tag:blogger.com,1999:blog-7671318245642029158.comments2023-11-13T08:16:18.443-06:00Security and CoffeeBarryhttp://www.blogger.com/profile/03630515171565551105noreply@blogger.comBlogger39125tag:blogger.com,1999:blog-7671318245642029158.post-80826286466150393862019-06-25T09:51:36.421-05:002019-06-25T09:51:36.421-05:00It was very informative post and shows the importa...It was very informative post and shows the importance of incident response and <a href="https://www.cyberbit.com/blog/ot-security/industroyer-crashoverride-ot-malware/" rel="nofollow">NIST incident response process</a>. Thanks for sharing<br />Holtonhttps://www.blogger.com/profile/02255314007695845036noreply@blogger.comtag:blogger.com,1999:blog-7671318245642029158.post-91489216441272563562018-09-24T12:50:52.511-05:002018-09-24T12:50:52.511-05:00Credit freezes are now free in all states. You can...Credit freezes are now free in all states. You can read the details on Brian Kreb's security blog - https://krebsonsecurity.com/2018/09/credit-freezes-are-free-let-the-ice-age-begin/#more-45121Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-7671318245642029158.post-2994606948058588702018-02-06T12:06:34.489-06:002018-02-06T12:06:34.489-06:00Too bad they took the Betty White video down as it...Too bad they took the Betty White video down as it was really funny.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-7671318245642029158.post-78236200666992889652017-07-10T12:36:01.342-05:002017-07-10T12:36:01.342-05:00It proved to be Very helpful to me and I am sure t...It proved to be Very helpful to me and I am sure to all the commentators here! <br />security technology https://www.itomhq.uk/blog/noreply@blogger.comtag:blogger.com,1999:blog-7671318245642029158.post-63082722193368923362017-07-08T02:02:20.197-05:002017-07-08T02:02:20.197-05:00Thanks so very much for taking your time to create...Thanks so very much for taking your time to create this very useful and informative blog. I have learned a lot from your blog. Thanks!!<a href="http://www.homeofsoftware.com//" rel="nofollow">internet security</a>Anonymoushttps://www.blogger.com/profile/14164856555387187272noreply@blogger.comtag:blogger.com,1999:blog-7671318245642029158.post-70911508809886372252017-05-11T21:47:45.847-05:002017-05-11T21:47:45.847-05:00Nice post Barry. Enjoyed reading it. Nice post Barry. Enjoyed reading it. Ernesthttps://www.blogger.com/profile/10317020868512831332noreply@blogger.comtag:blogger.com,1999:blog-7671318245642029158.post-79528306823563674452017-04-11T20:17:08.223-05:002017-04-11T20:17:08.223-05:00Great post. As both a security pro and a commercia...Great post. As both a security pro and a commercial daycare center owner this subject is something I need to put more thought into. My center provides 3rd Party gym, language, music, and technology teachers to our little ones. Maybe this is a good time to introduce some sort of "ethics" training for pre-K students. I'll run it by my director! Thanks Barry!Anonymoushttps://www.blogger.com/profile/11764070033198648086noreply@blogger.comtag:blogger.com,1999:blog-7671318245642029158.post-49387131049371411372017-03-07T19:12:48.247-06:002017-03-07T19:12:48.247-06:00Hi Ernest, Great question! Of course, any service ...Hi Ernest, Great question! Of course, any service provider or any business at all, could have breach. What makes Yahoo! "special" is both the number of consecutive issues as well as the blatant and publicized disregard of the issues by management.Barryhttps://www.blogger.com/profile/03630515171565551105noreply@blogger.comtag:blogger.com,1999:blog-7671318245642029158.post-28023883213747593712017-03-07T11:41:01.692-06:002017-03-07T11:41:01.692-06:00Barry, are these issues unique to Yahoo? Are other...Barry, are these issues unique to Yahoo? Are other services more secure? As you know absence of a breach announcement doesn't necessarily mean similar breaches haven't occurred elsewhere.Ernesthttps://www.blogger.com/profile/10317020868512831332noreply@blogger.comtag:blogger.com,1999:blog-7671318245642029158.post-61405475258785160732017-03-02T16:11:03.296-06:002017-03-02T16:11:03.296-06:00nice postnice postJimyhttps://www.blogger.com/profile/07349555226330578834noreply@blogger.comtag:blogger.com,1999:blog-7671318245642029158.post-45978110085949330892017-02-28T10:55:44.955-06:002017-02-28T10:55:44.955-06:00It's a good thing Verizon is buying Yahoo! bec...It's a good thing Verizon is buying Yahoo! because the Yahoo! name has lost all credibility with their user community. Will I delete my 20-year old email account with Yahoo!? Maybe...Anonymoushttps://www.blogger.com/profile/12137038237155700559noreply@blogger.comtag:blogger.com,1999:blog-7671318245642029158.post-28452233010957754602017-02-28T03:15:02.789-06:002017-02-28T03:15:02.789-06:00Good post! Thanks for sharing this information. I ...Good post! Thanks for sharing this information. I appreciate it. It is very beneficial for visitors.Visit: <a href="http://quanticsecurity.com.au/" rel="nofollow">Access Security</a>Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-7671318245642029158.post-26645357076901812042017-02-15T10:08:56.062-06:002017-02-15T10:08:56.062-06:00This comment has been removed by a blog administrator.Anonymoushttps://www.blogger.com/profile/05933253257525088918noreply@blogger.comtag:blogger.com,1999:blog-7671318245642029158.post-79580023000553746542017-01-02T21:34:07.879-06:002017-01-02T21:34:07.879-06:00I stumbled across your blog and wanted to let you ...I stumbled across your blog and wanted to let you know that I'm the author of http://tcpdump101.com listed here. Just wanted to say thanks to you and your submitter and that I hope you and your readers find it useful.<br /><br />Cheers,<br /><br />Gr@ve_Rose<br />Gr@ve_Rosehttps://www.blogger.com/profile/03004176116963292276noreply@blogger.comtag:blogger.com,1999:blog-7671318245642029158.post-61923876791578752872016-09-20T11:08:05.530-05:002016-09-20T11:08:05.530-05:00Done it many times, even to the point of getting t...Done it many times, even to the point of getting them to look at THEIR computer as suspect. :) ShannonAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-7671318245642029158.post-55536145159372367832016-06-10T08:55:05.338-05:002016-06-10T08:55:05.338-05:00File sharing products like Dropbox, OneDrive and G...File sharing products like Dropbox, OneDrive and Google Drive are made for consumers not for business. When you start using it for your company you will discover that you miss some features. Therefore my company use Virtual <a href="https://www.idealsvdr.com/" rel="nofollow">data room services</a>.Anonymoushttps://www.blogger.com/profile/14036616259587055782noreply@blogger.comtag:blogger.com,1999:blog-7671318245642029158.post-63640308238790891792016-04-07T13:17:15.323-05:002016-04-07T13:17:15.323-05:00If not when is a very appropriate title! We are al...If not when is a very appropriate title! We are all at some point going to be effected by a malicious hacker, it is how the companies we trust with our information handle such a attacks will determine our loyalty to them! Clea Levinsonhttp://nvisium.comnoreply@blogger.comtag:blogger.com,1999:blog-7671318245642029158.post-90029932575740669832015-11-19T14:26:44.138-06:002015-11-19T14:26:44.138-06:00Thanks for the ISSA webinar Barry - definitely tho...Thanks for the ISSA webinar Barry - definitely thought provoking, in fact I've written a piece on my blog , prompted by some of the things you said: see http://blog.noticebored.com/2015/11/security-awareness-without-resources-5.html<br /><br />Kind regards, GaryGaryhttps://www.blogger.com/profile/03271148849000325301noreply@blogger.comtag:blogger.com,1999:blog-7671318245642029158.post-58255631361227402922015-02-10T12:54:03.428-06:002015-02-10T12:54:03.428-06:00The bulk of Tax ID Theft comes from medical record...The bulk of Tax ID Theft comes from medical records, social services and government databases and employees. See hundreds of reports at https://twitter.com/ancestralmanor AncestralManorhttps://www.blogger.com/profile/01955861722299073150noreply@blogger.comtag:blogger.com,1999:blog-7671318245642029158.post-46680750557852048432014-09-09T20:15:29.161-05:002014-09-09T20:15:29.161-05:00Nice article, Barry.Nice article, Barry.Kathleen Hertensteinnoreply@blogger.comtag:blogger.com,1999:blog-7671318245642029158.post-37147998641528361792014-06-21T22:31:49.458-05:002014-06-21T22:31:49.458-05:00Jarrod - You are correct that 1-way hashes are def...Jarrod - You are correct that 1-way hashes are definitely a requirement. I definitely favor either non-expiring passwords or longer expiration intervals. I don't believe in changing a password base solely on the calendar.<br /><br />Diane - you must help lead the charge! There are other universities that use this policy. Granted, they are not like full-out gov't agencies, but many are part of state government. I think part of the problem is that we need good tools that can handle these non-standard policies. Your other point is on expiration - and, of course, we did have non-expiring passwords for a while but fed audit requirements forced that change. We'll continue to push for modern policies across the board. And, of course, if we all can use vaults then may we don't care how complex a pw is nor how often we may need to change.<br /><br /> Thanks!Barryhttps://www.blogger.com/profile/03630515171565551105noreply@blogger.comtag:blogger.com,1999:blog-7671318245642029158.post-68663634142030659202014-06-21T17:06:29.914-05:002014-06-21T17:06:29.914-05:00From the system side, I don't see my (governme...From the system side, I don't see my (government) organization ever accepting this sort of flexible approach, we are married to those 8 characters. Plus, I finally manage to construct I can remember and then it expires. As if every month some hacker is working away trying to guess mine and just before he gets the key I change the lock? Don't think so. As a consumer I LOVE this. I can create longer passwords that I can remember, potentially varying something I can remember about each site so I can have a slew of strong passwords I can remember without repeating the same one all over the internet. ( I do use a vault, , but this could save some steps and help when I am on different machines.) Thanks for the post.Anonymoushttps://www.blogger.com/profile/06639761945842260118noreply@blogger.comtag:blogger.com,1999:blog-7671318245642029158.post-2314481255138300012014-05-15T13:24:02.165-05:002014-05-15T13:24:02.165-05:00Of course, you could save your last 12 hashes. So...Of course, you could save your last 12 hashes. So to be more specific, the policy can't say "too similar" to previous 12. In THAT case, your policy is effectively demanding storage of cleartext passwords (and probably contradicts another clause that says you can't use cleartext storage).Slonobhttps://www.blogger.com/profile/01545404427813332468noreply@blogger.comtag:blogger.com,1999:blog-7671318245642029158.post-15344413241824141062014-05-15T10:41:38.314-05:002014-05-15T10:41:38.314-05:00This implies, of course. that the implementation c...This implies, of course. that the implementation can support arbitrary lengths (20+). In practice, this usually means that one way hashes are used. This is because no matter the length of the input, the output of most hash algorithms produces a fixed length as output. In other words, Stanford University is not likely storing a blob in their user store. <br /><br />This also implies that other items in the policy do not contradict a hash method of storage. For example, if the system cannot reverse the hash (without resorting to brute-forcing itself), then you can't make a rule that says that a new password cannot be the same as any of the last 12 (you can only assure that it's not the same as the one being replaced). Of course, if you don't favor expiring passwords then this is not likely going to be part of your policy.<br /><br />Great food for thought. Thank you.<br /><br />-Jarrod<br />Slonobhttps://www.blogger.com/profile/01545404427813332468noreply@blogger.comtag:blogger.com,1999:blog-7671318245642029158.post-65370667726842990132014-05-15T10:07:22.473-05:002014-05-15T10:07:22.473-05:00Hi Randy, good comments. Password reuse is defini...Hi Randy, good comments. Password reuse is definitely a problem. In this post, http://securityandcoffee.blogspot.com/2013/10/online-self-defense-passwords.html, I talk about a study stating that the average person has passwords on 25 different sites, yet they use on 6.5 different passwords! A great attack case here is to try stolen credentials on bank sites, retail sites, etc. I think the only solution is using unique passwords - and use of a vault really helps support this. Back at the office we should remind staff to not reuse work passwords at outside sites.<br /> Thanks!Barryhttps://www.blogger.com/profile/03630515171565551105noreply@blogger.com