361 Lotus blogs updated hourly. Who will post next? Home | Downloads | Events | Pods | Blogs | Search | myPL | About 
 
Latest 7 Posts
Backyard SSO Hero
Mon, Oct 20th 2014 247
How to Make an Authentication Cocktail
Fri, Oct 17th 2014 171
Breach Fatigue: Don’t Be a Victim
Tue, Oct 7th 2014 100
UPS Hacked!
Wed, Sep 17th 2014 98
The IT Professional vs. The Deadly Data Breach
Mon, Sep 15th 2014 56
You Have a Case of Identity Theft!
Mon, Aug 25th 2014 58
PayPal for Mobile: How Secure is Your PayPal Account?
Mon, Jul 21st 2014 3254
Top 10
PayPal for Mobile: How Secure is Your PayPal Account?
Mon, Jul 21st 2014 3254
Backyard SSO Hero
Mon, Oct 20th 2014 247
How to Make an Authentication Cocktail
Fri, Oct 17th 2014 171
How to Mend a Broken Heart: The Heartbleed Bug and what you need to know to protect yourself
Fri, Apr 11th 2014 161
Data Breach on Campus: Over 300,000 Exposed at University of Maryland
Fri, Feb 21st 2014 116
Breach Fatigue: Don’t Be a Victim
Tue, Oct 7th 2014 100
UPS Hacked!
Wed, Sep 17th 2014 98
From Hacktivist to Cybersleuth
Fri, Jun 20th 2014 89
Press Release: Get the Level of Identity Management Your Campus NEEDS for Office 365
Fri, Jun 27th 2014 81
More Compromised Students and Faculty
Thu, Jul 17th 2014 79


Email Provider: Not as Secure as You’d Think
Chief Content Writer    

an interesting situation with an email provider and the issues they are facing with the hijacking of customer mailboxes:

“I am sorry to hear that you were experiencing issues with email latency. We are working on making changes to resolve the issues with latency. In the meantime you may see peaks of latency. We are monitoring the servers and will clear blocked queues as they arise. These traffic jams are caused by hackers hijacking our customers mailboxes that have weak passwords. We have setup automatic suspensions to stop these mailboxes faster. We are recommending to all of our customers to make passwords as secure as possible to help prevent this issue.”

With the negative effects on their customers you have to wonder if they are supporting encrypted communications to their POP3 and SMTP servers. It seems with this provider they were still using clear-text ports 110 and 25 respectively. What they think is protecting their servers are strong passwords…but what good is a “strong password” if it’s being sent to their mail servers in the clear? When checking their password complexity rules:

“Passwords  must be 8-14 characters, with at least one letter, plus one number or special character [!@#$%^&*]”

It is amazing to think that a password such as “Password1″ would be enough to be considered strong. With email being a very weak link in many organizations it is alarming to see that this is considered secure. Many providers are operating with a false sense of security which is not disclosed to their customers. What is your email provider using?



---------------------
http://blog.pistolstar.us/blog/email-provider-not-as-secure-as-youd-think/
Dec 13, 2012
22 hits



Recent Blog Posts
247


Backyard SSO Hero
Mon, Oct 20th 2014 8:13a   Larry Conroy
So, my neighbor, Penny, peaks her head over the fence and asks me what I think about this SSO stuff.  What makes her think I even want to chat in the first place . . . the game is on and I’m stuck out here?  Can’t she see all these leaves taunting me because the leaf blower won’t start?  A more appropriate discourse would have been something like, “Hey, my kids are looking for something to do. Can they rake your leaves for you?” But never the less, as I reluctantly get off my knees [read] Keywords: applications email google outlook password security sharepoint
171


How to Make an Authentication Cocktail
Fri, Oct 17th 2014 7:12a   Rob Bellefeuille
Who doesn’t enjoy a good cocktail? James Bond liked his “shaken, not stirred” and most like them “on the rocks.” All this talk of cocktails is making me thirsty! However, today we are not here to talk about drinking a delicious drink; we are here to talk about an authentication cocktail. What is an “authentication cocktail?” An authentication cocktail is the pairing of two separate two-factor authentication (2FA) one-time password (OTP) delivery methods to make a full-bodied authen [read] Keywords: google integration password security
100


Breach Fatigue: Don’t Be a Victim
Tue, Oct 7th 2014 2:11p   Amber Ciarcia
In recent weeks, the largest bank in the United States, JP Morgan Chase & Co., has fallen victim to cybercriminals. Last Thursday, JP Morgan unveiled that hackers obtained stolen information from their customers.  This included personal information such as names, addresses, phone numbers, and e-mail addresses from over 76 million households and 7 million small businesses. Scary, right? One would think. According to a recent article from The Washington Post “Data breach fatigue follows two [read] Keywords: email mobile password security
98


UPS Hacked!
Wed, Sep 17th 2014 7:12a   Liana Lichtenwalner
“It was the best of times, it was the worst of times.” This famous quote from Charles Dickens’ classic novel, A Tale of Two Cities, gives insight into how two forces, like good and evil, are equal rivals contending for survival. The same goes for the world of cyber security. We have a world of information, convenience, and entertainment at our fingertips, and yet, in that world, there are dangers and possibilities to have valuable information stolen. In Alex Roger’s time.com article, [read] Keywords: applications best practice email network password security
56


The IT Professional vs. The Deadly Data Breach
Mon, Sep 15th 2014 8:12a   Liana Lichtenwalner
The Deadly Data Breach We know it well, the Deadly Data Breach! So many people have felt the effects of a data breach, and so many companies are scrambling to protect the personal information they have on file. I am sure data breaches are on the minds of every IT professional that has kept up with the most recent breaches. No one goes unscathed by The Deadly Breach: P.F. Changs, Goodwill, Home Depot, and numerous schools. Home Depot’s recent data breach reaches all the way back to April first [read] Keywords: application applications password security
58


You Have a Case of Identity Theft!
Mon, Aug 25th 2014 10:11a   Liana Lichtenwalner
It’s the hot topic in the news, blogs, books, and more, identity theft and security! We are all susceptible to identity theft from the individual user to the largest corporation. Author Steve Weisman has been speaking on Identity Security for years, including his blog Scamicide and in his books The Truth About Avoiding Scams and Identity Theft Alert: 10 Rules You Must Follow. The most recent breach, the Community Heath System, is one that Weisman covers in his blog entry Community Health Sys [read] Keywords: community security




3254


PayPal for Mobile: How Secure is Your PayPal Account?
Mon, Jul 21st 2014 4:12p   Liana Lichtenwalner
How secure is PayPal? Secure until you start using your mobile device. According to Kelly Higgin’s article, PayPal Two-Factor Authentication Broken, Dan Saltman, an independent researcher, “reported to PayPal that he had discovered a way to bypass two-factor authentication in Apple iOS, but after getting no response from PayPal, Saltman in April went to friends at mobile security firm Duo Security.” From there, Duo Security confirmed Saltman’s finding and helped him reach PayPal. Duo Sec [read] Keywords: apple application mobile security server
79


More Compromised Students and Faculty
Thu, Jul 17th 2014 7:12a   Liana Lichtenwalner
Recently, there was yet another security breach at a college campus. This time the victim was Butler University, where a hacker accessed over 160,000 records for current, past students and faculty. The information stolen was the typical pertinent information that is stolen in this type of breach. Names, Social Security numbers, date of birth, and bank account information. The announcement of this breach comes due to an identity theft investigation that came from California law enforcement. The p [read] Keywords: database network security
73


Violated Database: Montana Department of Public Health and Human Services
Wed, Jul 16th 2014 2:11p   Liana Lichtenwalner
Your car has been broken into, yet nothing was stolen. Nothing was stolen, so no big deal, right? WRONG! You would still feel violated, creeped out, and concerned about it happening again. The Montana Health Department has experienced a similar data breach. On May 15th, Montana’s Department of Public Health and Human Services (DPHHS) officials noticed out of the ordinary activity. After further investigation, DPHHS confirmed that a server had been breached by hackers, and according to Alison [read] Keywords: database password security server
68


Young Hacker Infiltrates High School Database
Wed, Jul 2nd 2014 11:12a   Liana Lichtenwalner
We live in a world with multiple cyber threats, many coming from alias names from countries we have never been to. Within the United States, we have our fair share of hackers that cause major problems and confiscate sensitive data. It is sad and eye opening when it happens on the high school level. Recently, a 16-year-old boy gained access to a school database that held personal information like grades and attendance. By gaining access to this database, the student was able to change multiple [read] Keywords: database password security




Created and Maintained by Yancy Lent - About - Blog Submission - Suggestions - Change Log - Blog Widget - Advertising - Mobile Edition