What is a Hackerspace?: Physical space where hackers make things, in
person place to do things rather in addition to online. People can
work on their own projects and collaborate with others.
Project Blinkenlights was a light installation in the Haus des Lehrers
building at the Alexanderplatz in Berlin that transformed the building
front into a giant low-resolution monochrome computer screen.
The Columbia Heights Wireless Project aims to provide wireless access to
the Internet to HacDC’s neighbors in Columbia Heights. This project, in
three phases, will help test different technologies and methods for
providing this access as well as building local neighborhood IT
infrastructure.
By now, most people know that you should have a complex password of at least 8 characters that are composed of upper case, lower case, numbers, punctuation marks and ,as Dilbert said, doodles, sign language and squirrel noises. Your password requirements are so secure that it would take a Beowulf cluster 10,000,000 years to crack. Your users know that if they write down their passwords on a post-it-note, they will be shot. Are your passwords secure?
The problem with a “good password” is that it is extremely difficult to remember. Passwords that are used daily can be easily remembered after a few days. Passwords that are used infrequently can be a point of vulnerability.
Unfortunately, password aging systems do not consider the frequency of use or the number of unsuccessful login attempts prior to a successful login. Sure, you can reset the error count before lockout after x number of minutes but, it treats all accounts equally. An attacker could come in “low and slow” by limiting password attempts to every 3 minutes.
If your password aging rules dictate that all passwords must be changed every 30 days, the password that is only used every two weeks will expire at the same interval as the password that is used 5 times per day. A better method for password aging systems would be to consider the number of times a password is used and maintain a counter of unsuccessful logins before a successful login in addition to a maximum password lifetime. How would this be an improvement?
If you have a complex password that is only used once every two weeks, you will probably need to write it down somewhere that is (hopefully) secure. If you don’t write it down, you may forget your password, requiring a password reset. Password resets are the unsung vulnerability in password management. Many organizations do not properly authenticate the person requesting a password reset, reset passwords to a default value, or send the new password to the user in an insecure method. Social engineering can often bypass the “authorized password requestor” list. Are your passwords really secure?
Thanks to Mubix for his posting on ZDNet, below you will find a link that describes all of the latest tools that were presented at Defcon 16. Use them at your own discretion and make sure you have permission if using them on an enterprise network! As Mubix has no control over the ZDnet posting, you can visit his site and keep up-to-date on the latest happenings.
We are going to approach this subject very lightly as I’m sure it’s clearly copyright infringement, however Lifehacker has a great post for a website called Mygazines. (which we won’t link to for legal purposes) Basically it’s a repository of scanned magazines encompassing just about anything and everything your heart desires, minus the pr0n. Click the link below to be redirected to Lifehacker’s site to read the full article and read free magazines if you so choose to
Weird, I could of sworn I heard someone say free 2600 mags
**By no means do we here at SecuraBit encourage engaging in unlawful activity however there are some free magazines on this site as well that could come in handy.
So the Air Force, which prides themselves for being the most technical branch of all the armed forces, has decided to suspend its efforts on building their latest Cyber Command. Not sure if any of you recall the latest AF recruitment commercials geared around cyber security, but it would be safe to say that those will not be airing until the Air Force works out some kinks.
“The Secretary and Chief of Staff of the Air Force have considered delaying currently planned actions on Air Force Cyber Command to allow ample time for a comprehensive assessment of all AFCYBER requirements and to synchronize the AFCYBER mission with other key Air Force initiatives,” the service said in a statement released Thursday.
Makes you wonder why ample time wasn’t dedicated in the first place for a “comprehensive assessment.”
