Major Web browsers fail password protection tests | Zero Day | ZDNet.com
That nifty password management feature in your favorite Web browser could be helping identity thieves pilfer your personal data.
Archive for the ‘Security’ Category
Major Web browsers fail password protection tests
Tuesday, December 16th, 2008Border Biometrics: “Zero Benefit”?
Friday, December 12th, 2008Border Biometrics: “Zero Benefit”? – The Technology Liberation Front
Good summary: “We’re doing ourselves more harm than we’re preventing with border biometrics…”
Also worth noting is the comment that “terrorists are fungible”.
Criminals infiltrating Canada’s airports
Thursday, December 11th, 2008Criminals infiltrating Canada’s airports: RCMP
A national RCMP inquiry has concluded that all of Canada’s major airports have been infiltrated by organized crime.
This has to be right up there with a headline like, “Member of Overeaters Anonymous found working in food services” Geez Louise, OF COURSE organized crime is seeking to be embedded in airports – that’s the sensible place to be to bring contraband in and out. It might be easier to deal with this if we hadn’t put so much money into the essentially useless passenger screening and no-fly lists. Those exercises are political security theatre, instead of real measures.
Schneier on Security: Audit
Thursday, December 11th, 2008The following is alway worth repeating. According to Schneier on Security: Audit,
“For computerized database systems like that — systems entrusted with other people’s information — audit is a very important security mechanism. Hospitals need to keep databases of very personal health information, and doctors and nurses need to be able to access that information quickly and easily. A good audit record of who accessed what when is the best way to ensure that those trusted with our medical information don’t abuse that trust. It’s the same with IRS records, credit reports, police databases, telephone records – anything personal that someone might want to peek at during the course of his job.”
U.S. air security called ‘Kafkaesque’
Monday, November 24th, 2008TheStar.com | Canada | U.S. air security called ‘Kafkaesque’
New U.S. rules intended to beef up air security threaten the privacy of Canadians, pose financial headaches for small airlines and could disrupt the plans of sun-seeking travellers, critics say.
What are the benchmarks?
Monday, September 8th, 2008From the Centre for Internet Security.
What are the benchmarks?
For the first time ever, a large group of user organizations, information security professionals, auditors and software vendors have defined consensus technical control specifications that represent a prudent level of due care and best-practice security configurations for computers connected to the Internet.
<Now for someone to figure out how to do the same for privacy!>
Elcomsoft turns your PC into a password cracking supercomputer (gulp) – Engadget
Friday, October 26th, 2007Elcomsoft turns your PC into a password cracking supercomputer (gulp) – Engadget
An NTLM-hashed Microsoft Vista password, for example, can now be cracked in 3 to 5 days
I have to wonder if there are the equivalents of chopshops for stolen laptops? The idea is that a laptop thief just takes their newly acquired laptop to the shop, sells it for the price of hot hardware, and then moves on. The chopshop then has the laptop to hack and crack. They can make money two ways – confidential and identity data sales, and hardware resale on the “Don’t ask why you’re getting such a good price market” with a ‘refurbished’ laptop.
TD Ameritrade & 6.3 million records
Sunday, September 16th, 2007According to attrition.org TD Ameritrade has acknowledged that one of it’s databases has been hacked, and contact information for more than 6.3 customers has been absconded with. On their home page this is referred to in reference to “SPAM investigations”. Ameritrade has known about the problem at least since late May, when they were sued by a couple of customers regarding e-mails that the customers were getting. Let us hope for everyone’s sake that this is only a SPAM related breach, and that the data doesn’t get used more harmfully.
No security system can be perfect, so a critical part of any well thought our security strategy has to be, “What’s the communication plan in the event of a breach?” I’d like to see the communications plan that this one came from! If you are a non-security executive and someone from IT (doesn’t matter if they are in your company or a hired gun) comes up to you and says, “We got it all covered, you don’t need an emergency communications plan” you should consider releasing them to be successfully somewhere else, preferably with your competition. They are either willfully lying or willfully ignorant.
I await further developments to see the consequences, or lack thereof, from this bit of news.