Navigation Links
With Russian Hackers Stealing over a Billion Credentials, Business Password Policies in the Spotlight
Date:8/9/2014

New York, NY (PRWEB) August 09, 2014

On Tuesday, August 5th, The New York Times ran a story about Russian Hackers who managed to pilfer and collect over 1.2 billion user credentials, user names and passwords. To help put some heft to the gravity of numbers like these, consider this; the United Nations released results of a study in May of this year which arrived at the conclusion that by the end of 2014, three billion people around the world will be connected to the Internet, leaving a full 60%, or roughly 4.2 billion, still on the outside looking in. So if every stolen credential could be assigned to a unique individual, over 1 in 3 people connected to the Internet would have their credentials in this group’s hands, who can sell, use for identity theft, or leverage them in any other way they see fit. And according to Joe Caruso, founder and CEO/CTO of Global Digital Forensics (GDF), a premier provider of cyber security solutions and incident response, “Businesses really need to take the hint when they see a story like this and wonder just how safe their networks are. Bad password habits are a killer when it comes to security, but you’d be shocked to know how many organization’s we’ve seen after incidents which could be traced to completely unacceptable, or totally non-existent password policies, procedures and enforcement.”

Science will eventually solve human laziness when it comes to the password dilemma, but in the meantime…

“One of the biggest problems is just the sheer volume of passwords most people have to keeps tabs on for an ever-increasing number of accounts. So human nature steps in and deals with the problem by having that little voice inside convince us that it’s OK to use the same password on different sites,” Caruso says, “Less to remember, right? Then the little voice rationalizes it; no one knows my password, I’ve never had my credentials stolen, so what’s the harm? Well, the harm is by doing that you are not only putting your own identity and accounts at risk, but in many cases you’re also putting your employer and the entire business network at risk – in other words, your livelihood. If hackers manage to steal your credentials from one site, even if it’s through no fault of your own, like an inferior security posture and vulnerabilities on their end, it doesn’t take a lot to automate the process of using your matched credentials to test all kinds of sites, from your Facebook page or email account, to PayPal, eBay or even your bank, and yes, your business network too. Science will eventually solve this problem, but what the solution will look like is still anyone’s guess. Some kind of biometrics is a good bet, and they already have a lot of things on the table on that front, common ideas like fingerprinting, like on the new iPhones, or retinal scans, to the more unique and outlandish, like your heart rhythm or hand dimensions, or even way-out-there ideas like your very own flavor of body odor serving as the key to your data. But for now, passwords are still something you have to somehow remember and enter with your keyboard, and armed with the secret characters, anyone can do it for you, or as you.”

With professional vulnerability assessments, password vulnerabilities can be exposed and solved.

“The way to expose vulnerabilities in any environment is to test for them,” Caruso says, “and password problems are no different. When we do our vulnerability assessment and penetration testing (pen-testing) for clients, we usually launch a full blown spear phishing campaign to see who we can dupe into giving us their credentials, and we’ve never failed to get users on the hook in any organization we’ve ever tested. And when the responses start rolling in, we get to see the passwords people are using, and let me tell you, it can be frightening to see. The really dumb stuff like “qwerty,” “abc123,” and “god” protecting access to sensitive business data or digital assets still pop up so often it makes you really wonder what some folks could possibly be thinking. It’s so ridiculous it can sometimes border on amusing. Then there is the usually another crew that like to use names and dates of loved ones and events, many of which could be easily figured out just by visiting their Facebook page, which hackers love to roam for that kind of information. But when we bring it up during the reporting stage and call out the offenders, no one is laughing. And once we’re armed with the evidence, we go to work, hand in hand with the client, to create, fix or strengthen their policies, procedures, and enforcement concerning passwords, while also identifying any other weak links anywhere along the cyber security chain. There are many ways to approach solving the problem, but armed with our testing results and an in-depth knowledge of the client’s digital landscape, data flow, business requirements and regulatory compliance issues after the assessment and testing process, we can help them tailor a plan which will fit just right.”

Custom solutions for today's cyber threats

*Global Digital Forensics is a recognized industry leader in the fields of computer forensics, cyber security and emergency incident response, with years of experience assisting clients in the government, banking, healthcare, education and corporate arenas. For a free consultation with a Global Digital Forensics specialist, call 1-800-868-8189 about tailoring a cost-effective plan which will meet your unique needs, without wasting resources on solutions you simply don’t need. Emergency responders are also standing by 24/7 to handle intrusion and data breach emergencies whenever and wherever they arise. Time is critical if a cyber incident has occurred, so don’t hesitate to get help. For more information, visit http://www.evestigate.com.

Read the full story at http://www.prweb.com/releases/2014-Russian-Hackers/Stole-a-billion-passwords/prweb12083958.htm.


'/>"/>
Source: PRWeb
Copyright©2014 Vocus, Inc.
All rights reserved

Related medicine news :

1. Bright Plaza offers “Kaje” Website Security Solution to Russian Hacker Password Breach
2. Global Vision Enters the Russian Market
3. The Russian Banya, a Second Mother
4. Chestnut Street Apartments, San Francisco's Hottest Russian Hill Apartments for Rent, Participates in Trinity Management Job Fair
5. 123Greetings Launched Spanish, Chinese, Russian, & Hindi Ecards Under World Languages, Adding Diversity To Its Collection
6. CogniFit launches its online brain training website in Russian
7. Certified Russian Kettlebell Instructor Accepting New Students in San Diego
8. Cody Bramlett, Certified Russian Kettlebell Instructor (RKC), Launches Kettlebell X Boot Camp
9. Recent marijuana use in HIV-infected Russians associated with increased sex and drug risk behaviors
10. The Holiday Season Means Phishing Season for Hackers
11. Targets of Opportunity Still Hackers’ Best Friends, With Some New Twists, Mid-Year 2013 ENISA Report Shows
Post Your Comments:
*Name:
*Comment:
*Email:
(Date:2/13/2016)... , ... February 13, 2016 , ... Many individuals looking ... protein for a multitude of reasons. IsoPasta by Isolator Fitness has delved into ... once more, but without the high-carb repercussions. IsoPasta has 30 grams of protein ...
(Date:2/13/2016)... ... 2016 , ... When an Au Pair comes all the way around the world ... for and they are often worried things won’t go well. More often than not, however, ... Au Pair of the Year winner’s all commented how their Au Pairs have become a ...
(Date:2/12/2016)... LA (PRWEB) , ... February 12, 2016 , ... The ... St. Landry and Evangeline Parishes. The purpose of these scholarships is to encourage ... encourage those individuals to seek employment within these two parishes. , “We have ...
(Date:2/12/2016)... ... February 12, 2016 , ... Each year, the American Physical ... in Anaheim, CA at the Anaheim Convention Center. Almost 10,000 physical therapists across the ... products in action, learn more about their chosen field and network with their colleagues. ...
(Date:2/12/2016)... ... February 12, 2016 , ... Itopia, a leader in cloud ... Clarity Intelligence Platform (CIP) into Cielo®, a discovery, migration and cloud orchestration engine. ... their small and medium business (SMB) clients. , In recent years, ...
Breaking Medicine News(10 mins):
(Date:2/12/2016)... SAN DIEGO and SEOUL, ... -- Silicon Biosys­tems Menarini and Macrogen, Inc. today ... clinical assays and innovative procedures for precision medicine ... to combine Silicon Biosystems, DEPArray™ digital-sorting technology with ... development of tests certified under the Clinical Laboratory ...
(Date:2/12/2016)... , Feb. 12, 2016  Apellis ... completed a $47.1 million Series D preferred ... Asset Management, Hillhouse Capital Group and venBio ... Venture Investments, AJU IB Investment, and Epidarex ... used to further advance clinical trials in ...
(Date:2/11/2016)... 2016 Stem cells are primitive cells found ... and the capacity to differentiate into mature cell types ... the first mouse embryonic stem cells were derived from ... that the first culturing of embryonic stem cells from ... produced until 2006 As a result of these discoveries, ...
Breaking Medicine Technology: