Information Security News
It has been reported that Bitcoin mining malware has been found in the Google Play store. If your battery is draining faster than usual, your phone maybe running a copy of the BadLepricon Bitcoin mining malware. "The malware comes in the form of a wallpaper app. Google promptly removed five of these applications after we alerted them to the issue. The apps had between 100-500 installs each at the time of removal."
Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Stanford University network engineers have unveiled a refreshingly enlightened password policy. By allowing extremely long passcodes and relaxing character complexity requirements as length increases, the new standards may make it easier to choose passwords that resist the most common types of cracking attacks.
Students, faculty, and staff can use passwords as short as eight characters, but only if they contain a mix of upper- and lower-case letters, numbers, and symbols, according to the policy, which was published last week on Stanford's IT Services website. Even then, the short passwords must pass additional checks designed to flag common or weak passcodes (presumably choices such as "[email protected]", which can usually be cracked in a matter of seconds). The standards gradually reduce the character complexity requirements when lengths reach 12, 16, or 20 characters. At the other end of the spectrum, passcodes that have a length of 20 or more can contain any character type an end user wants, including all lower case.
Ars hasn't tested the new system to ensure commonly used phrases found in the Bible, on YouTube, or myriad other places are automatically rejected. As Ars reported in October, even when such passphrases contain 40 or more characters, they are becoming increasingly susceptible to "off-line" cracking. Such attacks scrape popular websites and books, carve up the text into different phrases or sentences, and use them as guesses when cracking cryptographic hashes found in compromised password databases.
ISACA introduces Cybersecurity Nexus program to help fill the infosec skills gap
Network World - Every organization that has recently tried to recruit and hire qualified information security professionals knows it's a tough environment for hiring. The demand for cybersecurity professionals has grown more than 3.5 times faster than ...
CSG Invotas to Participate in InfoSec Europe 2014
Business Wire (press release)
Infosecurity Europe is Europe's number one information security event. It features more than 325 exhibitors, the most diverse range of new products and services, an unrivalled education program, and over 13,000 unique visitors from every segment of the ...
Help Net Security
Infosec problems create stress for IT departments
Help Net Security
A new IT Admin Stress Survey from GFI Software revealed that 68% of IT staff are actively considering leaving their current role due to job-related stress, despite apparent economic and staffing improvements in many businesses across the country.