Krebs – Would You Use This ATM?

July 28, 2016 / mbenlawson / Leave a comment

I had to share this article by Mr. Krebs for a variety of reasons, not the least of which is I have seen ATM’s like this in the wild. It happens far too often and admins and users alike ignore the pitfalls for the sake of convenience. Beware!

http://krebsonsecurity.com/2016/07/would-you-use-this-atm/

LastPass Patches Ormandy Remote Compromise Flaw

July 28, 2016 / mbenlawson / Leave a comment

A patch for the most recent vulnerability in LastPass has been released. Please review your browser extensions and patch accordingly.

https://threatpost.com/lastpass-patches-ormandy-remote-compromise-flaw/119533/

Citibank IT guy deliberately wiped routers, shut down 90% of firm’s networks across America

July 28, 2016 / mbenlawson / Leave a comment

This is a valuable cautionary tale and it happens more often than any of us want to admit. Insider threats are very real and should be considered as a valid risk in every level of IT Security planning.

http://www.tripwire.com/state-of-security/featured/citibank-it-guy-deliberately-wiped-routers-shut-down-90-of-firms-networks-across-america/

Why does Kevin Mitnick recommend 20-character passwords?

July 27, 2016 / mbenlawson / Leave a comment

This is an interesting read on password/passphrase length by the team at KnowBe4.

https://blog.knowbe4.com/why-does-kevin-mitnick-recommend-20-character-passwords

NIST Recommends SMS Two-Factor Authentication Deprecation

July 27, 2016 / mbenlawson / Leave a comment

This is an intriguing draft document by NIST concerning SMS and two-factor authentication. This is a commonly used technique for many two-factor providers so conversion to more secure methods may take time. This is certainly not a finalized recommendation and adoption will take time if it moves forward.

https://threatpost.com/nist-recommends-sms-two-factor-authentication-deprecation/119507/

LastPass password manager “zero-day” bug hits the news

July 27, 2016 / mbenlawson / Leave a comment

This is a very good, common sense explanation of the “zero-day” vulnerability that has been discussed in the press for the popular password manager LastPass. I agree that caution is warranted, but I do not believe it is time to wholesale abandon the product or the use of password managers in general. Watch for the patch and apply as soon as possible.

https://nakedsecurity.sophos.com/2016/07/27/lastpass-password-manager-zero-day-bug-hits-the-news/

Time is of the Essence: Announcing the Cisco 2016 Midyear Cybersecurity Report

July 26, 2016 / mbenlawson / Leave a comment

Cisco has released their Mid-Year Cybersecurity report. Enjoy!

http://blogs.cisco.com/security/announcing-the-cisco-2016-midyear-cybersecurity-report

Virtual Sweater Vest

The Random Thoughts of a Former Philosopher and Current IT Security Professional

Month: July 2016

Krebs – Would You Use This ATM?

LastPass Patches Ormandy Remote Compromise Flaw

Citibank IT guy deliberately wiped routers, shut down 90% of firm’s networks across America

Why does Kevin Mitnick recommend 20-character passwords?

NIST Recommends SMS Two-Factor Authentication Deprecation

LastPass password manager “zero-day” bug hits the news

Time is of the Essence: Announcing the Cisco 2016 Midyear Cybersecurity Report