Category: Security technology

Auto Added by WPeMatico

Frequent Password Changes Is a Bad Security Idea

Posted on By infossl
academicpapers, algorithms, passwords, Security technology, securitypolicies

I’ve been saying for years that it’s bad security advice, that it encourages poor passwords. Lorrie Cranor, now the FTC’s chief technologist, agrees: By studying the data, the researchers identified common techniques account holders used when they were required to change passwords. A password like “tarheels#1”, for instance (excluding the quotation marks) frequently became “tArheels#1” … Read More “Frequent Password Changes Is a Bad Security Idea” »

Security Vulnerabilities in Wireless Keyboards

Posted on By infossl
hacking, keylogging, Security technology, vulnerabilities, wireless

Most of them are unencrypted, which makes them vulnerable to all sorts of attacks: On Tuesday Bastille’s research team revealed a new set of wireless keyboard attacks they’re calling Keysniffer. The technique, which they’re planning to detail at the Defcon hacker conference in two weeks, allows any hacker with a $12 radio device to intercept … Read More “Security Vulnerabilities in Wireless Keyboards” »

New Presidential Directive on Incident Response

Posted on By infossl
cyberattack, fbi, incidentresponse, nationalsecuritypolicy, Security technology

Last week, President Obama issued a policy directive (PPD-41) on cyber-incident response coordination. The FBI is in charge, which is no surprise. Actually, there’s not much surprising in the document. I suppose it’s important to formalize this stuff, but I think it’s what happens now. News article. Brief analysis. The FBI’s perspective. Powered by WPeMatico

NIST is No Longer Recommending Two-Factor Authentication Using SMS

Posted on By infossl
authentication, nist, Security technology, sms, twofactorauthentication

NIST is no longer recommending two-factor authentication systems that use SMS, because of their many insecurities. In the latest draft of its Digital Authentication Guideline, there’s the line: [Out of band verification] using SMS is deprecated, and will no longer be allowed in future releases of this guidance. Powered by WPeMatico

Detecting When a Smartphone Has Been Compromised

Posted on By infossl
academicpapers, malware, phones, Security technology, securityengineering, tracking

Andrew “bunnie” Huang and Edward Snowden have designed a smartphone case that detects unauthorized transmissions by the phone. Paper. Three news articles. Looks like a clever design. Of course, it has to be outside the device; otherwise, it could be compromised along with the device. Note that this is still in the research design stage; … Read More “Detecting When a Smartphone Has Been Compromised” »

Real-World Security and the Internet of Things

Posted on By infossl
cybersecurity, hacking, internetofthings, movieplotthreats, nationalsecuritypolicy, nsa, Security technology, securityengineering

Disaster stories involving the Internet of Things are all the rage. They feature cars (both driven and driverless), the power grid, dams, and tunnel ventilation systems. A particularly vivid and realistic one, near-future fiction published last month in New York Magazine, described a cyberattack on New York that involved hacking of cars, the water system, … Read More “Real-World Security and the Internet of Things” »

The Security of Our Election Systems

Posted on By infossl
Security technology

Russia was behind the hacks into the Democratic National Committee’s computer network that led to the release of thousands of internal emails just before the party’s convention began, U.S. intelligence agencies have reportedly concluded. The FBI is investigating. WikiLeaks promises there is more data to come. The political nature of this cyberattack means that Democrats … Read More “The Security of Our Election Systems” »