Tag : password security


You’ve Got a Breach: AOL Investigating After Spoofing Incident

Apr 30, 2014 By Sarah Vonnegut | If you just couldn’t get enough of changing your passwords after the Heartbleed fiasco and still keep an active AOL account, you’re in luck. The company announced on Monday that it is further investigating a security incident after a “significant” number of user accounts were found to have been compromised, with AOL estimating around 2% of their over 20 million customers at risk. Users are urged to change their passwords and personal answers to their security questions.

</Read More>

The Honeypot Sting: Hacking the Hackers

Apr 16, 2014 By Sarah Vonnegut | How can you tell who’s up to no good when it comes to your networks and computer systems? Simon Bell, a computer science student in his last year at the University of Sussex, has set out to help answer that question. He’s created an SSH (Secure Shell) honeypot written in C with the aim of researching the techniques of malicious attackers trying to infiltrate the network. Dubbed Secure Honey, Bell designed his honeypot as a final project, which he tracks and writes about on his site. Hacking the Hackers: Honeypots, for the uninitiated, are decoy systems or servers designed to track and log the activities of attackers trying to intrude your system (SANS has a great FAQ for further reading).  Instead of the attackers gaining data, the honeypot collects the actions and attempts at intrusion for further analysis. The would-be hackers get nothing – and will quickly move on to the next possibly vulnerable server after a few fruitless tries. “Something really drew me to the idea of luring hackers into a honeypot to watch how they operate and to discover what sort of techniques they may deploy to infiltrate a system,” he says. Anyone can keep up with what Secure Honey attackers are up to on Bell’s live stats page, where hacking attempts, the most commonly used passwords and more are tracked in real time.

</Read More>

Loser Credentials: Stop The Insanity!

Mar 04, 2014 By Sarah Vonnegut | There’s a famous saying about how the definition of insanity is doing the same thing over and over and expecting different results. Nothing could be truer about the world’s relationship with passwords, and it’s a reality that should hit the security world even harder.
After all, as we recently learned, the Target hack affecting at least 110 million people began with a stolen username and password. Passwords have gotten lots of play in the news, especially in the security realm, but the bigger problem is in making passwords obsolete for hackers – especially for organizations with valuable data in store. A deeper level of authentication is now essential for a secure business.

</Read More>

Simplifying Password Security Through Sound: Google’s New Tech ‘Toy’

Feb 18, 2014 By Sarah Vonnegut | Passwords have taken on a bad name lately. In countless security breaches and incidents, they’ve been too easy to crack, too difficult to remember, not encrypted enough, the right way, or at all. We each login to so many different sites on a daily basis, with each one supposed to have its own unique password so that even people with photographic memories would have trouble remembering them all.

</Read More>

Yahoo Mail Hacked. Strong Passwords Now A Necessity

Feb 03, 2014 By Sharon Solomon | While hackers are finding new ways to infiltrate computers and networks, email accounts remain the preferred target for extracting sensitive data. The latest breach was found in the Yahoo email service, which was officially acknowledged and confirmed by the internet company on its Tumblr page.

</Read More>

Crafty Hackers & Other AppSec Stories This Week

Jan 26, 2014 By Sarah Vonnegut | Breaches seem to be hitting every country across every industry these days. This week was no better. Not only did the biggest craft store in the U.S. disclose a breach affecting an unknown number of credit card users, but nearly 40% of South Koreans as well as 16 million Germans are dealing with the affects of major breaches in each of those countries. With the list of 2013’s worst and most overused passwords wrapping up the week’s news, let’s hope the rest of 2014 is a more secure year.

</Read More>

Worst Passwords of 2013

Jan 24, 2014 By Sharon Solomon | The results are out. SplashData, a leading password management application provider, has released its annual list of 25 most common passwords found on the net. The list was compiled with the help of data files consisting of millions of stolen passwords, published by leading hackers on the net.

</Read More>

Cache of 2 Million Account Details For Facebook, Google, Yahoo Users Discovered

Dec 05, 2013 By Sarah Vonnegut | Some two million accounts on several of the most widely visited social media networks, email providers and websites were just discovered on a server with a bogus IP in the Netherlands. Hackers stole login usernames and passwords for Facebook, LinkedIn, Google, Twitter and various other popular sites.

</Read More>

Free Wi-Fi Hotspots – A Risky Luxury

Dec 04, 2013 By Sharon Solomon | The wireless revolution has turned internet access into a basic necessity. Social media networking and entertainment on-the-go are in high demand. In this reality, Wi-Fi hotspots are seen as blessings, even when the signal is coming from an unknown source. But this is a huge security risk that people rarely take into consideration.

</Read More>

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Follow us on Feedly

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.