Mobile Security | Slow and Steady Need to Combat Mobile Malware

Remember when mobilegeddon was all the rage throughout the net?  It was interesting on the surface, but unless you were a marketing professional, you probably just took those announcements in stride.  Why focus your efforts on understanding the details of the mobile presence for Google if you barely have to interact with it?  In a way, that sort of thinking does make sense (unless, of course, you have a business that has any sort of digital presence), but the whole mobilegeddon event threw into light a major aspect of technology that has been digging its heals into every instance of our lives: mobile security and access. 

Mobile security is on the rise; with a lot of new efforts being made to try and secure data files that get accessed and stored on mobile devices from secure data centers.  For the hacking game, this means there is an increasing focus on the security of mobile devices in general.

Top 5 SSO Security Advantages

Behold the power of one password. That's right, password. No longer are you faced with a plethora of login credentials that you know you will never remember. That vicious cycle of helpdesk calls followed by daily account lockouts has finally come to an end. It sounds like you’ve found yourself a single sign-on (SSO) solution and you’re ready to embrace the convenience. After all, convenience was your primary reason for adopting such a technology, was it not? I’ll let you get back to me on that one. In the meantime, let’s take a look at SSO security, a hot topic among the information security community and what more and more IT decision makers are referring to as their “primary motive” for deploying SSO.

Duqu Cyber Attack - Zero-Day, Predecessors and a Silver Lining

In light of Sir Christopher Lee’s passing, it seems only fitting that we make a nod in his general direction to talk about the most recent attack by our good friend: Duqu.  That’s right, HackerAttackers – There has been another Duqu cyber attack. Duqu is back, and it’s breaking out the big guns with 2.0.  Like its apparent namesake (though, personally, Dooku looks a lot more villainy), Duqu 2.0 is a master of disguise, infiltration and covering its tracks.  We’ve spoken before about the nature of cyber warfare in the digital age, and Duqu 2.0 is a prime example of the evolution of this threat.  Threats such as the Stuxnet virus, and Flame are pushing the envelope for what we consider traditional spycraft and covert war.  The Duqu cyber attack is the most recent, home-based instance of cyber warfare to point out the need for stronger security, and above all, a more penetrating awareness of the threats of our digital age. 

Importance of Password Expiration | Don’t have it – Why Not?

The importance of password expiration is an interesting topic for me.  It’s all over the place online – and rightfully so.  There are tons of questions floating around out there: what is the best duration for a password, should be the same expiration rate for each user, is password expiration beneficial.  It can sometimes be a bit overwhelming to look at.  That being said: there are also areas surrounding the importance of password expiration that are somewhat debated (much like the last question above). In that regard, I would like to take a look at an older article I found interesting and debate some of the claims therein.  Catch up after the jump!

Password Policy Best Practices | 4 Ways Being Hacked Educated Me

Here at HackerAttacker, we talk a lot about how to protect yourself from hackers of all shapes and sizes (or colors, as it were).  What we rarely talk about is what it is liked to actually be hacked.  There are countless examples of various individuals being hacked (and we’ve talked a lot about some big company hacks as well), so you know it isn’t some rare occurrence.  Today, I’m going to talk about some password policy best practices I learned from being hacked myself, and how the experience changed the way in which I approach my online security.

Password Generator Using Words | Things to Know

We all know that hackers are out there and the worst of the lot want the key to our castle. In today’s world of online banking and VPN access to corporate accounts, there are many who say we are still using the wrong type of ‘key;’ one that is easily stolen and/or copied.  The password is still around though, for better or worse (though Microsoft is working on changing that soon, and with it comes the typical issues of forgotten passwords and account lockouts.  With the average help desk call costing around $25-$30 per call, a simple solution would be welcome in most environments.  Instead of just your typical self-service password reset solution; why not take a look at a password generator using words that the user has previously set? If you are interested in reducing help desk costs and empowering your users, read on after the jump!

What Star Wars Taught Me About Information Security

A belated May the 4^th to all of you Star Wars Fans out there! If you’ve never seen Star Wars: a New Hope, then beware: Spoilers ahead (also, you should go watch that.  Seriously, go now.  We can talk after).  Obviously, one of our favorite topics here at HackerAttacker is security in all its shapes and forms.  We’ve talked about various hackers, how to hack the government, and even how hacking is like picking a lock.  One thing that I never really take into consideration, however, is how much security is thrown in our faces throughout pop culture.  I’m not just talking about advanced techniques seen in movies like Mission Impossible or James Bond; I’m talking about popular culture both old and new.  Specifically, how Star Wars taught me more about information security than most any actual course or class ever could.