Now One Week All Year

The annual summer conference constellation of the week of Black Hat, BSides, and DEF CON usually brings out a certain vocal concern about personal device security. Some of the concern is grounded in wry humor, using mirth to illustrate a point. Some of it floats on ignorance tainted with misapplied knowledge. That’s fine. Perform the […]

Audit Accounts, Partition Passwords, Stay Secure

It’s a new year, so it’s time to start counting days until we hear about the first database breach of 2014 to reveal a few million passwords. Before that inevitable compromise happens, take the time to clean up your web accounts and passwords. Don’t be a prisoner of bad habits. It’s good Operations Security (OpSec) […]

Don’t Rub Salt in Your Wounds

By now everyone’s downloaded a copy of John the Ripper and taken a crack (ahem) at the LinkedIn password file. The wordlists, whatever their provenance or size, likely ran out in a matter of minutes. That left unsophisticated users with the unending silence of incremental mode compounded with the challenge of figuring out how to […]

LinkedIn, HashedOut

Linked-“Be great at what you do”-In, bringing you modern social networking with worse password protection than 1970s UNIX. Not only did LinkedIn avoid a robust, well-known password hashing scheme like PBKDF2, they didn’t even salt the passwords. Something FreeBSD programmers have been doing for years. It also appears some users are confused as to what constitutes a […]