A couple of good updates if you’re a LastPass Enterprise customer. The LDAP sync utility version has been updated and will now run as a service. Before it ran as an application, and that didn’t work well for me. The LDAP sync talks to your directory and updates new users and disabled/deleted users according to …
A hacking crew D33D posted the results file of a Yahoo hack containing 450 thousand email addresses and passwords. The hack is believed to be a SQL injection attack performed on a Yahoo Voices server. The hackers claim this is but one of many security flaws in Yahoo’s services. Yahoo reports that this is an …
After a recent update to LastPass 2.0, I noticed that Preferences had a setting for PBKDF2 and it was set to 1. What is PBKDF2? The short version is it is a way to make it harder for an attacker to brute-force your password. If you have a password hash, you can attempt to guess …
“Are you tired of losing track of those login/usernames and passwords you create every time you visit a new Web site? Do you have sticky notes and scraps of paper scattered about your office and home computer space covered with these vital pieces of information, but never seem to be able to put your hands …
I don’t plan to mention every security related thing I see in TV, but this one made me chuckle. On The Finder, a new show on Fox, Michael Clarke Duncan’s character, finds a character logged into the computer as him. He asks in his booming voice, “How do you know my password?” The answer, “you say …
Last year at about this time, Qualys and Cyber-Ark announced a new integration. I implemented this last week. Most companies have password policies requiring the expiration of passwords. Yet these policies hardly ever get applied to service and application accounts only users. Many times these service passwords even predate the implementation of strong password requirements. This is …
I was sidetracked by work this morning. As a result everyone and their brother has beaten me to the LastPass blog post. So let me be the millionth person to post “It is the last pass you’ll ever need, until we force you to change it.” LastPass monitors their network, saw an anomaly and in an abundance of caution …
Today I received via snail mail my annual season ticket holder renewal for the Washington Capitals. As also seems to be traditional, my PIN (really a password) was included on the invoice. This makes it easier for people to renew online without having to get their password reset. Passwords provide authentication. That is to say, …
Gawker Media has experienced a data confidentiality breach that has disclosed passwords on all Gawker Media sites including Lifehacker, Gizmodo, Gawker, Jezebel, io9, Jalopnik, Kotaku, and Deadspin. If you have an account at a Gawker website, you should change the password immediately. If you use the same password on other websites those passwords should be changed as well. Be aware …
A couple of my friends had their webmail accounts compromised and I got pharma spam from them over the weekend. One had a Hotmail account and another a Yahoo account. I’m not sure whether they should be mocked more for using accounts at those domains or for getting compromised. Restoring Access If this happens to you and you’re really …