PIN number analysis. Ian’s messages made me chuckle. Then, later the same day, I read this XKCD cartoon. The merging of these two humorous topics created the seed for this article. What is the least common PIN number? If you had to make predication about what the least commonly used 4-digit PIN is, what would be your guess? This tangentially relates to the XKCD cartoon. This article is not intended to be a hacker bible, or to be used as a utility, resource, or tool to help would-be thieves perform nefarious actions. Source Obviously, I don’t have access to a credit card PIN number database. Soap Box – Password Database Exposures Bottom line Security strengthens with layers, and the simple application of encryption on your database table can help protect your customer’s data if this table is exposed. Back to the data Given that users have a free choice for their password, if users select a four digit password to their online account, it’s not a stretch to use this as a proxy for four digit PIN codes. articles.
On Security: Five "Neglects" in Risk Management. On Security: How Changing Technology Affects Security. Security is a tradeoff, a balancing act between attacker and defender. Unfortunately, that balance is never static. Changes in technology affect both sides. Society uses new technologies to decrease what I call the scope of defection -- what attackers can get away with -- and attackers use new technologies to increase it.
What's interesting is the difference between how the two groups incorporate new technologies. Changes in security systems can be slow. We saw it in law enforcement's initial inability to deal with Internet crime. There's one more problem: defenders are in what military strategist Carl von Clausewitz calls "the position of the interior. " Of course, there are exceptions. Still, we tend to be reactive in security, and only implement new measures in response to an increased scope of defection. This essay originally appeared in IEEE Security & Privacy. Tags: cybercrime, theory of security. Qualys CEO creates security non-profit to fix the Internet. Philippe Courtot, chief executive of compliance software maker Qualys, launched the Trustworthy Internet Movement last night, pledging $500,000 of his own funds to integrate security into the product-making process.
“Just the very fact that I could get the domain name “trustworthy internet” says it all,” Courtot told VentureBeat. Much of security is reactionary. McAfee general manager of network security Pat Calhoun likens it to a house break-in. You get the alarm system after your house has been robbed. If you already have an alarm system, you start using it when your possessions go missing. Security is an afterthought. But if we don’t build security technology in from the start, we open ourselves up to zero-day attacks, said Courtot. The Trustworthy Internet Movement, like many movements, has a focus but no real solution — yet. Before he’s ready to announce partners and talk more about the initiative, however, Courtot wants a win. Cloud Computing & Hosting.
This post was written by Chris Gillan, Co-Founder of Gazzang, Inc., a Rackspace Tools Partner. A friend of mine, the CEO of a small ASP software company, hired a consultant to come in and tweak a few things on a MySQL database. The consultant was in and out in a day, database performance was back to normal, and all was well. Until…two days later, when his phone rang. The voice on the other end was his archrival competitor. That’s a call you DON’T want to get. We hear these stories time and time again. Enter… Gazzang ezNcrypt for MySQL. While our patent-pending product suite spans the cloud, our first focus is on the most insidious inhibitor of full enterprise-wide cloud computing adoption: data security for MySQL.
Protecting data at rest, starting with MySQL The core of the ezNcrypt product suite is transparent data encryption (TDE). The “key” to secure data Data encryption is one thing, but without an effective key system, it’s essentially useless. Darpa’s New ‘Fast Track’ Okays Hacker Projects in Just Seven Days | Danger Room. It’s an open secret: For years, hackers and feds have been strange bedfellows in the mission to defend military networks. Three-letter agencies set up recruiting booths with schwag at security conferences like Black Hat, and feds party it up with the computer nerds at the so-called “underground hacking conference” DefCon after enlisting intelligence help. Darpa, with the help of former hacker Peiter “Mudge” Zatko, wants to find a way for the government make that alliance even easier. With an eye on hacker-minded researchers who operate on small budgets and in their free time, Darpa is awarding small, short-term contracts to those who have a knack for discovering holes in network defenses.
It’ll harness some of the creativity brewing at hacker-conferences and experimental hacker-spaces — which, incidentally, already underpin some of the multi-million, multi-year defense contracts being inked. The program is called Cyber Fast Track. That’s jargon for network defense.
The Chinese Way of Hacking. Cyberwarfare in 2011 is an odd beast. Many Western governments reportedly actively monitor rivals and engage in online sabotage, while countries ranging from Israel to Iran to India also engage in cyberwarfare programs of their own. But it's attacks against the American government and commercial websites such as Google that grab headlines. As foreign governments learn the ease of obtaining intelligence online and foreign corporations continue to get the edge on their competitors through massive online attacks, future hacker efforts will only become more ambitious.
One of the countries where many of these civilian and military attacks reportedly originate is China. Fast Company recently spoke with Adam Segal, the Ira A. Lipman senior fellow for counterterrorism and national security issues at the Council on Foreign Relations, about bored Chinese teenagers, the Chinese way of hacking, India's rush to create a patriotic hacker corps, and much more. Yes. Stuxnet: Anatomy of a Computer Virus.
How Digital Detectives Deciphered Stuxnet, the Most Menacing Malware in History | Threat Level It was January 2010, and investigators with the International Atomic Energy Agency had just completed an inspection at the uranium enrichment plant outside Natanz in central Iran, when they realized that something was off within the cascade rooms where thousands of centrifuges were enriching uranium. Natanz technicians in white lab coats, gloves and blue booties were scurrying in and out of the “clean” cascade rooms, hauling out unwieldy centrifuges one by one, each sheathed in shiny silver cylindrical casings.
Any time workers at the plant decommissioned damaged or otherwise unusable centrifuges, they were required to line them up for IAEA inspection to verify that no radioactive material was being smuggled out in the devices before they were removed. The technicians had been doing so now for more than a month. "We were not immune to the fact that there was a bigger geopolitical picture going on. The question was, why? Click to Open Overlay Gallery Jon Snyder/Wired The clock was ticking. WhiteHat Security - Website Risk Management - Web Application Security. Wei. How to stay safe at a public Wi-Fi hotspot. Firesheep lit a figurative fire under the feet of folks who otherwise weren't concerned with the security of their data as it passes to and fro over a WiFi network in a public place.
That's good. You're at risk whenever you use WiFi on a public network, but thankfully it's never been easier or cheaper to secure yourself thoroughly. Firesheep's threat is that it allows anyone with a Firefox browser to hijack the sessions of anyone on the same network using a few dozen popular content, commerce, and social-networking sites by snarfing cookies that pass in the clear. But Firesheep is only the easiest to use of a series of freely available tools that can extract and record data passing openly over networks. The only way to defeat all of them is to secure all the connections over which you pass anything personal, financial, or confidential.
You have a variety of strategies to choose from, some of which are free and some of which have a modest cost attached. The full Monty: a VPN connection.