Month: April 2014
galaxy s5 fingerprint authentication and lastpass
Interesting blog post from Graham Cluley on LastPass’ support for using the Galaxy S5’s fingerprint reader as the key to your password vault. Since the…
a new, saner approach to password policies
In this article over at Ars Technica, we get the scoop on Standford University’s new password policies which vary the requirements for password complexity (use…
heartbleed attack on ssl vpns
Heartbleed strikes again… according to respected security consulting firm Mandiant, one of its corporate customers’ SSL VPN appliances was compromised by attackers using the Heartbleed…
how not to do a risk assessment
So, the risk management mavens for the City of Portland, Oregon have provided us all with an object lesson in how not to make risk…
surprise heartbleed headache for Google Chrome users
If you are using Google Chrome to surf the series of tubes we professionals cal the Interwebs, you need to take action to reduce the…
not vulnerable to Heartbleed? not so fast…
Think your sites are safe from Heartbleed related sploits? Not so fast, sunshine… According to one pen tester, many of the tools which purport to…
let the games begin
Aaaand we now have our first confirmed breach of data tied to Heartbleed – the Canadian Revenue Authority has reported that the social insurance numbers…
heartbleed forecast: continued heartburn
It seems like Heartbleed is going to be keeping infosec people busy for a while. First, multiple people have succeeded in extracting the private signing…
Keep your users informed with SANS’ OUCH! newsletter
SANS recently published the latest edition of their “OUCH!” security newsletter for end users – this month’s topic is Yes – You Actually ARE…