password

RSS

  • WikiLeaks, Guardian furious at source of security breach: the two of them

    Posted September 1, 2011 - 5:38 pm

    WikiLeaks' founder Julian Assange posts blistering editorial blaming Guardian newspaper for publishing a secret password decrypting 130K cables, which Assange posted in the first place. Guardian editor points finger at Assange, injures self in convolutions trying to avoid blame.

  • Cloud cracks home wireless router; giant hammer squishes ant

    Posted January 11, 2011 - 12:19 pm

    Hackers using Amazon's EC2 to crack WLANs is no threat to corporate IT, but does highlight new options for ambitious, cash-strapped crackers.

  • Six password security tips to learn from the Gawker hack

    Posted December 20, 2010 - 4:47 pm

    The Germans have a word for it: Schadenfreude, taking pleasure in someone else's misfortune. And I have to admit, I did a feel a twinge of satisfaction when Gawker, one of the snarkiest and most self-satisfied collection of sites on the Web, was hacked. But I do worry about the 1.2 million people whose passwords were stolen and posted on the Web for any moderately skilled bad guy to crack and use.

  • FBI investigating Gawker Media hack

    Posted December 14, 2010 - 1:55 pm

    The FBI confirmed to PC World that it is investigating the recent intrusion by a group of hackers into Gawker Media's servers last weekend. The hack exposed more than 200,000 reader e-mail addresses and passwords, and the data is now circulating online as a peer-to-peer torrent file. An FBI representative declined to comment further about the ongoing investigation; however, Gawker Media founder and CEO Nick Denton was scheduled to meet with federal authorities on Monday, according to The New York Post .

  • Are passwords a waste of time?

    Posted May 3, 2010 - 7:56 pm

    I apologize up front for jumping into this debate, but I couldn't resist. Not a week goes by, or so it seems, without some newspaper, magazine or TV show (apologies to my media brethren) lambasting security and IT professionals because they force unnecessary security controls on the poor, downtrodden consumer or worker. It's as if your security requirements are designed to make everyone's life miserable with little or no benefit. You evil CSOs! My heart bleeds for the poor peasants whom you oppress.

  • Best Time to Change Your Password

    Posted December 4, 2009 - 7:18 pm

    A strong password is one that is at least 8 characters long with mixed upper- and lower-case letters, some non-letter characters, and that doesn't follow a pattern that could be easily guessed (for example "12345678"), says Gene Spafford, professor with the Center for Education and Research in Information Assurance and Security (CERIAS) at Perdue University.

  • Where Google Chrome security fails: the password

    Posted November 23, 2009 - 11:42 am

    Google promises that Chrome will be a much more secure than Windows. Well, yes, but it also has one big problem as well.

  • Avoiding Password Hell

    Posted October 28, 2009 - 11:11 am

    Some people seem to think that long, complicated passwords that change frequently are great for security. They couldn't be more wrong.

  • Study: Secret questions don't safeguard passwords

    Posted May 19, 2009 - 12:20 pm

    Free e-mail providers often present a so-called "secret question" as a verification mechanism to reset an account password. But the answer is often easily guessable by other people who know the account holder, according to a new study to be released during the IEEE Symposium on Security and Privacy.

  • Password Seeks Partner For Long-Term, Secure Relationship

    Posted May 11, 2009 - 8:17 am

    Passwords have been standing guard over our computer user accounts seemingly forever; for a long while, and for most purposes, they could go it alone. But it's no secret that passwords are no longer sufficient as the sole means of granting access to critical networks, applications, and data.

  • Social networking security: Protect yourself

    Posted December 22, 2008 - 9:58 am

    If you're wading in the social networking pool, revisiting some core security principles can protect you from spammers and other characters on Facebook who can ruin your computer or identity.

  • Adobe admits new PDF password protection is weaker

    Posted December 5, 2008 - 12:01 pm

    Adobe made a critical change to the algorithm used to password-protect PDF documents in Acrobat 9, making it much easier to recover a password and raising concern over the safety of documents.

  • Google Tech talk on Password Reset

    Posted August 14, 2008 - 11:35 pm

    In a recent post, I described the problems with password reset, and how current password reset questions can be attacked. Watch my recent Google Tech talk on this subject...

  • What is worse than reusing passwords?

    Posted August 12, 2008 - 8:22 pm

    Think your password resets are secure? Think again. The city you grew up in and your mother's maiden name can be derived from public records. Facebook might unwittingly tell the name of your best friend. And, until quite recently, Ford with its 25% market share had a pretty good chance of being the brand of your first car!

  • Password aging, part 1

    Posted October 5, 2005 - 7:44 am

    While it's clearly possible to use the /etc/passwd and /etc/shadow files in Solaris and other Unix systems without making use of the password aging features, you could be taking advantage of these features to encourage your users to practice better security -- and, with the right password aging values, you can configure a good password-changing policy into your system files while limiting the risk that your users will be locked out of their accounts. In this week's column, we look at the various fields in the shadow file that govern password aging and suggest settings that might give you the right balance between user convenience and good password security.
Ask a Question