Importance of Password Expiration | Don’t have it – Why Not?

The importance of password expiration is an interesting topic for me.  It’s all over the place online – and rightfully so.  There are tons of questions floating around out there: what is the best duration for a password, should be the same expiration rate for each user, is password expiration beneficial.  It can sometimes be a bit overwhelming to look at.  That being said: there are also areas surrounding the importance of password expiration that are somewhat debated (much like the last question above). In that regard, I would like to take a look at an older article I found interesting and debate some of the claims therein.  Catch up after the jump!

Simple USB Token Logon | Secure Authentication

Passwords.  Did you even read that word?  Passwords are such a staple of everyday life now that we hardly even recognize when the word even plants itself in front of us.  Half of the time, a website asks us to enter a username or ID and we immediately fill the blank space beneath it with a password.  We don’t even think about it.  That’s just the way things are now, especially with people.  Don’t you think it would be nice if you could login without a password though? Sure, it sounds simple, but what about the fallout surrounding the security vulnerabilities inherent in using no password?  Let’s talk about that after the jump!

Authentication Best Practices - Brief History of Security

We talk a lot about the digital age of warfare here at HackerAttacker.  It’s kind of the most popular aspect of the digital age today.  Just take a look at history; war is always resting at or about the pinnacle of the public forum.  Why mess with a classic? When it comes to security and authentication best practices, however, there are more avenues to peruse than simply the digital side of warfare.  In that element, we are going to take a look at some older forms of deception and how they play a role in the social relationships inherent in digital security and authentication.

War is Changing: Digital Authentication and Security Solutions

War is changing.  We’ve talked about this before, but the state of war between nations is evolving every day. What once was a sequence of battles between armies, marching in line towards each other, has now become a digital minefield of secrecy, deception, and cyber attacks.  It’s one of the age-old ideas for inventors and other entrepreneurs: give me something that will make life easier, and I’ll show you the next great weapon.  Recently, the White House (you know, the place where all of the people that run things tend to go) was victim of a long-standing, brutal cyber attack.  Sure, the various sources say that nothing ‘Top Secret’ was made available to the public or the attackers, but that doesn’t do much to make me feel better.  I don’t know about you, but I’m left wondering: what did they get? I guess, in a way, the next leap my mind makes is towards digital authentication and security solutions. 

The Secret is Out!

Who does not love a good secret? Being in on a secret is exciting! You know something that someone else does not know; you are instantly special and separated from the pack. Congratulations! But what if that secret is crap? A false façade someone has put up to cover up the truth or to mislead you to think differently about the person or situation.

Deception is real and happens every day. Everywhere you look there is deception being played out.

The guy sitting next to you right now, is that his real hair color? Are your neighbors really happily married? Did we really land on the moon? Is global warming real? Did Al Gore really invent the Internet? Is the dress black and blue or white and gold? What should I believe is the truth?

Gallimaufry Grey Hats - For the Greater Good

Recently I wrote about a couple of very notable White Hat hackers who have literally changed the world as we know it. Those savants of technology took a concept and made it staple in the world we live in. Today we turn the tables though and look at a couple of adventurous grey hat hackers that used their considerable skills to make a statement.

3 Different Hacker Types

You’ve been watching and reading the news right?  All of those data breaches that have made headlines; it’s a crazy, risky, digital world that we live in.  The digital world is one where knowledge and information equates to power, or scientias est potestas as the old Latin phrase goes. Sure, these digital attacks sometimes surround money, or politics, but it is the knowledge these hackers possess and gain from their subterfuge that grants them so much influence.  To be a substantial Hacker Attacker, you need knowledge of your own.  Here, I will give you the building blocks to form your own power base to better protect yourself against the biggest aggressors of the digital age. 

Book Review - Hacking: The Art of Exploitation

The general public today would not think of hacking (that is the black hat hacking or better called security crackers) as an art form. I would submit that it is an ingenious art form, an art form that requires expertise, crafting, and practice. Like painters or musicians, you have those that dabble in the art form, not ever really perfecting it. Then you have those that push the boundaries, opening up a whole new appreciation or even genre. In my research of hackers and crackers, I came across Jon Erickson’s book, Hacking: The Art of Exploitation and found a master of  in the art of exploitation.

Author

With a formal education in computer science, Jon Erickson has been programming and hacking since he was 5 and speaks around the world on computer security regularly. He wrote the book Hacking: The Art of Exploitation in 2003, and it was revised in 2008 in a second edition. Erickson is currently working in Northern California as a computer security specialist and vulnerability researcher.

The book

This book received 4 stars on Amazon and 4.1 stars on gooreads.com.

Both easy to read and clear on explaining how computer hacking works, Hacking: The Art of Exploitation at the very least will give you a great respect for those that understand the inner workings of technology. The 2^nd edition opens up with a clear statement against illegal hacking. Erickson stresses following the law, and he does not condone hacking that is used in the end for wrong reasons.

The book encourages you to be creative, think outside the box, and use the knowledge of hacking to protect your own personal computer against network attacks. This is not a book on how to run existing exploits, but rather, gives you an understanding on how these exploits work. The book is intended to give you the foundation needed to really push the envelope and advance technology by finding the weaknesses within the technology and encouraging you to be creative. The book will give you an understanding of network communications, machine architecture, programming, and hacking techniques.

A closer look

• Program computers using C, assembly language, and shell scripts
• Corrupt system memory to run arbitrary code using buffer overflows and format strings Inspect processor registers and system memory with a debugger to gain a real understanding of what is happening
• Outsmart common security measures like nonexecutable stacks and intrusion detection systems
• Gain access to a remote server using port-binding or connect-back shellcode, and alter a server's logging behavior to hide your presence
• Redirect network traffic, conceal open ports, and hijack TCP connections
• Crack encrypted wireless traffic using the FMS attack, and speed up brute-force attacks using a password probability matrix

List taken from amazon.com

http://books.google.com/books/about/Hacking.html?id=0FW3DMNhl1EC

http://www.goodreads.com/book/show/61619.Hacking

http://en.wikipedia.org/wiki/Hacking:_The_Art_of_Exploitation