an interesting situation with an email provider and the issues they are facing with the hijacking of customer mailboxes:

“I am sorry to hear that you were experiencing issues with email latency. We are working on making changes to resolve the issues with latency. In the meantime you may see peaks of latency. We are monitoring the servers and will clear blocked queues as they arise. These traffic jams are caused by hackers hijacking our customers mailboxes that have weak passwords. We have setup automatic suspensions to stop these mailboxes faster. We are recommending to all of our customers to make passwords as secure as possible to help prevent this issue.”

With the negative effects on their customers you have to wonder if they are supporting encrypted communications to their POP3 and SMTP servers. It seems with this provider they were still using clear-text ports 110 and 25 respectively. What they think is protecting their servers are strong passwords…but what good is a “strong password” if it’s being sent to their mail servers in the clear? When checking their password complexity rules:

“Passwords  must be 8-14 characters, with at least one letter, plus one number or special character [!@#$%^&*]”

It is amazing to think that a password such as “Password1″ would be enough to be considered strong. With email being a very weak link in many organizations it is alarming to see that this is considered secure. Many providers are operating with a false sense of security which is not disclosed to their customers. What is your email provider using?

Recent Blog Posts

30

Changing Strategies for IT Security Thu, May 16th 2013 12:14p Chief Content Writer As cyber threats continue to evolve and become more efficient at compromising your data, so should the business strategies for IT Security to continue to protect said data. The NIST (National Institute of Standards and Technology) agrees, and their newly revised catalog of IT security controls provides a framework for just that: a wider range of flexibility for administrators with which to protect their information systems. Specifically, this new set of controls, in a proactive approach rathe [read] Keywords: security

40

Small Business Faces Growing Threat of Cyber Attacks Tue, May 14th 2013 4:18p Chief Content Writer As presented in an article by the Homeland Security News Wire last week, evidence has shown that it’s not just big businesses we’ve come to expect should be concerned with being the targets of cyber attacks, but small and medium business as well. In particular, the 2013 Information Security Breaches Survey taken in the U.K shows that the number of security breaches on small businesses increased by more than 10 percent over the previous year, bringing the full figure to 87 percent of [read] Keywords: security

65

Balancing Security and Usability Fri, May 10th 2013 8:21a Chief Content Writer There seems to be a constant struggle between keeping your company’s data safe and maximizing the productivity and satisfaction of your employees. There are enough security systems out there to find one that will lock your data down very securely… the problem is you don’t want to make it so secure that even your own employees can’t access the data. On the flip side, if employees are not challenged when they access data, this means would-be bad guys will also not be challenged. So t [read] Keywords: applications password security server wireless

72

Subsistence Level Security Spending Wed, May 8th 2013 11:17a Chief Content Writer The US Census takes place every 5 years, with the last occurring in 2008. According to it, there were nearly 89,000 US companies with between 100-500 employees (link) which we’ll refer to as the Small-to-Medium Business (SMB) market. Many of these companies offer valuable services to their customers and are typically able to secure annual profits. However, looking at these companies’ expenditures would reveal that a bare minimum is spent on IT security and infrastructure. Wendy Nathe [read] Keywords: admin consulting enterprise network profile security

88

Two-Factor for Facebook: A True Story Fri, Apr 26th 2013 12:20p Chief Content Writer A member of the PistolStar team shares his personal story on the dangers of Facebook, and the benefits of enhanced security two-factor login: If you haven’t been under a rock for the past few years, you are well aware of the ever popular Facebook web site where friends and foes of many races and generations get together to share information. Yes, I said friends and foes. All good things must have their evil side and Facebook is no exception. You may have a close friend and have trusted [read] Keywords: facebook password security

91

Two-Factor Takeover Wed, Apr 24th 2013 9:18p Chief Content Writer In extension to our post last week stating that Apple is the latest to join in a trend that’s having more and more of the presently most influential companies adding enhanced security in the form of two-factor login to their accounts, we follow up this week with yet another. Twitter will be joining the likes of Apple, Google, Facebook and Microsoft as they begin rolling out the feature in a short, but unspecified time from now. It appears as though Twitter has had this project underway [read] Keywords: apple facebook google microsoft password security twitter

113

Mobile Authenticator Apps for Two Step Authentication Fri, Apr 19th 2013 2:18p Chief Content Writer A number of Two Step and Two Factor authentication methods exist today to help further secure our valuable digital resources. As secure as they are, they can cause “ease of use” issues which then puts the onerous on the end user. Using security questions is limited by how well you can answer the questions so others can’t guess them but at the same time, make it easy for you to remember. Security questions get forgotten more times than people would like to admit. Instead of remember [read] Keywords: roaming application mobile password security server

111

Continuing Towards a World Without Passwords Tue, Apr 16th 2013 4:16p Chief Content Writer In a move that appears to be an attempt to catch up to its competitors Google and Facebook, Apple and Microsoft are now the latest monoliths to have introduced a two-factor authentication option for their users’ Apple IDs, and Microsoft accounts, respectively. Once again the evidence shows that we’re on our way towards a world without passwords. Multi-factor authentication is ever more trendy, and now everybody’s doing it. Similarly to the existing two-step verification of [read] Keywords: apple application desktop facebook google iphone microsoft mobile password security twitter

195

Using Public Wi-Fi Responsibly Fri, Mar 29th 2013 1:15p Chief Content Writer In this highly technical world we live in, filled with all sorts of gadgets and devices designed to keep us in touch with family, friends and business associates, the once upon a time convenience of access to the internet has become almost as necessary to some people as breathing. The internet can be accessed from your phone while in a car, from your home for pleasure or business and of course from your place of business. The access point to look out for though is accessing the internet from [read] Keywords: email mobile network security wifi wireless

201

Knock Down the Barriers: What Does Two-factor Authentication Solution Need to Have? Tue, Mar 26th 2013 2:14p Chief Content Writer At the recent RSA Conference 2013 in San Francisco, one of the resounding themes was the expansion of authentication solutions. The idea of replacing the old password as a login method is one that is feverishly being worked on by many vendors. However the main struggle for vendors is handling the tradeoff between usability and security. Matt Honan identified this after explaining that security has two tradeoffs, convenience and privacy. For example, if you implement a password policy which is un [read] Keywords: archive password security