Spoke of how we can use google alerts to help us in our daily tasks to track where our information is being sent out to.
Discussion ensued about Scroogle.org not to be confused with scoogle.com and how you can do secure searching though the site and that the site purges logs with in 48 hours.
A mention of Cisco was brought up and we also spoke of a visualized version for the Cisco Mips processors and the specific virtualized version of the Cisco 7200 Routers.
Today marks 7 years ago that we lost so many fellow americans in the horrific attacks which unfolded that day. Think about them, and also think about our troops. Without their sacrifice we would not be able to do things like drink beers and talk about security on Skype every couple of weeks.
By now, most people know that you should have a complex password of at least 8 characters that are composed of upper case, lower case, numbers, punctuation marks and ,as Dilbert said, doodles, sign language and squirrel noises. Your password requirements are so secure that it would take a Beowulf cluster 10,000,000 years to crack. Your users know that if they write down their passwords on a post-it-note, they will be shot. Are your passwords secure?
The problem with a “good password” is that it is extremely difficult to remember. Passwords that are used daily can be easily remembered after a few days. Passwords that are used infrequently can be a point of vulnerability.
Unfortunately, password aging systems do not consider the frequency of use or the number of unsuccessful login attempts prior to a successful login. Sure, you can reset the error count before lockout after x number of minutes but, it treats all accounts equally. An attacker could come in “low and slow” by limiting password attempts to every 3 minutes.
If your password aging rules dictate that all passwords must be changed every 30 days, the password that is only used every two weeks will expire at the same interval as the password that is used 5 times per day. A better method for password aging systems would be to consider the number of times a password is used and maintain a counter of unsuccessful logins before a successful login in addition to a maximum password lifetime. How would this be an improvement?
If you have a complex password that is only used once every two weeks, you will probably need to write it down somewhere that is (hopefully) secure. If you don’t write it down, you may forget your password, requiring a password reset. Password resets are the unsung vulnerability in password management. Many organizations do not properly authenticate the person requesting a password reset, reset passwords to a default value, or send the new password to the user in an insecure method. Social engineering can often bypass the “authorized password requestor” list. Are your passwords really secure?
I could spend hours talking about how much of a good time Chris Mills and I had at DC16 or I figured you all could just tune in for EP8 which we’ll be recording tonight. There are a lot of people we need to thank for their hospitality as well as the free beer! We made all kinds of new friends and it was great finally being able to put names to faces. While you’re waiting for the live show tonight, follow the links below for some pics of the Podcasters Meetup as well as the live show recorded live from DC16!
