Month: April 2014

galaxy s5 fingerprint authentication and lastpass

Interesting blog post from Graham Cluley on LastPass’ support for using the Galaxy S5’s fingerprint reader as the key to your password vault.   Since the…

Continue Reading

a new, saner approach to password policies

In this article over at Ars Technica, we get the scoop on Standford University’s new password policies which vary the requirements for password complexity (use…

Continue Reading

heartbleed attack on ssl vpns

Heartbleed strikes again… according to respected security consulting firm Mandiant, one of its corporate customers’ SSL VPN appliances was compromised by attackers using the Heartbleed…

Continue Reading

how not to do a risk assessment

So, the risk management mavens for the City of Portland, Oregon have provided us all with an object lesson in how not to make risk…

Continue Reading

surprise heartbleed headache for Google Chrome users

If you are using Google Chrome to surf the series of tubes we professionals cal the Interwebs, you need to take action to reduce the…

Continue Reading

not vulnerable to Heartbleed? not so fast…

Think your sites are safe from Heartbleed related sploits?  Not so fast, sunshine… According to one pen tester, many of the tools which purport to…

Continue Reading

let the games begin

Aaaand we now have our first confirmed breach of data tied to Heartbleed – the Canadian Revenue Authority has reported that the social insurance numbers…

Continue Reading

heartbleed forecast: continued heartburn

It seems like Heartbleed is going to be keeping  infosec people busy  for a while. First, multiple people have succeeded in extracting the private signing…

Continue Reading

Keep your users informed with SANS’ OUCH! newsletter

  SANS recently published the latest edition of their “OUCH!” security newsletter for end users – this month’s topic is Yes – You Actually ARE…

Continue Reading