Using SSH for IoT Authentication
In a previous post, I wrote about attackers using default passwords in FTP and Telnet to compromise devices (especially IoT ones such as cameras). The compromised devices were then used to attack other devices on the Internet. I suggested users change passwords on the devices where possible but acknowledged that some were not changeable. I […]
Biometrics — Can You Afford to Lose a Finger?
Biometric authentication has been attracting a lot of attention recently. Every day you see people deftly swiping their thumbs over their phones to unlock them using fingerprint recognition. Iris scanning technology is being introduced to India’s national biometric ID system. It’s the largest such system in the world—with over a billion users—and is used to […]
Unleashing Wireshark’s Powerful Follow TCP Stream Feature
In security courses such as Learning Tree’s System and Network Security Introduction, we often hear about the insecurity of protocols such as Telnet. These older protocols send their data – including login credentials – over the network in the clear. While ssh, a secure alternative to Telnet, is used in many applications today, many sites […]
Sharing Passwords is Bad, but Should It Be Illegal?
“Don’t share your passwords with anyone!” We say it repeatedly in Learning Tree’s System and Network Security Introduction, and I’m sure I’ve said it on this blog more than once. It’s bad practice; it leads to potential insecurity, and it means systems aren’t able to properly account for use. Sharing passwords is also illegal in some […]
How To Manage Your Passwords With KeePassX
Last week I suggested a do-it-yourself approach to generating pass phrases. Using an available list of 80,489 4-to-6-character strings of words and word fragments, and randomly selecting five such strings, plus 5 digits, plus one of the 30 or so punctuation marks, that scheme could generate this many possible pass phrase strings: 804895 × 105 […]