Password Management Best Practices: Stemming the Tide

This one is geared to all you IT professionals out there who are looking to create a strong, effective, and simple to manage password policy.  We’ve talked before about password best practices, and what not to do.  If you want some more information on that particular subject, check out some of the information provided by the security experts over at PortalGuard.  Today, however, we’re going to look at the password policy in some more detail to figure out what password management best practices are the most effective in actual use. 

Duqu Cyber Attack - Zero-Day, Predecessors and a Silver Lining

In light of Sir Christopher Lee’s passing, it seems only fitting that we make a nod in his general direction to talk about the most recent attack by our good friend: Duqu.  That’s right, HackerAttackers – There has been another Duqu cyber attack. Duqu is back, and it’s breaking out the big guns with 2.0.  Like its apparent namesake (though, personally, Dooku looks a lot more villainy), Duqu 2.0 is a master of disguise, infiltration and covering its tracks.  We’ve spoken before about the nature of cyber warfare in the digital age, and Duqu 2.0 is a prime example of the evolution of this threat.  Threats such as the Stuxnet virus, and Flame are pushing the envelope for what we consider traditional spycraft and covert war.  The Duqu cyber attack is the most recent, home-based instance of cyber warfare to point out the need for stronger security, and above all, a more penetrating awareness of the threats of our digital age. 

Password Policy Best Practices | 4 Ways Being Hacked Educated Me

Here at HackerAttacker, we talk a lot about how to protect yourself from hackers of all shapes and sizes (or colors, as it were).  What we rarely talk about is what it is liked to actually be hacked.  There are countless examples of various individuals being hacked (and we’ve talked a lot about some big company hacks as well), so you know it isn’t some rare occurrence.  Today, I’m going to talk about some password policy best practices I learned from being hacked myself, and how the experience changed the way in which I approach my online security.

What Star Wars Taught Me About Information Security

A belated May the 4^th to all of you Star Wars Fans out there! If you’ve never seen Star Wars: a New Hope, then beware: Spoilers ahead (also, you should go watch that.  Seriously, go now.  We can talk after).  Obviously, one of our favorite topics here at HackerAttacker is security in all its shapes and forms.  We’ve talked about various hackers, how to hack the government, and even how hacking is like picking a lock.  One thing that I never really take into consideration, however, is how much security is thrown in our faces throughout pop culture.  I’m not just talking about advanced techniques seen in movies like Mission Impossible or James Bond; I’m talking about popular culture both old and new.  Specifically, how Star Wars taught me more about information security than most any actual course or class ever could. 

Simple USB Token Logon | Secure Authentication

Passwords.  Did you even read that word?  Passwords are such a staple of everyday life now that we hardly even recognize when the word even plants itself in front of us.  Half of the time, a website asks us to enter a username or ID and we immediately fill the blank space beneath it with a password.  We don’t even think about it.  That’s just the way things are now, especially with people.  Don’t you think it would be nice if you could login without a password though? Sure, it sounds simple, but what about the fallout surrounding the security vulnerabilities inherent in using no password?  Let’s talk about that after the jump!

Contextual Authentication - Who is Behind the Keyboard?

Have you ever asked yourself this question before? The MTV TV show Catfish asks this question in every single episode. They work with people all over the United States that have fallen in love with someone they have never met in person, or even talked to on the phone before. On the show, the two hosts work together to find the person who is behind the other keyboard in order to play matchmaker. Nine times out of ten, the person on the other end of the line is not who they say they are. They might not even look remotely close to who they are pretending to be online.

This got me thinking a couple of things… Why do people do this? And how can user fraud be stopped online?

The Secret is Out!

Who does not love a good secret? Being in on a secret is exciting! You know something that someone else does not know; you are instantly special and separated from the pack. Congratulations! But what if that secret is crap? A false façade someone has put up to cover up the truth or to mislead you to think differently about the person or situation.

Deception is real and happens every day. Everywhere you look there is deception being played out.

The guy sitting next to you right now, is that his real hair color? Are your neighbors really happily married? Did we really land on the moon? Is global warming real? Did Al Gore really invent the Internet? Is the dress black and blue or white and gold? What should I believe is the truth?

3 Different Hacker Types

You’ve been watching and reading the news right?  All of those data breaches that have made headlines; it’s a crazy, risky, digital world that we live in.  The digital world is one where knowledge and information equates to power, or scientias est potestas as the old Latin phrase goes. Sure, these digital attacks sometimes surround money, or politics, but it is the knowledge these hackers possess and gain from their subterfuge that grants them so much influence.  To be a substantial Hacker Attacker, you need knowledge of your own.  Here, I will give you the building blocks to form your own power base to better protect yourself against the biggest aggressors of the digital age. 

Defending against the Man in the Middle

I remember as a child trying to eavesdrop on conversations I would hear in school. They usually were centered around who kissed whom or who had a crush on someone. As an adult, like most others, I still listen in on other people’s conversations from time-to-time. Usually this happens when you’re standing in line somewhere, and it is hard to not listen in on the people next to you. After talking with a colleague over the weekend about man-in-the-middle (MITM) attacks, I found some similarities to the more typical activity of eavesdropping on others conversations.

FREAK and Geeks: Attack and Defense

The Best Offense is a Good Defense

Glass houses are always the worst choice to live in; unless, of course, you want to share your most private secrets with your neighbors.  Most people prefer a house with stronger, thicker, and less ‘see all’ walls where they can protect themselves and their personal information.  Neighbors can throw stones all they want, but they’re not going to crack the walls of an ancient, brick-mortar Victorian. 

It’s an issue as old as time: people will always want to protect their personal data from prying eyes.  Whether that means a thicker flap over the entrance to a straw hut, or a high-end security system that monitors every entrance and exit to a mansion on a hill. But as Hollywood has shown us time and again, where there is extra security, there is usually somebody trying to take what’s hiding inside. 

The digital age has only exacerbated this issue for most users and companies around the world.  The stronger the information security in place, the more vigorous hackers attack in order to find out what is hiding behind the high stone walls on the top of the hill.  Every so often, these hackers find a spot where the mortar is weak, and they drill and drill, under cover of night, until a hole is formed. Then, just out of sight, they sneak in and quietly make away with everything you value most.  So how do you stop somebody coming through the walls around your data? Find the holes, and seal them back up.