an interesting situation with an email provider and the issues they are facing with the hijacking of customer mailboxes:
“I am sorry to hear that you were experiencing issues with email latency. We are working on making changes to resolve the issues with latency. In the meantime you may see peaks of latency. We are monitoring the servers and will clear blocked queues as they arise. These traffic jams are caused by hackers hijacking our customers mailboxes that have weak passwords. We have setup automatic suspensions to stop these mailboxes faster. We are recommending to all of our customers to make passwords as secure as possible to help prevent this issue.”
With the negative effects on their customers you have to wonder if they are supporting encrypted communications to their POP3 and SMTP servers. It seems with this provider they were still using clear-text ports 110 and 25 respectively. What they think is protecting their servers are strong passwords…but what good is a “strong password” if it’s being sent to their mail servers in the clear? When checking their password complexity rules:
“Passwords must be 8-14 characters, with at least one letter, plus one number or special character [!@#$%^&*]”
It is amazing to think that a password such as “Password1″ would be enough to be considered strong. With email being a very weak link in many organizations it is alarming to see that this is considered secure. Many providers are operating with a false sense of security which is not disclosed to their customers. What is your email provider using?
Changing Strategies for IT Security
Thu, May 16th 2013 12:14p Chief Content Writer As cyber threats continue to evolve and become more efficient at compromising your data, so should the business strategies for IT Security to continue to protect said data.
The NIST (National Institute of Standards and Technology) agrees, and their newly revised catalog of IT security controls provides a framework for just that: a wider range of flexibility for administrators with which to protect their information systems. Specifically, this new set of controls, in a proactive approach rathe [read] Keywords: security
Small Business Faces Growing Threat of Cyber Attacks
Tue, May 14th 2013 4:18p Chief Content Writer As presented in an article by the Homeland Security News Wire last week, evidence has shown that it’s not just big businesses we’ve come to expect should be concerned with being the targets of cyber attacks, but small and medium business as well.
In particular, the 2013 Information Security Breaches Survey taken in the U.K shows that the number of security breaches on small businesses increased by more than 10 percent over the previous year, bringing the full figure to 87 percent of [read] Keywords: security
Balancing Security and Usability
Fri, May 10th 2013 8:21a Chief Content Writer There seems to be a constant struggle between keeping your company’s data safe and maximizing the productivity and satisfaction of your employees. There are enough security systems out there to find one that will lock your data down very securely… the problem is you don’t want to make it so secure that even your own employees can’t access the data. On the flip side, if employees are not challenged when they access data, this means would-be bad guys will also not be challenged. So t [read] Keywords: applications
Subsistence Level Security Spending
Wed, May 8th 2013 11:17a Chief Content Writer The US Census takes place every 5 years, with the last occurring in 2008. According to it, there were nearly 89,000 US companies with between 100-500 employees (link) which we’ll refer to as the Small-to-Medium Business (SMB) market. Many of these companies offer valuable services to their customers and are typically able to secure annual profits. However, looking at these companies’ expenditures would reveal that a bare minimum is spent on IT security and infrastructure. Wendy Nathe [read] Keywords: admin
Two-Factor for Facebook: A True Story
Fri, Apr 26th 2013 12:20p Chief Content Writer A member of the PistolStar team shares his personal story on the dangers of Facebook, and the benefits of enhanced security two-factor login:
If you haven’t been under a rock for the past few years, you are well aware of the ever popular Facebook web site where friends and foes of many races and generations get together to share information. Yes, I said friends and foes. All good things must have their evil side and Facebook is no exception. You may have a close friend and have trusted [read] Keywords: facebook
Wed, Apr 24th 2013 9:18p Chief Content Writer In extension to our post last week stating that Apple is the latest to join in a trend that’s having more and more of the presently most influential companies adding enhanced security in the form of two-factor login to their accounts, we follow up this week with yet another. Twitter will be joining the likes of Apple, Google, Facebook and Microsoft as they begin rolling out the feature in a short, but unspecified time from now.
It appears as though Twitter has had this project underway [read] Keywords: apple
Mobile Authenticator Apps for Two Step Authentication
Fri, Apr 19th 2013 2:18p Chief Content Writer A number of Two Step and Two Factor authentication methods exist today to help further secure our valuable digital resources. As secure as they are, they can cause “ease of use” issues which then puts the onerous on the end user. Using security questions is limited by how well you can answer the questions so others can’t guess them but at the same time, make it easy for you to remember. Security questions get forgotten more times than people would like to admit. Instead of remember [read] Keywords: roaming
Using Public Wi-Fi Responsibly
Fri, Mar 29th 2013 1:15p Chief Content Writer In this highly technical world we live in, filled with all sorts of gadgets and devices designed to keep us in touch with family, friends and business associates, the once upon a time convenience of access to the internet has become almost as necessary to some people as breathing. The internet can be accessed from your phone while in a car, from your home for pleasure or business and of course from your place of business. The access point to look out for though is accessing the internet from [read] Keywords: email
Knock Down the Barriers: What Does Two-factor Authentication Solution Need to Have?
Tue, Mar 26th 2013 2:14p Chief Content Writer At the recent RSA Conference 2013 in San Francisco, one of the resounding themes was the expansion of authentication solutions. The idea of replacing the old password as a login method is one that is feverishly being worked on by many vendors. However the main struggle for vendors is handling the tradeoff between usability and security.
Matt Honan identified this after explaining that security has two tradeoffs, convenience and privacy. For example, if you implement a password policy which is un [read] Keywords: archive