The Perils of Re-Using Passwords
Passwords will be with us for quite a while and so will password breaches, I’m afraid. Last week I received a notice that a site I use experienced a password breach. The email explained that the passwords themselves were encrypted, but that I should change my password on that site and any others where I […]
Using SSH for IoT Authentication
In a previous post, I wrote about attackers using default passwords in FTP and Telnet to compromise devices (especially IoT ones such as cameras). The compromised devices were then used to attack other devices on the Internet. I suggested users change passwords on the devices where possible but acknowledged that some were not changeable. I […]
Biometrics — Can You Afford to Lose a Finger?
Biometric authentication has been attracting a lot of attention recently. Every day you see people deftly swiping their thumbs over their phones to unlock them using fingerprint recognition. Iris scanning technology is being introduced to India’s national biometric ID system. It’s the largest such system in the world—with over a billion users—and is used to […]
Unleashing Wireshark’s Powerful Follow TCP Stream Feature
In security courses such as Learning Tree’s System and Network Security Introduction, we often hear about the insecurity of protocols such as Telnet. These older protocols send their data – including login credentials – over the network in the clear. While ssh, a secure alternative to Telnet, is used in many applications today, many sites […]
Sharing Passwords is Bad, but Should It Be Illegal?
“Don’t share your passwords with anyone!” We say it repeatedly in Learning Tree’s System and Network Security Introduction, and I’m sure I’ve said it on this blog more than once. It’s bad practice; it leads to potential insecurity, and it means systems aren’t able to properly account for use. Sharing passwords is also illegal in some […]