Schneier – On the Security of Password Managers

This is a very interesting read.  I do not believe these noted issues should warrant the abandonment of password management tools.  As the author states, much of the security concern lies in whether or not you consider your workstation secure and trusted.  Password managers in combination with multi-factor authentication mechanisms is a sound and strong approach to credentials management.

https://www.schneier.com/blog/archives/2019/02/on_the_security_1.html

TurboTax Hit with Cyberattack, Tax Returns Compromised

We are in the heart of tax season, so a compromise of this type and significance is particularly concerning and timely.  Please take note and manage your identity information and review process carefully, especially if you use or have used this service in the past.

https://www.darkreading.com/threat-intelligence/turbotax-hit-with-cyberattack-tax-returns-compromised/d/d-id/1333954

Adobe patches the same critical Reader flaw twice in one week

As the article author states, it has been an embarrassing few days for Adobe and their patch process.  Though we like to poke fun at Adobe and we often whine about the ongoing parade of vulnerabilities, do not get lulled into a state where patches are missed and systems are left vulnerable.  Please review your environment and patch accordingly.

https://nakedsecurity.sophos.com/2019/02/25/adobe-patches-the-same-critical-reader-flaw-twice-in-one-week/

8-Character Windows NTLM Passwords Can Be Cracked In Under 2.5 Hours

Though many like to pretend that the debate is still alive and relevant, I tend to agree with the authors of this post from KnowBe4 – the 8 character password is dead.  It has honestly been dead for some time.  We need to move forward and consider stronger, more effective and memorable pass-phrases combined with multi-factor authentication options whenever available.

The NIST standard of “complex” 8 character passwords is mentioned in this post, but it is also worth mentioning that even NIST has recognized it is time to move beyond that standard.  New, revised standards are coming that involve less password rotation and more lengthened pass-phrases.

These steps are honestly not hard and they will keep your data safer than the good ol’ days of “Petsname123”.

https://blog.knowbe4.com/8-character-windows-ntlm-passwords-can-be-cracked-in-under-2.5-hours