Tag Archives: Password Security

Nude Celebrity Scandal, Cloud Service Security and You!

September 04, 2014

Following the slew of private celebrity photos leaked earlier this week, both end-users and organisations are understandably concerned. Invariably, user confidence in the security of online services, and the confidentiality of any data stored, has been shaken by such leaks.

This is especially worrying for organisations, as more and more enterprise services move onto remotely hosted cloud platforms, which are now home to the corporate crown jewels (emails, commercially sensitive information, intellectual property etc).

The same security issues that appear to have caused the recent iCloud breaches typically affect these cloud platforms. From a security perspective, using a cloud system is effectively outsourcing and therefore should be treated as diligently as any other outsourcing arrangement.

According to Apple , the recent celebrity photo compromise occurred due to a “very targeted attack on user names, passwords and security questions” – in other words, social engineering password resets. Continue reading

“The faster I type my password, the more secret-agenty I feel”

March 27, 2013

Jacqui Henderson

Our new password cracking service…

Securus Global recently implemented a new offline password cracking service that allows us to identify which user accounts have easily ‘crackable’ or guessed passwords. Identifying these accounts is key to an organization’s security, as accounts with weak passwords are an easy way for an attacker to gain a foothold into an organisation’s network. This capability has long been available to malicious hackers, and is now available to our customers as well.

Popular weak passwords:

For an attacker, one of the most trivial ways to get into user accounts is to attempt to log in with known usernames, using easily-guessed passwords, either manually or using an automated “brute-force” password guessing tool. User accounts with weak passwords make this process significantly easier for an attacker.

Here are the top 25 worst passwords of 2012 (from Tech Time*) Continue reading