I really like this way of thinking outside the box! Some of the old, and current, concepts on password complexity, length, history etc. are being revised. There is some new thinking on the matter, based mainly on trends and analytics Microsoft has done via millions of hack attempts on Azure based resources.
New Microsoft recommendations:
- “Maintain an 8-character minimum length requirement (and longer is not necessarily better).
- Eliminate character-composition requirements.
- Eliminate mandatory periodic password resets for user accounts.
- Ban common passwords, to keep the most vulnerable passwords out of your system.
- Educate your users not to re-use their password for non-work-related purposes.
- Enforce registration for multi-factor authentication.
- Enable risk based multi-factor authentication challenges.”
Read it here
Thousands of Hacked Home Routers are Attacking WordPress Sites
Fascinating blog from WordFence, one of the best WordPress firewall out there. They uncovered attacks coming from various countries and regions. The target is home networks. There is a router vulnerability called “Misfortune Cookie” [really] that is being exploited. It appears many home routers are hacked with this vulnerability and they in turn launch attacks. The tricky part here is that the launched attacks are actually small per home router, so detection is difficult.
The really weird thing is that the IPS are coming from all over the place, but attacks from Algeria [!] are increasing dramatically.
Read the WordFence Blog here
Yikes – Multi-vector and SPEED: ‘a DDoS attack against an unnamed European media organization that peaked at 363G bps (bits per second)’. That ‘G’ is not a typo.
‘Attackers launch multi-vector DDoS attacks that use DNSSEC amplification’
There are hundreds and hundreds of these WordFence Firewall entries on Riguy.Com. I blocked some IPs here and there; that will work for a while. I wonder what these nice people from Ukraine would ever want with my most humble of web sites? Regardless, thanks WordFence [awesome security plugin]!
WordFence Security hard at work, on my humble website ;>
I love this Plugin [although I use the free version for my personal website, our work pays for it because it is worth every penny].
Microsoft has released a major Critical Windows Security Flaw and fix. By critical, I mean they went outside of their normally rigid ‘patch Tuesday’ [twice a month] schedule and released this fix on-the-fly, so to speak.
“The flaw is in the way the Windows Adobe Type Manager Library handles OpenType fonts. In practical terms, if someone running Windows visits a website that contains embedded OpenType fonts or a specially crafted document, an attacker could execute code on his or her computer.
“An attacker who successfully exploited this vulnerability could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights,” Microsoft wrote in a security bulletin.”
The Windows update tool in modern Windows OS can handle this.
Critical Windows Security Flaw + Fix Article
Quick, which is more secure, premises or cloud based data?
This fellow makes an excellent point on Cloud Security and the common question, that is that maybe the Cloud is only as secure or insecure as the Business owners, Executives and I.T. Department desire. Maybe the hacker are the least of our problems?
“The truth: Although you may not control the data on your premises, you still own and control the data. You may not be able to visit the data center and have lunch in the server room, but you still can control both the data and the layers of security safeguarding it. I’ve yet to see a public cloud provider that does not allow this configuration. No, your data is only as vulnerable as your security protocols, cloud or not.”
It’s not the hackers you should fear
“France faces 19,000 cyberattacks since terror rampage”
Hackers have targeted about 19,000 French websites since a rampage by Islamic extremists left 20 dead last week, France’s cyberdefense official said Thursday, as the president tried to calm the nation’s inflamed religious tensions.
France is on edge since last week’s attacks, which began Jan. 7 at the offices of the satirical newspaper Charlie Hebdo. The paper, repeatedly threatened for its caricatures of the Muslim Prophet Muhammad, was burying several of its slain staff members Thursday.
Calling it an unprecedented surge, Adm. Arnaud Coustilliere, head of cyberdefense for the French military, said about 19,000 French websites had faced cyberattacks in recent days, some carried out by well-known Islamic hacker groups.