AusCERT2012: Infosec militia should help cyber cops
SC Magazine Australia
Private sector bolsters efforts by under-resourced police.Networks.
by Jane Wright
Security awareness training often teaches the importance of password length and password complexity, but these best practices, as it turns out, may be creating a false sense of security. Even worse, users who cooperate and create long, complex passwords may feel betrayed when the organizations they trusted prove fallible and their passwords are hacked.
The recent LinkedIn hacking incident, in which 6.4 million LinkedIn passwords were stolen (or possibly leaked), demonstrated the strength of a user’s password is no defense when an Internet application provider is attacked. Even if each LinkedIn password was as long and complex as possible, it wouldn’t have mattered; the Russian hackers still found the hashed LinkedIn passwords and posted them for all to see.
According to some analysts reviewing the LinkedIn breach, the social networking site had failed to protect users’ passwords with a strong hashing algorithm. That’s where the sense of betrayal comes in. If users are doing their part by using strong passwords, they should be able to trust the application provider to take strong precautions, too.
The situation spurred LinkedIn to take stronger precautions now. In a blog post, LinkedIn said it would use better hashing and salting to protect its account databases in the future.
Organizations can learn from LinkedIn’s public mea culpa. If your IT staff has been lecturing users on strong passwords, but your organization’s passwords are stolen, how will your users react? After years of building trust between IT and users, an incident like this could destroy the relationship in one day.
The LinkedIn incident is a reminder of the need to properly balance responsibility for secure access management among users and IT. Yes, user training is important, but IT security teams must go the extra mile to protect account credentials and prove themselves worthy of users’ trust.
Dragon and International Space Station are one with the world
ITEC Apprentice joins Infosec Technologies technical team ... Infosec Technologies, the Chineham-based IT security and networking reseller has recently ...
Could an infosec militia support cyber cops?
AusCERT mulls civilian support for under-resourced police.
Data management, infosecurity disconnect reveals two tribes
However, senior business leaders are still to apt to "think of stolen laptops when you say 'infosec,'" she said. "They need to think about policy, about who can ...
Organisations need to consider the internal as well as external ...
IT News Online
DigitalPersona® conducted a survey of nearly 400 IT professionals at InfoSec 2012, highlighting a startling trend - of the 380 respondents, 61% believed that the ...
Dell doubles SecureWorks, plans additions to security portfolio
... Risk Management Summit, Dell Chairman and CEO Michael Dell spoke in detail about the Round Rock, Texas-based vendor's enterprise infosec strategy.
Fired up About Flame
It makes me wonder if we, and others in infosec, are barking up the wrong tree. We preach that we need smarter, more skilled and technical people to deal with the 'Flames' as they come. But I doubt we'll ever be in a position where individuals on the ...
Posted by InfoSec News on Jun 14http://www.nextgov.com/cybersecurity/2012/06/nsa-chief-endorses-cloud-classified-military-cyber-program/56257/
Posted by InfoSec News on Jun 14https://www.nytimes.com/2012/06/14/business/smallbusiness/protecting-business-accounts-from-hackers.html
Posted by InfoSec News on Jun 14http://www.informationweek.com/news/security/attacks/240002005
Posted by InfoSec News on Jun 14http://www.darkreading.com/advanced-threats/167901091/security/news/240002026/former-white-house-cybersecurity-czar-calls-for-security-action.html
Posted by InfoSec News on Jun 14http://www.thedailybeast.com/articles/2012/06/13/anonymous-member-speaks-about-divide-in-the-collective-s-mission.html