In new legislation, California decided to ban easy to guess, default passwords. The bill entitled SB-327, or Information Privacy: Connected Devices demands that electronics manufacturers in California equip their products with "reasonable" security features. What does this mean practically for users? All those generic passwords such as “Admin” and “Password” will be prohibited. Starting 2020 when the law comes into effect, [...]
In the realm on protecting digital information, a man-in-the-middle (MitM) attack is one of the worst things that can happen to an individual or organization. MitM attacks happen when an unauthorized actor manages to intercept and decipher communications between two parties and monitors or manipulates the exchanged information for malicious purposes. For instance, hackers can stage MitM attacks to steal sensitive [...]
A couple weeks ago, we covered the West Australian government’s security audit here on the Octopus Blog. The section of the governmental audit’s research into cyber security practices unveiled some pretty disturbing facts. Given the opportunity, users will choose the most obvious, easiest to guess passwords, leaving them wide-open targets for cyber criminals. While the size and scope of this phenomenon [...]
On the Octopus Blog, we’ve delved quite a bit into the vulnerabilities of contemporary encryption standards. The system of Public Key Infrastructure (PKI) which forms the basis of most of the worlds authentication platforms, while presenting a powerful, easy to use encryption model, still left several holes through which attackers can breach networks and steal identities. Perhaps the single biggest problem [...]
Thus goes the old adage. Of all the fields we would expect the ‘experts’ to follow their own rules, data security would probably be it. With a growing list of high profile hacks caused by poor security practices, infosec professionals are well aware what’s at risk from being careless in this area. Unfortunately, the data suggests that even the pros are [...]
Security firms and experts constantly encourage companies and organizations to enforce strong password policies to prevent the accounts of their employees and users from getting hacked. But what happens when an organization does enforce password policies? Employees knowingly find workarounds and continue to choose weak passwords that conform to those policies. At least that’s what a recent audit of 17 Western [...]
Data breaches at healthcare organizations are some of the most critical security incidents. They put very damaging information at the disposal of cybercriminals and malicious actors. A slate of regulations in different jurisdictions classify health data as highly sensitive and penalize organizations that mishandle the information or fail to protect it against hackers. An example is the Health Insurance Portability and [...]
Howdy,