357 Lotus blogs updated hourly. Who will post next? Home | Downloads | Events | Pods | Blogs | Search | myPL | About 
 
Latest 7 Posts
PayPal for Mobile: How Secure is Your PayPal Account?
Mon, Jul 21st 2014 93
More Compromised Students and Faculty
Thu, Jul 17th 2014 100
Violated Database: Montana Department of Public Health and Human Services
Wed, Jul 16th 2014 139
Young Hacker Infiltrates High School Database
Wed, Jul 2nd 2014 169
Press Release: Get the Level of Identity Management Your Campus NEEDS for Office 365
Fri, Jun 27th 2014 134
From Hacktivist to Cybersleuth
Fri, Jun 20th 2014 185
Press Release: Strengthening Web Authentication, Without Overcorrecting
Thu, Jun 5th 2014 157
Top 10
How to Mend a Broken Heart: The Heartbleed Bug and what you need to know to protect yourself
Fri, Apr 11th 2014 536
Data Breach on Campus: Over 300,000 Exposed at University of Maryland
Fri, Feb 21st 2014 421
World’s Largest Beverage Company Compromised
Thu, Jan 30th 2014 392
Knock Down the Barriers: What Does Two-factor Authentication Solution Need to Have?
Tue, Mar 26th 2013 339
To E-File or Not to E-File
Mon, Feb 10th 2014 333
Hackstorm
Wed, Feb 26th 2014 330
Price vs Cost: One Man’s Opinion
Mon, Mar 3rd 2014 319
Bugged- A Glitch in Google Voice Recognition
Fri, Jan 31st 2014 305
Two More Colleges Exposed: Indiana University and North Dakota University
Fri, Mar 7th 2014 278
Hacking Your Way to Love
Thu, Jan 23rd 2014 262


Email Provider: Not as Secure as You’d Think
Chief Content Writer    

an interesting situation with an email provider and the issues they are facing with the hijacking of customer mailboxes:

“I am sorry to hear that you were experiencing issues with email latency. We are working on making changes to resolve the issues with latency. In the meantime you may see peaks of latency. We are monitoring the servers and will clear blocked queues as they arise. These traffic jams are caused by hackers hijacking our customers mailboxes that have weak passwords. We have setup automatic suspensions to stop these mailboxes faster. We are recommending to all of our customers to make passwords as secure as possible to help prevent this issue.”

With the negative effects on their customers you have to wonder if they are supporting encrypted communications to their POP3 and SMTP servers. It seems with this provider they were still using clear-text ports 110 and 25 respectively. What they think is protecting their servers are strong passwords…but what good is a “strong password” if it’s being sent to their mail servers in the clear? When checking their password complexity rules:

“Passwords  must be 8-14 characters, with at least one letter, plus one number or special character [!@#$%^&*]”

It is amazing to think that a password such as “Password1″ would be enough to be considered strong. With email being a very weak link in many organizations it is alarming to see that this is considered secure. Many providers are operating with a false sense of security which is not disclosed to their customers. What is your email provider using?



---------------------
http://blog.pistolstar.us/blog/email-provider-not-as-secure-as-youd-think/
Dec 13, 2012
108 hits



Recent Blog Posts
93


PayPal for Mobile: How Secure is Your PayPal Account?
Mon, Jul 21st 2014 4:12p   Liana Lichtenwalner
How secure is PayPal? Secure until you start using your mobile device. According to Kelly Higgin’s article, PayPal Two-Factor Authentication Broken, Dan Saltman, an independent researcher, “reported to PayPal that he had discovered a way to bypass two-factor authentication in Apple iOS, but after getting no response from PayPal, Saltman in April went to friends at mobile security firm Duo Security.” From there, Duo Security confirmed Saltman’s finding and helped him reach PayPal. Duo Sec [read] Keywords: apple application mobile security server
100


More Compromised Students and Faculty
Thu, Jul 17th 2014 7:12a   Liana Lichtenwalner
Recently, there was yet another security breach at a college campus. This time the victim was Butler University, where a hacker accessed over 160,000 records for current, past students and faculty. The information stolen was the typical pertinent information that is stolen in this type of breach. Names, Social Security numbers, date of birth, and bank account information. The announcement of this breach comes due to an identity theft investigation that came from California law enforcement. The p [read] Keywords: database network security
139


Violated Database: Montana Department of Public Health and Human Services
Wed, Jul 16th 2014 2:11p   Liana Lichtenwalner
Your car has been broken into, yet nothing was stolen. Nothing was stolen, so no big deal, right? WRONG! You would still feel violated, creeped out, and concerned about it happening again. The Montana Health Department has experienced a similar data breach. On May 15th, Montana’s Department of Public Health and Human Services (DPHHS) officials noticed out of the ordinary activity. After further investigation, DPHHS confirmed that a server had been breached by hackers, and according to Alison [read] Keywords: database password security server
169


Young Hacker Infiltrates High School Database
Wed, Jul 2nd 2014 11:12a   Liana Lichtenwalner
We live in a world with multiple cyber threats, many coming from alias names from countries we have never been to. Within the United States, we have our fair share of hackers that cause major problems and confiscate sensitive data. It is sad and eye opening when it happens on the high school level. Recently, a 16-year-old boy gained access to a school database that held personal information like grades and attendance. By gaining access to this database, the student was able to change multiple [read] Keywords: database password security
134


Press Release: Get the Level of Identity Management Your Campus NEEDS for Office 365
Fri, Jun 27th 2014 4:11p   Liana Lichtenwalner
BEDFORD, NH– (Marketwire – June 25, 2014) – Today, PistolStar, Inc. announced the integration of its PortalGuard product with Office 365. This integration will give administrators the power to choose the level of convenience and security they desire for their students and faculty while accessing Office 365, including: -Self Service Password Reset (SSPR) -Single Sign-on (SSO) -Two-factor Authentication With PortalGuard integrated with Office 365, schools now get the level of ide [read] Keywords: applications desktop email google integration interface office password security
185


From Hacktivist to Cybersleuth
Fri, Jun 20th 2014 8:11a   Liana Lichtenwalner
It’s just like something from out of the movies: criminal mastermind gets caught, turns from his wicked ways, and eventual unveils a piece of the criminal mastermind world to help out the good guys. There is something intriguing in being able to see into the criminal mastermind and get a behind the scenes look at the secret life of these hacktivist. In the hacktivists’ world, there is a network of secret groups and ominous aliases that threaten to breach and expose a multitude of private and [read] Keywords: network




157


Press Release: Strengthening Web Authentication, Without Overcorrecting
Thu, Jun 5th 2014 3:11p   Liana Lichtenwalner
CLICK to View Video BEDFORD, NH–(Marketwired – Jun 3, 2014) – Today, PistolStar, Inc. announced immediate availability of PortalGuard’s newest solution, PassiveKey. PortalGuard’s PassiveKey is a customer driven response to deliver the latest in innovative identity solutions. PassiveKey transparently enables two-factor authentication while allowing the user to login with the familiar username/password approach. This simultaneously strengthens authentication and elimi [read] Keywords: password security server
186


Honesty is the Best Policy: Passwords, IT Security Professionals, and Llamas!
Tue, Jun 3rd 2014 8:14a   Liana Lichtenwalner
Well, the truth is that many organizations are just not enforcing the basics of Password Best Policies (PBP), never mind investing and enforcing stronger identity security. With much emphasis on ROI, the truth is IT Security Professionals make the dangerous decision to purchase the minimal authentication solution just to have “something” in place. And the truth about Llamas is never tick-off a Llama; they spit when provoked or threatened! Passwords are precious things and have lost their i [read] Keywords: policies password security
179


Google Removes Ad Scanning for Education Apps in Education for Good
Tue, May 6th 2014 12:11p   Rob Bellefeuille
Recently, Google made an announcement via their blog stating they will be permanently removing any form of ad scanning for applications associated with education users. Google was quick to point out that they never intended to collect data in education based Apps, and in the past, an Admin on campus would have had to enable the ad scanning. However, even if the admin had enabled ad scan, it will no longer be enabled within their environment. To give you a brief overview of the ad scan, it is a b [read] Keywords: admin applications archiving email google security virus xml
202


Alarmingly Low Rate of Employees Receive Security Awareness Training
Wed, Apr 23rd 2014 11:11a   Rob Bellefeuille
With the state of the economy, it is not too shocking that only 43% of employees receive security awareness training. Many companies have been faced with reducing their workforce and running “leaner and meaner,” thus devoting all hours of the workday to improving the companies bottom-line. It is hard to believe that such an important element has gone the way of the Dodo bird. One would think that more time would be dedicated to security training given the recent and highly publicized securit [read] Keywords: best practice email enterprise mobile password security




Created and Maintained by Yancy Lent - About - Blog Submission - Suggestions - Change Log - Blog Widget - Advertising - Mobile Edition