“123456, password, welcome” – Yahoo Password Posted Online July 12, 2012
Posted by Chris Mark in News, PCI DSS, Risk & Risk Management.Tags: data breach, encryption, hash, InfoSec, markconsultinggroup.com, password, risk, security, yahoo
add a comment
A story today on MSNBC says that Yahoo Voices was compromised and 450,000 usernames/password posted online. Not surprisingly, the passwords were not hashed or otherwise protected using encryption. While the posting of passwords is nothing new what is interesting is what the researchers found when looking at user generated passwords. The most common passwords were ‘123456’ followed by ‘password’ and ‘welcome’. Fully 1/3 of the passwords used lower case letters only. Here is where I get on my soapbox. According to the story:
“Yahoo! Voices’ administrators made a big mistake storing the passwords in plaintext, but all users need to bolster their own security as well. Make passwords harder to guess by making them more than eight characters long, and pepper them with upper-case letters, numbers and punctuation marks.”
First, strong passwords would not have helped because YAHOO WAS STORING THEM IN CLEARTEXT!..and they were stolen! Second, the company should enforce strong passwords. While all users should use strong passwords, when dealing with 450K users it is prudent to understand that either some users aht a will not understand what a strong password is or will simply ignore the directions. Yahoo should have forced strong passwords…
“Let’s Talk Data Security” – Heather Mark in July 2012 Greensheet & TransactionWorld July 9, 2012
Posted by Chris Mark in cybersecurity, Data Breach, Laws and Leglslation, News, PCI DSS.Tags: cybersecurity, data breach, data security, greensheet, Heather Mark, mark consulting group, security, transactionworld
add a comment
Heather Mark is interviewed in the July 2012 issue of Greensheet in the article titled: “Expert Advice on Security Defense and Planning”. The article discusses strategies for preventing and dealing with data breaches with the payment card industry. Additionally, Heather has an article in TransactionWorld titled: “New School vs. Old School: Security and Emerging Technologies”. You can catch Heather’s articles every month in Transaction World Magazine.
“Do as I say..not as I do”- UN Sends Restricted Computer Equipment to Iran and North Korea July 5, 2012
Posted by Chris Mark in News.Tags: Iran, North Korea, security, UN, United Nations, WIPO
add a comment
In yet another shocking revelation of questionable actions within the United Nations, Foxnews reports that the US State Department is now investigating the shipment of sensitive computer and other equipment to Iran and North Korea by way of an obscure UN department. The United Nations has prohibitions against sending such sensitive equipment to both countries as the countries are trying to develop nuclear weapons. According to the report, the World Intellectual Property Organization (WIPO), of which the US is a member, sent computers and other technology to both countries. The US State department was unaware of the shipment and, according to a top US official, it now appears that “”official at the U.N. agency, the Geneva-based World Intellectual Property Organization, or WIPO, “has not yet been fully open” to the inquiries…””
“Proxy Wars 101” – Russian Attack Helicopters Caught Bound for Syria June 19, 2012
Posted by Chris Mark in News.Tags: assad, geopolotics, HIND, mark consulting group, Mi25, muhajideen, proxy war, revolution, Russia, syria, terrorism
1 comment so far
According to a story on MSNBC, a ship carrying military attack helicopters and missiles from Russia to Syria was stopped off the coast of the UK yesterday. The insurers cancelled the coverage of the ship forcing it to turn back. The interesting part of this scenario is the fact that the ship was carrying Russian Mi25 (HIND) attack helicopters to Syria. Thee Mi25 is one of the most noticeable and lethal attack helicopters in history. It was highlighted in numerous movies including Red Dawn and Rambo 3. It is very effective at ground support. For those who have been living in a cave for the past few months, Syria is currently engaged in a revolution and the government has been accused of a brutal crackdown on the revolt with the indiscriminate killing of civilians. The international community has nearly universally condemned Assad’s actions….nearly. Russia and China appear to in support of the Assad regime. Syria and Russia have a long standing relationship extending to the days of the Soviet Union. You can read more about it here. (more…)
“A Victory?…for Democracy?”…Muslim Brotherhood Wins Egyption Presidency June 17, 2012
Posted by Chris Mark in News, terrorism.Tags: al qaeda, Arab Spring, Egypt, Election, mark consulting group, Mohammad Morsi, Salafi, terrorism
5 comments
It was just announced that the Muslim Brotherhood’s Mohammad Morsi was leading and expected to win the Egyption presidency in the first election since the removal of Hasni Mubarak from the Egyptian presidency. Egypt was one of the countries that revolted in the Arab Spring of 2012. Interestingly, Mr. Morsi is being elected in a democratic election. What is the significance? Many in the US have labored under the belief that if given the choice ALL people would choose a government similar to the US. In 2003, at the National Endowment of Democracy, President George Bush said:
“This freedom deficit … has terrible consequences for people in the Middle East and for the world. In many Middle Eastern countries, poverty is deep and it is spreading. Women lack rights and are denied schooling, whole economies remains stagnant while the world moves ahead,” Bush said. (more…)
Global Security, Privacy, & Risk Management 