two separate two-factor authentication (2FA) one-time password (OTP) delivery methods to make a full-bodied authen [read] Keywords: google integration password security

Breach Fatigue: Don’t Be a Victim
Tue, Oct 7th 2014 2:11p   Amber Ciarcia
In recent weeks, the largest bank in the United States, JP Morgan Chase & Co., has fallen victim to cybercriminals. Last Thursday, JP Morgan unveiled that hackers obtained stolen information from their customers.  This included personal information such as names, addresses, phone numbers, and e-mail addresses from over 76 million households and 7 million small businesses. Scary, right? One would think. According to a recent article from The Washington Post “Data breach fatigue follows two [read] Keywords: email mobile password security

UPS Hacked!
Wed, Sep 17th 2014 7:12a   Liana Lichtenwalner
“It was the best of times, it was the worst of times.” This famous quote from Charles Dickens’ classic novel, A Tale of Two Cities, gives insight into how two forces, like good and evil, are equal rivals contending for survival. The same goes for the world of cyber security. We have a world of information, convenience, and entertainment at our fingertips, and yet, in that world, there are dangers and possibilities to have valuable information stolen. In Alex Roger’s time.com article, [read] Keywords: applications best practice email network password security

The IT Professional vs. The Deadly Data Breach
Mon, Sep 15th 2014 8:12a   Liana Lichtenwalner
The Deadly Data Breach We know it well, the Deadly Data Breach! So many people have felt the effects of a data breach, and so many companies are scrambling to protect the personal information they have on file. I am sure data breaches are on the minds of every IT professional that has kept up with the most recent breaches. No one goes unscathed by The Deadly Breach: P.F. Changs, Goodwill, Home Depot, and numerous schools. Home Depot’s recent data breach reaches all the way back to April first [read] Keywords: application applications password security

You Have a Case of Identity Theft!
Mon, Aug 25th 2014 10:11a   Liana Lichtenwalner
It’s the hot topic in the news, blogs, books, and more, identity theft and security! We are all susceptible to identity theft from the individual user to the largest corporation. Author Steve Weisman has been speaking on Identity Security for years, including his blog Scamicide and in his books The Truth About Avoiding Scams and Identity Theft Alert: 10 Rules You Must Follow. The most recent breach, the Community Heath System, is one that Weisman covers in his blog entry Community Health Sys [read] Keywords: community security


PayPal for Mobile: How Secure is Your PayPal Account?
Mon, Jul 21st 2014 4:12p   Liana Lichtenwalner
How secure is PayPal? Secure until you start using your mobile device. According to Kelly Higgin’s article, PayPal Two-Factor Authentication Broken, Dan Saltman, an independent researcher, “reported to PayPal that he had discovered a way to bypass two-factor authentication in Apple iOS, but after getting no response from PayPal, Saltman in April went to friends at mobile security firm Duo Security.” From there, Duo Security confirmed Saltman’s finding and helped him reach PayPal. Duo Sec [read] Keywords: apple application mobile security server

More Compromised Students and Faculty
Thu, Jul 17th 2014 7:12a   Liana Lichtenwalner
Recently, there was yet another security breach at a college campus. This time the victim was Butler University, where a hacker accessed over 160,000 records for current, past students and faculty. The information stolen was the typical pertinent information that is stolen in this type of breach. Names, Social Security numbers, date of birth, and bank account information. The announcement of this breach comes due to an identity theft investigation that came from California law enforcement. The p [read] Keywords: database network security

Violated Database: Montana Department of Public Health and Human Services
Wed, Jul 16th 2014 2:11p   Liana Lichtenwalner
Your car has been broken into, yet nothing was stolen. Nothing was stolen, so no big deal, right? WRONG! You would still feel violated, creeped out, and concerned about it happening again. The Montana Health Department has experienced a similar data breach. On May 15th, Montana’s Department of Public Health and Human Services (DPHHS) officials noticed out of the ordinary activity. After further investigation, DPHHS confirmed that a server had been breached by hackers, and according to Alison [read] Keywords: database password security server

Young Hacker Infiltrates High School Database
Wed, Jul 2nd 2014 11:12a   Liana Lichtenwalner
We live in a world with multiple cyber threats, many coming from alias names from countries we have never been to. Within the United States, we have our fair share of hackers that cause major problems and confiscate sensitive data. It is sad and eye opening when it happens on the high school level. Recently, a 16-year-old boy gained access to a school database that held personal information like grades and attendance. By gaining access to this database, the student was able to change multiple [read] Keywords: database password security

Press Release: Get the Level of Identity Management Your Campus NEEDS for Office 365
Fri, Jun 27th 2014 4:11p   Liana Lichtenwalner
BEDFORD, NH– (Marketwire – June 25, 2014) – Today, PistolStar, Inc. announced the integration of its PortalGuard product with Office 365. This integration will give administrators the power to choose the level of convenience and security they desire for their students and faculty while accessing Office 365, including: -Self Service Password Reset (SSPR) -Single Sign-on (SSO) -Two-factor Authentication With PortalGuard integrated with Office 365, schools now get the level of ide [read] Keywords: applications desktop email google integration interface office password security

From Hacktivist to Cybersleuth
Fri, Jun 20th 2014 8:11a   Liana Lichtenwalner
It’s just like something from out of the movies: criminal mastermind gets caught, turns from his wicked ways, and eventual unveils a piece of the criminal mastermind world to help out the good guys. There is something intriguing in being able to see into the criminal mastermind and get a behind the scenes look at the secret life of these hacktivist. In the hacktivists’ world, there is a network of secret groups and ominous aliases that threaten to breach and expose a multitude of private and [read] Keywords: network

Press Release: Strengthening Web Authentication, Without Overcorrecting
Thu, Jun 5th 2014 3:11p   Liana Lichtenwalner
CLICK to View Video BEDFORD, NH–(Marketwired – Jun 3, 2014) – Today, PistolStar, Inc. announced immediate availability of PortalGuard’s newest solution, PassiveKey. PortalGuard’s PassiveKey is a customer driven response to deliver the latest in innovative identity solutions. PassiveKey transparently enables two-factor authentication while allowing the user to login with the familiar username/password approach. This simultaneously strengthens authentication and elimi [read] Keywords: password security server

Honesty is the Best Policy: Passwords, IT Security Professionals, and Llamas!
Tue, Jun 3rd 2014 8:14a   Liana Lichtenwalner
Well, the truth is that many organizations are just not enforcing the basics of Password Best Policies (PBP), never mind investing and enforcing stronger identity security. With much emphasis on ROI, the truth is IT Security Professionals make the dangerous decision to purchase the minimal authentication solution just to have “something” in place. And the truth about Llamas is never tick-off a Llama; they spit when provoked or threatened! Passwords are precious things and have lost their i [read] Keywords: policies password security

Google Removes Ad Scanning for Education Apps in Education for Good
Tue, May 6th 2014 12:11p   Rob Bellefeuille
Recently, Google made an announcement via their blog stating they will be permanently removing any form of ad scanning for applications associated with education users. Google was quick to point out that they never intended to collect data in education based Apps, and in the past, an Admin on campus would have had to enable the ad scanning. However, even if the admin had enabled ad scan, it will no longer be enabled within their environment. To give you a brief overview of the ad scan, it is a b [read] Keywords: admin applications archiving email google security virus xml

Alarmingly Low Rate of Employees Receive Security Awareness Training
Wed, Apr 23rd 2014 11:11a   Rob Bellefeuille
With the state of the economy, it is not too shocking that only 43% of employees receive security awareness training. Many companies have been faced with reducing their workforce and running “leaner and meaner,” thus devoting all hours of the workday to improving the companies bottom-line. It is hard to believe that such an important element has gone the way of the Dodo bird. One would think that more time would be dedicated to security training given the recent and highly publicized securit [read] Keywords: best practice email enterprise mobile password security

How to Mend a Broken Heart: The Heartbleed Bug and what you need to know to protect yourself
Fri, Apr 11th 2014 9:12a   Rob Bellefeuille
The news broke this week that the Heartbleed Bug had attacked an undetermined amount of websites and their users worldwide. At this time it would seem that a large number of people are affected, however, the magnitude of this Bug may not be made clear for some time. Last year, the Adobe breach  numbers grew drastically as time moved forward. So what is the Heartbleed Bug? The researchers who uncovered the problem describe the Bug as a serious flaw within OpenSSL. “The Heartbleed Bug is a seri [read] Keywords: applications bug email instant messaging password security xml

Are You Only a Hacktivists Away from Chaos?
Wed, Apr 2nd 2014 2:11p   Liana Lichtenwalner
Data security is a hot topic right now with Target, Michaels, and other large companies reporting data breaches. After all the time, money, and publicity from the breaches, I am sure they wish they could turn back time and deploy a stronger authentication to guard against the black market hacktivists that caused the chaos. In Cameron Shilling’s article “Is Your Business a Data Breach Away from Disaster?,” Shilling states, “data security breaches are not just perpetrated by Internet hac [read] Keywords: security

Ransomed Beauty: Is Your Identity Being Held for Ransom?
Thu, Mar 27th 2014 4:11p   Liana Lichtenwalner
As a woman, I know all too well how much time and money we spend on beauty supplies. Whether buying the “next best thing” in the cosmetic department or trying the newest home remedy from your favorite blog, it all requires you to spend some cash or use a credit/debit card. But how much are you willing to pay: ten, twenty, fifty dollars? What about your identity? With the growing number of businesses reporting breaches in their databases, it is no surprise that Sally Beauty became a target to [read] Keywords: network

Two More Colleges Exposed: Indiana University and North Dakota University
Fri, Mar 7th 2014 2:12p   Rob Bellefeuille
There seems to be a rise lately in the number of campuses that are being subject to data breaches. Today it was brought to light that North Dakota University’s database was compromised exposing around 300K current and former student’s information along with some of their staff as well. Last week, Indiana University informed nearly 146,000 recent graduates and students that their seven-campus data system had accidentally exposed. This news comes on the heels of the recent University of Maryla [read] Keywords: applications database network password security server

Price vs Cost: One Man’s Opinion
Mon, Mar 3rd 2014 3:14p   Rob Bellefeuille
With the economic state of the country, you always hear folks talking about the price of an item or how much it cost them. Being in the security industry and a home owner, I can identify with the struggles that come with sticking to a budget and finding a solution. However, with security it can truly be a gamble that all too often plays out in a negative way. One comparison we threw around a lot here in the office is a home security system. You constantly see on the news or hear from others sto [read] Keywords: office security xml

Wed, Feb 26th 2014 10:15a   Liana Lichtenwalner
Hailstorms are a threatening phenomenon that can sometimes turn fatal. Hailstones can range from a ¼ of an inch to 7 inches in size, causing severe damage to anything in their path. Attacking hackers, in many ways, are like hailstorms when there is a breach in security, leaving extensive damage. Lately, Cyber security has been on the minds of many people, and with many security breaches at major companies placing personal data at risk, it is no wonder. A recent study done by the Ponemon Insti [read] Keywords: application integration network security

Data Breach on Campus: Over 300,000 Exposed at University of Maryland
Fri, Feb 21st 2014 12:14p   Rob Bellefeuille
This week the University of Maryland came forth with an announcement that their campus data base had been breached, exposing sensitive information for over 300,000 students and faculty.  The data breach comes on the heels of many other similar data breaches at retailers across the US including Target, Neaman Marcus, and Michaels Craft Stores. According to a letter from University of Maryland President, Wallace D. Loh on February 19, 2014; “A specific database of records maintained by our IT D [read] Keywords: database password security xml

Government Surveillance, Time to Reform?
Mon, Feb 17th 2014 11:11a   Chief Content Writer
There has been a recent push back against the government claiming that they are impeding on the privacy rights of users. Eight companies, including AOL, Apple, Facebook, Google, LinkedIn, Microsoft, Twitter, and Yahoo, co-authored a letter to President Obama stating their concerns. In this letter, the major companies broached the issue of the global interference with users’ internet accounts and discussed the fact that governments do indeed need to protect their citizens but not at the cost of [read] Keywords: apple facebook google linkedin microsoft security twitter wiki xml

To E-File or Not to E-File
Mon, Feb 10th 2014 1:11p   Liana Lichtenwalner
While Shakespeare is better known as an excellent playwright, vivacious actor, and sublime constructor of the English language, he also has a not-so-well-known, historical record for tax evasion, hoarding, and the selling of grain at atrocious prices during years of famine. Although we are not here to discuss the moral ethics of Shakespeare, we should ask ourselves “to e-file or not to e-file.”  As the season for filing your taxes approaches and with many already waiting for their returns, [read] Keywords: policies application network password security wireless xml

Bugged- A Glitch in Google Voice Recognition
Fri, Jan 31st 2014 9:11a   Liana Lichtenwalner
Bugged and tapped conversations have been used throughout history by all kinds of people from allies to enemies, heroes to villains, and detectives to outlaws. History would tell quite a different story if bugged conversations did not exist, but what about your own conversations? Could your computer microphone be the bug in your home or office? Unauthorized sites could be using a glitch in Google Chrome’s voice command to record your private conversations right from your own computer, compromi [read] Keywords: bug desktop google office security

World’s Largest Beverage Company Compromised
Thu, Jan 30th 2014 12:11p   Rob Bellefeuille
The importance of encrypting data has become more prevalent with recent data breeches at retail stores and social networking sites. The latest company to join the list of offenders or victims, depending on how you look at it, is Coca-Cola. Last week the Wall Street Journal (WSJ) reported that Coca-Cola had exposed a security breech from within their own company, compromising the personal information of about 74,000 North American employees and contractors. The breech was due to a few laptops bei [read] Keywords: network networking security

Hacking Your Way to Love
Thu, Jan 23rd 2014 1:11p   Rob Bellefeuille
In this blog, we certainly do not condone hacking in any manner. However, this morning there was a hacking love story that popped up in my newsfeed regarding OK Cupid, a hacking of a different kind on an online dating website.  Using mathematics, Chris McKinlay cracked OK Cupid’s algorithm for selecting a mate. The way that OK Cupid works its magic is by asking specific questions with different levels of importance on each topic.  The questions asked by OK Cupid can range from, if the person [read] Keywords:

Identifying Authentication Challenges in Education: A look within our clients
Wed, Jan 22nd 2014 1:11p   Rob Bellefeuille
Recently, while looking through our customer base, we noticed a very interesting trend within our post-secondary education clients. Once we recognized this trend, we wanted to take a moment and identify this top issue and look at some of the reasons why this could be so? We identified that the most common hurdle that our clients are facing within the education industry is account lockouts, a.k.a. self-service password reset (SSPR). When looking at the grand scheme of things, this is not really a [read] Keywords: apple password security

The N.S.A. Gets Crafty
Thu, Jan 16th 2014 2:13p   Rob Bellefeuille
New details have been exposed that the National Security Agency has the ability to access computers even when they are “air gapped.” This term refers to computers that are not connected to a network, wireless, or LAN. This information was leaked in association with the Snowden exposer that was made public last year. The New York Times article on Tuesday described that the N.S.A. had implanted hardware in almost 100,000 computers around the world that allowed them to access the computers via [read] Keywords: network security wireless xml

When Will We Learn? An observation about security
Mon, Jan 13th 2014 11:11a   Rob Bellefeuille
A friend sent me a great TED Talk video this morning, “Are we in control of our own decision?” by Dan Ariely, behavioral economist and author of the book Predictably Irrational.  This video was excellent, well worth a watch and opened my eyes helping me understand some social behaviors.  Personally, I love to consider different perspectives and think outside of the box, whether this makes me genius or crazy has yet to be determined… The video discusses many examples and makes different c [read] Keywords: policies security

Small Town Data Breach
Mon, Jan 6th 2014 12:11p   Rob Bellefeuille
While watching the news over the weekend I saw a news story that struck close to home for multiple reasons. The Town Hall computers in Greenland, New Hampshire were hit by CryptoLocker, a malicious software that attacks the user’s hard drive and locks the owner out of their documents and files.  As a long time New Hampshire resident and internet security junky, it was a shock to see this story so close to home. The way that a CryptoLocker attack works is a ransom must be paid to the hacker to [read] Keywords: network security virus wiki

Social Network Hacked: Snapchat, what happened and why they think it happened
Fri, Jan 3rd 2014 12:11p   Rob Bellefeuille
Snapchat is one of the hottest social networks out there with millions of users worldwide sharing photos, most of them ‘selfies’ of their users. What makes Snapchat so unique is the App allows you to send the photos which self-delete off of the recipient’s phone a few seconds after viewing.  This mega social network is the latest to get hacked, exposing 4.6 million users’ names and phone numbers. Fox Business interviewed Adam Levin, co-founder of Identity Theft 911.  “This is a big d [read] Keywords: application network security wiki xml

Adding Insult to Injury: Target Breach Attracts Phishing
Mon, Dec 30th 2013 11:11a   Rob Bellefeuille
If you shopped at Target recently you are probably nervous enough about your identity being stolen or losing money from your checking account. It is important to protect yourself and check all of your credit cards and accounts regularly to see if there are any unauthorized transactions. Most credit cards and companies have been very good about keeping their account holders savvy on the breach, however there is now scammers looking to take advantage of you via phishing. SC Magazine recently wrote [read] Keywords: security xml

One of America’s Favorite Retailers Faces a Breach
Fri, Dec 20th 2013 11:18a   Rob Bellefeuille
When turning on the news yesterday morning it was one of the top stories, Target Stores Security Breach affects 40 million shoppers. Our office is right next door to a Target so it is safe to say I am there pretty regularly. Like many other American’s that hold their credit scores close to their chest, it worried me and Immediately I thought to myself how did this happen, how will it affect me, what does it really mean? SecureState, a Qualified Security Assessor (QSA), had a very comprehensive [read] Keywords: application network office security xml

Do You Know Who is Watching You? Part 2
Thu, Dec 19th 2013 9:18a   Chief Content Writer
On Tuesday we covered the basics of Remote Access/Administration Trojan also known as RATs. You can read that post here. To dive deeper on the topic, one of the most common types of RATs is the “Pandora”. The Pandora RAT allows an attacker to gain access to the following items on a compromised computer: files, processes, services, and active network connection. If all of this doesn’t concern you, Pandora can also: remotely control the compromised desktop, take screenshots, record webcam fo [read] Keywords: administration archive desktop java network security virus

Can I Borrow a Cup of Internet?
Wed, Dec 18th 2013 11:12a   Rob Bellefeuille
Recently I experienced a modern day version of a classic neighborly good deed. Last night up here in New Hampshire, we had a snow storm that hit right at the heart of the evening rush hour. This storm nearly tripled my wife’s ride home as well as mine. Upon arriving home I realized that my internet service was out, great. This would not be such a big deal; however, there is no cell phone service in my neighborhood either. This means I need to run a local tower that runs via my internet. Upon d [read] Keywords: network password security wireless xml

Do You Know Who is Watching You? Part 1
Tue, Dec 17th 2013 10:11a   Chief Content Writer
Everyone knows at least one paranoid person that insists on covering the web cam of their computer. Activities like this may be necessary due to the malicious attacks out there. These attacks use your web cam and allow it to be taken over, giving them access to your computer remotely. According to Symantec, “Remote access Trojans (RATs), or what we (Symantec) are calling creepware, are programs that are installed without the victim’s knowledge and allow an attacker to have access and control [read] Keywords: administration xml

Wed, Dec 11th 2013 1:12p   Elizabeth Romeril
Passwords we all have them, but we all can’t remember them: A satirical observation on the complexity of passwords. There is so much pressure on choosing the “right” or “R!6ht” password, it has to exceed 6 characters and even though we really wanted to use our dogs name “Spot,” which won’t work since it’s only four characters. So we are then left to think of some other variation to use that we then may or may not remember. Then it becomes an ordeal to just remember is it spot12 [read] Keywords: password security xml

EU Behind the Times for Cyber Security
Mon, Dec 9th 2013 2:12p   Elizabeth Romeril
Often in our blog we focus on what is happening here in America, but we work with companies all over the globe. Recently, there was a survey done by the  where they questioned over 27,000 people in the European Union about their internet use, security attitudes and experiences. 1  The survey showed that individuals in the EU were behind the times when it came to cyber security. Just over a quarter those surveyed only use their own hardware to go online, and just under that figure (24%) use uni [read] Keywords: password security virus

Protecting Your Company: Dealing with a Low IT Budget without Compromising Security
Fri, Dec 6th 2013 1:11p   Rob Bellefeuille
As mentioned in the previous article “The Weight of the World on Your Shoulders: The Pressure of Being an IT Professional” there are many struggles facing today’s IT departments. One reoccurring problem is achieving goals whiles staying within budget. As an IT professional, you may have to play a balancing act of protecting your companies network and information on what seems to be a shoe-string-budget. Protecting your company from cyber-attacks can be very costly, but an attack could end [read] Keywords: enterprise network password security virus xml

When was it Ever a Good Idea to use ‘123456’ as a Password?
Thu, Dec 5th 2013 3:15p   Rob Bellefeuille
A weak password is never a good idea. More and more often it is being uncovered that people are using weak passwords, but why? A possible reason they are using these passwords is since they are so easy to remember, or users feel they are not vulnerable for a cyber-attack. In the news today, it was uncovered that two million people were exposed due to weak passwords. SpiderLabs, a highly skilled security team connected to Trustwave uncovered this ‘treasure trove’ of users recently. The users [read] Keywords: email facebook google linkedin password security twitter wiki xml

Shopping Smart Series: Cyber Monday
Mon, Dec 2nd 2013 1:14p   Rob Bellefeuille
With the shopping season upon us we wanted to give you some safe shopping tips to help keep you protected while you are out-and-about or online.   Safeshopping.org has a great “Top Ten List” of safe online shopping tips. Some highlights from that list include trusting your instincts and making sure that you are shopping from a trusted retailer. Also, if a deal looks too good to be true, do your homework and make sure the item and website are legitimate, and exactly what you are looking for. [read] Keywords: wifi xml

Shopping Smart Series: Unsecured Wi-Fi and You
Wed, Nov 27th 2013 9:18a   Rob Bellefeuille
With the shopping season upon us we wanted to give you some safe shopping tips to help keep you protected while you are out-and-about. Free Wi-Fi is a great thing; it saves data usage on your cell phone plan, and allows you to access all of the great things the internet has to offer. Like all good things there are people out there who are looking to ruin the fun for the rest of us. Knowledge is power and with the know how you can protect yourself from these attacks, and ensure that you have a ha [read] Keywords: mobile network wifi wiki xml

Shopping Smart Series: Black Friday
Tue, Nov 26th 2013 2:18p   Rob Bellefeuille
With the shopping season upon us we wanted to give you some safe shopping tips to help keep you protected while you are out-and-about. Black Friday was originally used to describe companies to going from red-to-black in their books or loss-to-profit for the year. In the 1960s, Black Friday was used to describe the rush of crowds to the stores, the day after Thanksgiving. According to market-research firm ShopperTrak, “Since 2002, Black Friday has been the season’s biggest shopping day ea [read] Keywords: connections email network security wireless xml

Update Your Security Software before Opening “that” Email
Mon, Nov 25th 2013 3:18p   Christopher Hoey
Hackers continue to defy the odds, finding  more creative ways to plant malware on devices. Some of their tactics are highly innovative, but so simple at the same time that even a well-educated computer user  overlooks the fact that it may be a virus. Just this past week, they built a simple email scheme that made it look like the recipient’s security software needed updating. Then it instructed the user to download an update, which was a piece of malware. The malware  used a process calle [read] Keywords: email security virus xml

The Weight of the World on Your Shoulders: The Pressure of Being an IT Professional
Fri, Nov 22nd 2013 3:18p   Rob Bellefeuille
As an IT professional, it is safe to say you feel that you may feel that you are the lifeline of your company’s info structure. Being that backbone can come with a lot of pressure; pressures with security, budget and making sure to keep up with the current technology are sure to top the list. It seems that there are news of malware and cyber-attacks so frequently that the fear of one may keep you up at night. That being said, one way to “hassle the hackers” is through two-factor authentica [read] Keywords: applications email mobile password security xml

IT Leaders Identify the Cost of Security Breaches Have Highest Impact
Thu, Nov 21st 2013 8:15a   Rob Bellefeuille
With the current state of the economy, it seems that almost every penny is scrutinized when it comes down to budgeting. One surefire way to blow an IT budget is a security breach, it costs companies more than just man hours, but also data loss and potential reputation damage. Most breaches occur at a log-in portal, then connecting horizontally across a company’s info structure until they obtain information or take down a piece of the site or system. This week EMC, a data management and protect [read] Keywords: security xml

Healthcare.gov is in the News Again
Mon, Nov 18th 2013 1:24p   Rob Bellefeuille
As previously mentioned in this article, the government run healthcare.gov seems to be in the news almost every day. Recently, there have been accusations made that there was a “hidden memo” which was not brought to the attention of the Project Manager, Henry Chao. The memo expressed concern for the “limitless security risks” of the website, reports CBS News. The memo was dated September 3, 2013, and outlined all of the potential risks associated with launching the program prematurely. [read] Keywords: security xml

Food for thought… On Passwords
Thu, Nov 14th 2013 7:23a   Rob Bellefeuille
Let’s talk about forgetting your password, it has happened to all of us at one time or another. Forgetting your password is a real pain in the you-know-where. You type in what you think is your  password, then you try another one, then with Caps and a special character. Before you know it, your account has been locked out and you need to contact the systems administrator. You dial the help desk, wait on hold for a few minutes, and then finally, success! This always seems to  happen when you [read] Keywords: email password security xml

Wanted: Friendly Hackers for the “Bug Bounty Program”
Tue, Nov 12th 2013 10:11a   Elizabeth Romeril
HackerOne started an internet Bug Bounty program with the goal of, “Rewarding friendly hackers who contribute to a more secure internet.”1 The Bounty is sponsored by two industry leaders Facebook and Microsoft that are constantly looking to improve user experience. It has also been rumored that Google is co-sponsoring the project.2 The program identifies different vulnerabilities that have a heightened potential to adversely affect a large number of internet users, after these deficiencies a [read] Keywords: application bug development facebook google microsoft python security xml

5 More Suspects Added to FBI Cyber Most Wanted List
Mon, Nov 11th 2013 8:13a   Rob Bellefeuille
Last week the FBI added five new suspects to the Cyber Most Wanted list. These hackers are alleged to have been involved in hacking and fraud crimes, which cost the victims millions of dollars and potential stolen identities. The modern day bandits carried out their crimes on unsuspecting victims both domestically and abroad. All five men are believed to have been living and operating outside of the US during their robbing sprees, deploying malware, and spyware to obtain their victims informati [read] Keywords: xml

Unique Password or Single Sign-On: A Lesson Learned from Recent Adobe Breach
Thu, Nov 7th 2013 10:11a   Rob Bellefeuille
Passwords can be tricky to remember. This sometimes leads to users using passwords that are far too simple and can easily be calculated, leaving an account exposed. It is hard to believe that some people still use ‘password’ or ‘123456’ as a password for their accounts, but it still happens and leads to accounts being hacked. SC Magazine reported that there was almost two million Adobe accounts were breached because their users were using the password ‘123456’, when asked to choose a [read] Keywords: applications office password security xml

High-End High Jinx
Wed, Nov 6th 2013 12:11p   Chief Content Writer
Recently in Aventura, Florida six skimming devices were found at a Nordstrom department store. These criminals were looking to obtain credit card information to make fake accounts, and charge fraudulent purchases on the cards. This group of modern day cyber pirates performed the hack almost seamlessly by sending men in to take pictures of the backs of the machines to get a good vantage point of what they needed for hardware. Then hours later, another group of men returned to the store and instal [read] Keywords: security wiki xml

Problems in the “Safe” Harbor
Tue, Nov 5th 2013 2:12p   Chief Content Writer
The EU-US Safe Harbor agreement has been found to have so many holes that if it were a ship, it would sink to the bottom of the harbor in seconds. Hundreds of US based companies have been found to be lying about the level of security they have in place, all in order to continue doing business in Europe. A little background on the Safe Harbor agreement, it was assembled in 2000 by the US Trade Commission and the US Department of Commerce. This accord was put in to place to ensure that certain lev [read] Keywords: consulting security wiki xml

The Risk of Bringing Something to Market Prematurely
Wed, Oct 30th 2013 4:11p   Chief Content Writer
On a regular basis we see products being brought to market across a wide variety of industries, before all of the glitches have been worked out.  These days it seems more important to get a product to market quickly, rather than making sure there aren’t any bugs that will amplify themselves in the days and weeks to come. Recently, this has been brought to life with the Obamacare website. HealthCare.gov was launched October 1st and has been laden with problems since its introduction. Time.com [read] Keywords: application applications profile security xml

Cyber Security Month Wrap-Up
Tue, Oct 29th 2013 8:15a   Chief Content Writer
As we mentioned in a previous post, October is National Cyber Security Awareness Month. With October coming to a close, let’s take a quick look back on the month and the issues addressed in the government sponsored program. Week One: 10 Years & Beyond- General Online Safety & STOP. THINK. CONNECT. The first week reflected on the overall success, and history of the program, and also encouraged you to look out for others online. It highlighted, simple online security steps to prevent pr [read] Keywords: exchange exchange mobile network security xml

SAML Single Sign-On for BlackBoard
Fri, Oct 25th 2013 4:15p   Chief Content Writer
Sensitive data makes universities a large target for attacks as we have seen in recent news. Increasing both security and providing ease of use for both faculty and students is imperative. PortalGuard’s SAML Plug-in for BlackBoard uses a standards-based approach so you can achieve seamless integration, eliminate multiple password prompts and roll all applications up under a single point of authentication. PortalGuard provides stronger authentication methods including tokenless two-factor a [read] Keywords: applications integration password security

Internet Explorer Exploit
Wed, Oct 23rd 2013 4:15p   Chief Content Writer
“Attack code that exploits an unpatched vulnerability found in all supported versions of Internet Explorer has been released into the wild. This means that cyberattacks could now surge and affect Internet Explorer users.”1 Freelance Journalist, Dara Kerr, has reported through CNET that Rapid7’s latest Metasploit penetration testing tool makes the details of the IE exploit called “CVE-2013-3893” available to the world, especially cybercriminals. It is thought that this exploit has bee [read] Keywords: bug microsoft security xml

Malware + ATM = Free Cash
Tue, Oct 22nd 2013 1:11p   Chief Content Writer
Recently, there have been malware attacks on ATM’s in Mexico. These attacks are not the typical card reader scams, rather they are a piece of malware that can dispense cash on demand. “Plotus” is the name of malware program which currently has to be manually installed on the machine via a CD-ROM drive. That means these money hungry hackers have to physically break into the machines to install the software. Safensoft, a Russian security firm, made the discovery late last month. Stanislav S [read] Keywords: security xml

We’ve been VerAfied! Part Two
Wed, Oct 16th 2013 1:16p   Chief Content Writer
If you have not read part one of this post, read it here. Veracode’s Risk Adjusted Verification Methodology The ‘VerAfied’ standards-based mark of security quality is one established by Veracode to provide a pragmatic approach to measure and compare risk levels related to application security, and is wholly designed with industry standards in mind.  Its basis is the “Security Quality Score”, which is an aggregate of all the security flaws uncovered by the above scans, categorized by [read] Keywords: application database security

We’ve been VerAFied! Part One
Tue, Oct 15th 2013 5:19p   Chief Content Writer
If you have visited our PortalGuard.com homepage recently, you might have noticed that the PortalGuard product has been officially awarded the ‘VerAfied’ status by Veracode, a leading company in Application Risk Management and analysis.  What this means, is that throughout the scrutiny of Veracode’s series of formal application assessments, the PortalGuard software had either met or exceeded the criteria outlined in their Risk Adjusted Verification Methodology for mission critical applica [read] Keywords: application applications security

Facebook Removes Privacy Feature
Mon, Oct 14th 2013 11:12a   Chief Content Writer
Facebook is undoubtedly one of the largest social networks in the world and is seen as an industry leader.  Last week they announced that they will be removing a feature that, although used by a small percentage of users, allows you to block being searched directly via their search bar. It is important to note that the option to use this feature has been inactive for users that were not using it since last year. Many of their privacy features are still intact and do not look like they will be [read] Keywords: application facebook security

Private Sector to Help with Homeland Security
Fri, Oct 11th 2013 10:16a   Chief Content Writer
“The ability for the private sector to invest, co-develop and integrate innovative technologies into the cybersecurity marketplace will significantly impact progress in threat deterrence and mitigation.” The above quote is from an article written by Charles Brooks of SecurityInfoWatch.com that reports an interesting program has been put in place at the Department of Homeland Security (DHS) Science & Technology (S&T) Directorate.  The program is called the Transition to Practice Pr [read] Keywords: development office security

Everyday Cyber Crime
Wed, Oct 9th 2013 11:12a   Chief Content Writer
On our blog we have often discus malware and passwords, but how much information do you actually put into action in your life and workplace? If you have not yet watched the TED Talk by James Lyne: “Everyday cybercrime — and what you can do about it,” you should. Lyne breaks down the threat of your computer being attack to a level that all of us can relate to. He reminds us that even if we are taking all of the necessary precautions, our family members and co-workers could be exposing [read] Keywords: community password security

Firefox app on Android has Vulnerability
Thu, Oct 3rd 2013 9:12a   Chief Content Writer
“He responsibly disclosed the details to Mozilla that allows hackers to access both the contents of the SD card and the browser’s private data”.1 Mohit Kumar, from The Hacker News, discusses a topic that is worth your time if you have an Android mobile phone and use the Firefox app on it. “Mobile Browsers are complicated applications and locking them down against threats is extremely difficult. According to a Mobile Security Researcher, Sebastián Guerrero from ‘viaForensics [read] Keywords: application applications firefox javascript mobile security twitter

National Cyber Security Awareness Month
Wed, Oct 2nd 2013 2:11p   Chief Content Writer
“October is National Cyber Security Awareness month. This laudable public awareness initiative was launched 10 years ago by the U.S. Department of Homeland Security and the National Cyber Security Alliance.”[1] The topic for the first week of the month is general online security. Recently, our blog has discussed the problems we often come across when it comes to our family in the digital age. It is important to not only discuss the importance of passwords with children, spouse, or co-worker [read] Keywords: email facebook network password security twitter virus

Apple Proved Wrong by German Computer Club?
Fri, Sep 27th 2013 12:12p   Chief Content Writer
“Apple said during its unveiling of the technology (fingerprint recognition) last week that the system scans the sub-epidermal layers of the finger to take the reading. It’s hard to square Apple’s statement with the German researcher’s demonstration, which showed that a mere photo of a latent print from the skin’s top layer was sufficient to trick the technology.”1 Kim Zetter wrote an interesting article for wired.com explaining how a German computer club was able to defeat the new f [read] Keywords: apple iphone

Making Money as a Zero-day Vendor
Wed, Sep 25th 2013 9:11a   Chief Content Writer
“Last year, Vupen researchers successfully cracked Google’s Chrome browser, but declined to show developers how they did so even for an impressive cash bounty.  “We wouldn’t share this with Google for even $1 million,” Vupen CEO Chaouki Bekrar told at that time.” 1 Our US government, the National Security Agency in particular, has been paying the same vendor (Vupen) on a 12-month subscription for “Zero-day” exploits they uncover. Considering that Vupen will take money from the U [read] Keywords: google security

Emergency Fix for Internet Explorer “Zero-day” Exploit
Wed, Sep 18th 2013 3:12p   Chief Content Writer
On Tuesday 9/17/2013, Microsoft released an emergency software fix (link) to combat the recently revealed “zero day” vulnerability. From Wikipedia: “A zero-day (or zero-hour or day zero) attack or threat is an attack that exploits a previously unknown vulnerability in a computer application, meaning that the attack occurs on “day zero” of awareness of the vulnerability.  This means that the developers have had zero days to address and patch the vulnerability. Zero-day exp [read] Keywords: application microsoft security wiki

What about these Toad Portals?
Tue, Sep 17th 2013 2:12p   Chief Content Writer
You read it correctly – I want to discuss portals that toads use to go from their dimension to ours.  Hold on, give me a minute to explain, I am not off my rocker. FACT 1: We were having a lively time at the campfire roasting marshmallows by the lake, telling spirited stories and enjoying the warmth of the fire.  Around Midnight, out of what appeared to be nowhere, a toad was seen urgently hopping directly for the red hot coals at the base of the fire.  The youngest of our small group ru [read] Keywords: password security

Entrusting Human Policy Instead of Fixing Software
Fri, Sep 13th 2013 3:11p   Chief Content Writer
While perusing through security articles on the internet, I came across this story that made me say, “Huh?”  According to Roy Lundgren (United States Army’s Deputy of Cybersecurity), there exists a “major computer security flaw” that allows users to gain access to resources they are not supposed to see. The article claims the following: “The hack allows users with access to shared Army computers to assume the identities of other personnel, gaining their securities clearances in the [read] Keywords: applications blogger security

Password Choice Hitting Close to Home
Tue, Sep 10th 2013 3:11p   Chief Content Writer
In a previous post, this blogger shared a family story of our daughter having her Facebook account compromised by another local student.  Well, the family has experienced this phenomenon again and I will share it with you today. I would hope by now that we have all heard about Netflix and how popular it has become.  Even my own Mother is fond of Netflix and shares her account with the family so we can all watch movies instantly, especially the Grandchildren.  For those of you not familiar wit [read] Keywords: blogger facebook password security

The ‘Cryptopocolypse’
Wed, Sep 4th 2013 1:14p   Chief Content Writer
To further iterate a topic broached last week, this week an article by Patrick Lambert on TechRepublic.com investigates the issue of cryptography soon becoming obsolete by our own advancing computing power.  Cryptography is used to secure data in the virtual world, be it stored locally or on the internet, by taking advantage of some simple yet unintuitive properties of mathematics, and wrapping said data within it.  For a detailed look, you may also refer to our post earlier this month which [read] Keywords: password properties security

Microsoft Abandons Lesser Crypto Algorithm MD5
Thu, Aug 22nd 2013 5:16p   Chief Content Writer
Microsoft is in the process of strengthening their security by retiring its use of an increasing dated cryptographic hashing algorithm known as MD5.  You may recall from a previous post of ours that the purpose of hashing algorithms such as MD5 is to employ heavy mathematical principles to obscure and conceal data for use in sending and storing it securely, and also that not all those algorithms are alike.  The 160 bit Sha1 algorithm for example, is considered to be more secure than the 128 bi [read] Keywords: microsoft security server vista

What is malware and should I be concerned about it?
Tue, Aug 20th 2013 5:18p   Chief Content Writer
Malware is short for “Malicious Software”.  It is software that without your knowing, gets on to your computer and runs to perform “malicious actions” to your data, software and surrounding environment (other computers on the network).  Malware comes in a variety of shapes and sizes including code, scripts, active content and much more.  More specifically, these instances can take the shape of viruses, ransomware, worms, trojan horses, rootkits, etc.  Worms and trojans makeup most of [read] Keywords: email network virus wiki

Inside Twitter’s Two-Factor Solution
Thu, Aug 15th 2013 9:15a   Chief Content Writer
Back in April, we’d reported that Twitter was the latest to be hopping onto the Two-Factor bandwagon, and have, since then, fully implemented the technology.  Only recently however, have they provided insight on the future of their security enhancement agenda in a blog post last week.  It states that, in addition to the SMS-based two-factor login they’d released in May, they will be rolling out a new two-factor authentication method that eliminates the need for text messages. Th [read] Keywords: application development mobile network security twitter

Security Awareness vs. Security Know How
Tue, Aug 13th 2013 3:18p   Chief Content Writer
Most people are aware that threats exist but they are not aware of how the actions they perform make them susceptible to these threats. “As many as one in five do not understand the potential impact of some of the more dangerous attacks like zero day threats, while 41% of respondents use only one or two passwords across all the sites they visit online and 8% use only one password for all sites, suggesting respondents are not so security savvy!” 1 Most users do know that they must have securi [read] Keywords: policies facebook google networking password security virus

Google’s Controversial Chrome Security
Fri, Aug 9th 2013 10:18a   Chief Content Writer
A lot of people are recently up in arms over a security policy that Google Chrome has already had in place since its inception.  Why so suddenly are they expressing their dismay? In a blog post by U.K software developer Elliot Kember picked up by Hacker News yesterday, he illuminates why he believes Chrome’s password security strategy is “insane”, and it seems to have garnered much attention. The issue lies in the way the browser stores web passwords, and how it essentially al [read] Keywords: bug google password security

Hashing vs. Encryption
Tue, Aug 6th 2013 2:18p   Chief Content Writer
The hashing and encrypting of sensitive data protects the data from unwanted access by people with ill intentions.  Even though the two algorithms serve the same purpose, they are very different and each are suited for specific forms of protecting your valuable resources.  Knowing these differences will make it easier to verify that you have the correct option in place for the right scenario. What is Hashing? Hashing has been used to organize strings of variant lengths into a value that is [read] Keywords: password wiki

Hacking Cars Wirelessly
Tue, Jul 30th 2013 3:12p   Chief Content Writer
You may have noticed the net creeping into more and more of your devices.  It’s certainly common knowledge that computers have been making their way into more and more of our everyday objects: Clothing, glasses, gift cards and cars, but those computers are really only a first step, the next naturally being plugged in to our ever growing network infrastructure.  With wireless connectivity then comes the ability for those objects to communicate with the outside world, and with this being a [read] Keywords: network security wireless

Shadow Passwords
Thu, Jul 25th 2013 2:15p   Chief Content Writer
Why would any self-respecting password want or even need to have a shadow?  The short answer is quite simple and is because a password is usually not secure enough on its own from being guessed by brute force. Passwords are usually kept in an encrypted state in a table available to anyone.  On the Unix platform this is the “/etc/passwd” file. “To test a password, a program encrypts the given password with the same “key” (salt) that was used to encrypt the password stored in [read] Keywords: password security

Yahoo’s Risky Plans to Release Inactive Accounts (Update)
Tue, Jul 23rd 2013 4:14p   Chief Content Writer
Two weeks ago we reported on Yahoo’s latest and frankly scary plans to release the plethora of inactive accounts that exist under their services so that others may acquire them.  Why would you want them? Well, now’s your chance to grab that elegant ‘albert@yahoo.com’ name you missed out on, and abandon that ugly, hard to remember alternative you ended up with, i.e. ‘albert2018471′.  Should you though? This situation has Yahoo walking a fine line between conv [read] Keywords: collaboration email facebook password security

Password Stretching
Thu, Jul 18th 2013 8:16a   Chief Content Writer
Is password stretching something that happens when your waist line gets too big for the original password?  No, of course not, but it does “expand” the size of the password known by the user. Password stretching is designed to help increase the strength of a “user chosen” weak password.  Stretching the password makes a brute force attack (trying all combinations of characters to come up with all possible passwords) more difficult.  It won’t be impossible, but having the stretching i [read] Keywords: password

Your Password is Obsolete
Tue, Jul 16th 2013 4:14p   Chief Content Writer
Your password is obsolete, or so says this infographic we’d like to share, with data compiled by Backroundcheck.org earlier year.  We’re certainly no strangers to this topic, and had even posted our own take on the subject even earlier this year in January, titled The Death of the String Password.  Though, we certainly can’t take credit for the idea either, as Bill Gates was quoted as predicting similar things as early as the RSA Security conference in 2004.  Gates had said [read] Keywords: google password security twitter

Yahoo’s Risky Plans to Release Inactive Accounts
Thu, Jul 11th 2013 4:15p   Chief Content Writer
Shortly, search engine behemoth Yahoo! Inc will be making a large push to release and reset the Yahoo! Account IDs for users whom have been inactive for longer than the previous 12 months.  What does this mean? Well, it means a few things, some good, and most bad. The good, as Yahoo! puts it, is that users will finally score the “opportunity to sign up for the Yahoo! ID they’ve always wanted.”  This means that during the release, all the nice, convenient, ‘high-demand&# [read] Keywords: application email password properties security

Possible First Password Breach
Tue, Jul 9th 2013 1:14p   Chief Content Writer
Have you ever wondered how long passwords have been around and when the first time it was discovered that they are not as secure as once first thought? Some say the computer password was first invented at MIT in the mid-1960s.  Further back than that, Shakespeare started his famous Hamlet play off with Barnardo identifying himself to Francisco with the phrase “Long live the King”. Fast forward 300+ years back to MIT and we understand that passwords were perhaps first used by the massive tim [read] Keywords: ibm password

What are Picture Passwords?
Tue, Jul 2nd 2013 3:18p   Chief Content Writer
Picture passwords are quite a break from the normal password consisting of alpha-numeric and symbols that are typed into an authentication dialogue.  There are no lengthy and complicated sequences of characters to memorize.   Instead, a user looks at a picture of their choice and touches the picture with patterns and gestures they setup themselves initially.  Logging in every morning by touching a picture of your favorite person, thing or action doesn’t sound nearly as daunting as memo [read] Keywords: blackberry google iphone microsoft password security

Android Trojan puts Two-Factor at Risk
Thu, Jun 27th 2013 3:18p   Chief Content Writer
As recently reported by Russian anti-virus organization Doctor Web, a new trojan malware is on the loose propagating through Android based devices that, among other things, is capable of intercepting the SMS text messages frequently used to facilitate two-factor authentication.  The trojan, which is a form of an already known family of malware called the ‘Android.Pincer’ family, manages to fool unsuspecting users into installing it by posing as a security certificate that prompts th [read] Keywords: applications security virus

State College Tightens Security
Tue, Jun 25th 2013 3:18p   Chief Content Writer
Among the plethora of other organizations we blog about strengthening their cybersecurity, Colleges are too under attack, and are so taking action to ensure their networks are properly protected.  Last month, USA Today reported that Greg Eller, the chief information officer at Northwest Florida State College is doing just that.  Following a data breach in which a hacker took advantage of mistakes made during a server upgrade last year, Eller’s now interested in upgrading their environmen [read] Keywords: policies application network security server

The Shortcomings of Two-Factor
Fri, Jun 21st 2013 1:18p   Chief Content Writer
As more and more organizations are adding two-factor authentication systems to their web applications, the reactions are in.  Among those with  appreciation for the stronger authentication mechanisms are also various criticisms of the approach, ranging from resistance due to holding-up workflow, to reminding us that even the most hardened of locks can still be picked.  Whereas the two-factor trend continues to expand, as we’ve continually reported on this blog staggering numbers of orga [read] Keywords: applications security

Cross-Site Request Forgery
Tue, Jun 18th 2013 11:22a   Chief Content Writer
What is Cross-Site Request Forgery (CSRF) Cross-Site Request Forgery is defined as an application on a web server being left vulnerable to background requests from otherwise unauthorized users.  Simply put, a well-meaning user unknowingly executes a malicious request from one web site, while logged into the other web site.  The site they are logged into is the location of the cyber-crime and the other web site is the malicious site that presents the harmful request. To further understand how C [read] Keywords: agent application email security server

Cloud Security an Afterthought
Thu, Jun 13th 2013 9:19a   Chief Content Writer
The cloud is growing fast, very fast.  As more organizations consider joining the trend of offering cloud services, some 90 percent, according to a survey by Symantec Corp, perhaps the biggest challenge for them is ensuring all the data on that cloud is secure.  Hosting your data online so that it may be accessible to you on any device where ever you are comes with substantial risks, begging the question of how you truly, confidently prevent others from doing the same. The question has been th [read] Keywords: applications security

Social Networkers Invite Cyber Attacks via Convenience Options
Tue, Jun 11th 2013 12:18p   Chief Content Writer
Online security means many things, and is ultimately the responsibility of not only Web App service providers, but their users as well to ensure they’re following safe security practices.  Online security is a two-way street, and for the same reason you don’t go around handing out your password to people, awareness of secure practice when using websites is key to properly leveraging the (hopefully) robust authentication mechanisms they have put in place. In a worldwide survey conduc [read] Keywords: applications password security

Salted Passwords Explained
Thu, Jun 6th 2013 4:18p   Chief Content Writer
What is a “salted” password?  Is it anything like a “salted pretzel”?   Does it also go good with mustard and a soda?  Let’s find out… First a little background on why passwords get “salted”: Passwords are no longer kept in clear text, but are now hashed before being stored on a computer.  Hashing a password consists of applying an algorithm to it to produce a completely new value.  The new value will always be the same when using the same hashing algorithm against the sam [read] Keywords: database password wiki

Using Challenge Questions to the Best of Their Ability
Thu, May 30th 2013 12:18p   Chief Content Writer
In the beginning there was the password and life was good.  Eventually people started to forget their passwords and needed help from another person.  Everyone likes to help out their fellow person, but when many people are asking several times a day, this reduces the production of the helper and becomes costly for the company.  Nowadays, companies have a mechanism in place to allow users to perform their own password resets – Self Service Password Management.  One of the methods is to have [read] Keywords: R8 community email facebook linkedin networking password security twitter

U.K Research Shows Cyber Security is Low Priority Among SMEs
Tue, May 28th 2013 2:17p   Chief Content Writer
According to research done by the U.K’s Institution of Engineering and Technology (IET), cyber security is of little concern to the majority of small to medium sized enterprises there. The research, which surveyed 250 SME organizations, showed that 23 percent of them possessed no protection against cyber threats at all, while 30 percent believed they already had protections in place, and only 14 percent of them ranked cyber security as their ‘highest priority’, of which were al [read] Keywords: security

IT Professionals Anticipating Data Breaches
Mon, May 20th 2013 11:15a   Chief Content Writer
According to the results of a survey conducted by Lieberman Software at the RSA Conference in February, 73.3% of IT security professionals are unwilling to believe that they’re companies are prepared for a cyber attack if it were to occur within six months. Their lack of faith in their infrastructure is not unjustified, however, as cyber attacks have been shown to be adapting as fast, if not faster than the efforts put forth by those that exist to stop them.  CEO of Lieberman Software Phi [read] Keywords: policies applications network password security virus

Changing Strategies for IT Security
Thu, May 16th 2013 12:14p   Chief Content Writer
As cyber threats continue to evolve and become more efficient at compromising your data, so should the business strategies for IT Security to continue to protect said data. The NIST (National Institute of Standards and Technology) agrees, and their newly revised catalog of IT security controls provides a framework for just that: a wider range of flexibility for administrators with which to protect their information systems.  Specifically, this new set of controls, in a proactive approach rathe [read] Keywords: security

Small Business Faces Growing Threat of Cyber Attacks
Tue, May 14th 2013 4:18p   Chief Content Writer
As presented in an article by the Homeland Security News Wire last week, evidence has shown that it’s not just big businesses we’ve come to expect should be concerned with being the targets of cyber attacks, but small and medium business as well. In particular, the 2013 Information Security Breaches Survey taken in the U.K shows that the number of security breaches on small businesses increased by more than 10 percent over the previous year, bringing the full figure to 87 percent of [read] Keywords: security

Created and Maintained by Yancy Lent - About - Blog Submission - Suggestions - Change Log - Blog Widget - Advertising - Mobile Edition