Cyber Access Control | MFA Enterprise Password Management | Access Smart

Archive for Hackers,

Biometrics Are Less Secure Than Passwords

Biometrics give a false sense of security.

Biometrics authenticationOn Sept 23, 2015, Office of Personnel Management (OPM) revised the number of stolen fingerprint files to 5.6 million! Why should you care?

Some security pundits believe that biometrics are far more secure than passwords. They argue that since everyone has unique identifiers like their voice, iris, face and fingerprints, why not use these to authenticate a user in to a computer network? Sounds logical and from a theoretical perspective, it’s true. But major flaws become apparent during implementation. Read More→

ZeroAccess botnet disrupted

By Microsoft, the FBI, Europol and industry partners. It’s about Time!

Cyber Access ControlIn the past I have written many blogs about how software companies and OS developers need to start taking security more seriously.  While Microsoft has been a focus of mine, it seems that they are finally being proactive.  While there new Digital Crime Unit is important, they also need to start reworking an entirely new operating system from scratch with no backward compatibility to DOS or older versions of Windows.  The Operating System should start from a security stance and then build in functionality.  Plus, the rollout can be limited to get other software companies to make changes to their programs, but in five years “Patch Tuesdays” should be a footnote in history books.

The following is an excerpt from a recent Microsoft press release on ZeroAccess. Read More→

Would you like some Salt on your Hash?

Salted Hash – The one-way encryption for password security.

Hash the passwordsOk, I’m not talking about that potato hash you love with your eggs.  I am talking about the encryption hash that needs to be used to safeguard computer data files like passwords.

 A hash is an encryption algorithm that takes any size block of data (called the “message”) and then calculates and assigns it a fixed size valuation (called the “hash value”).  For example, hashing of the word “Password” might generate the valuation “15c626b06ae6624f47404d0728”.  Every time the same hash is run through the same message the same valuation will be calculated.  This is a great way verify that no changes occurred in the message during access or transmission since even the smallest change will generate a completely different hash value.

What also makes hashing so popular in computer security is that it’s a one way encryption; meaning that the hash value calculated cannot be reversed to recreate the original message. 

More and more password data files are no longer storing user passwords in cleartext.  That’s because if a massive security breach occurs then all the cleartext password files would be compromised.  Hashing the passwords and storing only the value greatly reduces the danger.  Note I said reduces, not eliminates the danger.  That where a little salt is added for flavor. Read More→

Businesses Can Stop Identity Theft

87% of all business owners who seriously inquire about Power LogOn® end up buying it. Before I go into why, here are some new findings from Javelin Strategy & Research’s network access authentication partners for Access Smartlatest report 2013 Identity Fraud Report: Data Breaches Becoming a Treasure Trove for Fraudsters:

  • Identity fraud incidents and amount stolen increased—The number of identity fraud incidents increased by one million more consumers over the past year, and the dollar amount stolen increased to $21 billion, a three-year high but still significantly lower than the all-time high of $47 billion in 2004. This equates to 1 incident of identity fraud every 3 seconds. Read More→

Are you an SEO Cyber Mule? I was.

Cyber MuleAn SEO Cyber Mule or SEO Hack is when unauthorized links are embedded into your website without your knowledge for the sole purpose of increasing Google rankings. For Google to increase a site rankings they look for the number of one-way backlinks. That’s why the hackers do it. In most cases these links are to pornographic movies, material and services that have nothing to do with your business. These links are positioned so they don’t actually appear on the webpage, but Google can still see them when they send in the spiders. So why is this problem?

Other than the obvious reason that someone has injected code into your site without your permission, the bigger issue is that if Google discovers these links and deems them inappropriate, your site will be blacklisted. Blacklisting is when Google and other search engines no longer index your site. When someone is searching using your keywords, your site will never come up.  Google often never informs web owners that they have been blacklisted, and the effort to get off the list can be very time consuming. Read More→