Thursday, October 29, 2015

Passwords never gets old

...at least for security breaches. This time a free webhosting service used by millions around the world stored passwords in clear-text and as a result, 13 Million were exposed in a 5 month old hack.  This week 000Webhost confirmed a hack on one of their main system due to the use of older version of PHP [zdnet.com].  To make this worst, a few other discovery post breach notification including: unencrypted web/HTTP traffic was identified for the login page, SQL injection (ability to inject SQL commands with expressions) and/or XSS (cross-site scripting-ability to inject client-side scripts) vulnerability exist but yet to be patched, and possibility the breach extended to business/vendors it partnered with.  What happened to security 101 for password encryption on servers/storage, encrypted transmission, and input validation / OSWAP standards.  And, some common tools that would have identified/checked security for these items include: DumpSec or shadow file review; Wireshark; and HP Webinspect / SDLC.

But hey, it was a free hosting service...so what about Facebook and other services/sites we don't pay for
on

4 comments:

  1. AnonymousNovember 17, 2015 at 3:09 AM

    Use a password manager is extremely helpful in this case. I use an online password manager called "Intuitive Password". It automatically sign-in to your email account without typing your username and password on the login page, which significantly protects your credentials being captured by a spyware/keystroke.
    Also use VDR, while secure data sharing. For example, iDeals secure data rooms.

    ReplyDelete
  2. CyberitcafeFebruary 3, 2016 at 10:28 AM

    Right - Much better option than a password protected Excel file. Never used Intuitive but have used 1Password app offering similar capabilities. Thanks!

    ReplyDelete
  3. Claudia DavisJuly 4, 2018 at 6:06 AM

    Cyber Crime, which we may characterize as "an unlawful demonstration wherein the PC is either an instrument or an objective or accidental to the crime", has both common and in addition criminal cures.veriato

    ReplyDelete
  4. Visit AlbaniaMarch 14, 2019 at 4:23 AM

    Numerous remote frameworks can record from a lot a greater number of areas than a customary wired framework, with no loss of value.https://www.bestsecurityplace.com/

    ReplyDelete

Subscribe to: Post Comments (Atom)