Big Changes For Yahoo-Hosted Email
Frontier has been sending messages to its customers saying that the company has noticed their use of “a lower security sign-in that is sometimes used in third-party mail applications such as Outlook, IncrediMail, MacMail, Mozilla Thunderbird and others.” The message is somewhat vague and misleading. It gives the impression that these “third-party” tools don’t encrypt […]
Who Cares If Ten Million Passwords Were Disclosed?
This past week (as I write this) security researcher Mark Burnett (who literally wrote the book on passwords) released ten million passwords gathered from security breaches. He went one step further and released the account names (without the domain part) of the associated email addresses. That’s a lot of passwords. Here’s why you should care. […]
Keep Your Certificates Up To Date
Someone from a major aerospace manufacturer asked me for some cybersecurity assistance a few months ago. A security audit had resulted in a worrying but mystifying warning about SSL certificates. Their secure web site would cease functioning in just a few days. We fixed that, but similar deadlines are approaching over the next two years […]
What is a False Flag?
The other day I watched a World War II documentary on internet TV. The story was about a British ship attempting to get past Nazi defenses by altering its deck profile and flying the Reichkriegsflagge or ensign of the Kriegsmarine – the German navy. As part of the rules of war, they had to switch […]
How I Was Wrong About Kerberos
Microsoft’s Active Directory includes a version of Kerberos that has had a bad reputation. There were problems several years ago, but the criticisms are now outdated. What was the problem, and how has it been fixed? Origins of Active Directory Windows 2000 was originally going to be called Windows NT 5.0. It was released in […]