Navigation Links
With Russian Hackers Stealing over a Billion Credentials, Business Password Policies in the Spotlight
Date:8/9/2014

New York, NY (PRWEB) August 09, 2014

On Tuesday, August 5th, The New York Times ran a story about Russian Hackers who managed to pilfer and collect over 1.2 billion user credentials, user names and passwords. To help put some heft to the gravity of numbers like these, consider this; the United Nations released results of a study in May of this year which arrived at the conclusion that by the end of 2014, three billion people around the world will be connected to the Internet, leaving a full 60%, or roughly 4.2 billion, still on the outside looking in. So if every stolen credential could be assigned to a unique individual, over 1 in 3 people connected to the Internet would have their credentials in this group’s hands, who can sell, use for identity theft, or leverage them in any other way they see fit. And according to Joe Caruso, founder and CEO/CTO of Global Digital Forensics (GDF), a premier provider of cyber security solutions and incident response, “Businesses really need to take the hint when they see a story like this and wonder just how safe their networks are. Bad password habits are a killer when it comes to security, but you’d be shocked to know how many organization’s we’ve seen after incidents which could be traced to completely unacceptable, or totally non-existent password policies, procedures and enforcement.”

Science will eventually solve human laziness when it comes to the password dilemma, but in the meantime…

“One of the biggest problems is just the sheer volume of passwords most people have to keeps tabs on for an ever-increasing number of accounts. So human nature steps in and deals with the problem by having that little voice inside convince us that it’s OK to use the same password on different sites,” Caruso says, “Less to remember, right? Then the little voice rationalizes it; no one knows my password, I’ve never had my credentials stolen, so what’s the harm? Well, the harm is by doing that you are not only putting your own identity and accounts at risk, but in many cases you’re also putting your employer and the entire business network at risk – in other words, your livelihood. If hackers manage to steal your credentials from one site, even if it’s through no fault of your own, like an inferior security posture and vulnerabilities on their end, it doesn’t take a lot to automate the process of using your matched credentials to test all kinds of sites, from your Facebook page or email account, to PayPal, eBay or even your bank, and yes, your business network too. Science will eventually solve this problem, but what the solution will look like is still anyone’s guess. Some kind of biometrics is a good bet, and they already have a lot of things on the table on that front, common ideas like fingerprinting, like on the new iPhones, or retinal scans, to the more unique and outlandish, like your heart rhythm or hand dimensions, or even way-out-there ideas like your very own flavor of body odor serving as the key to your data. But for now, passwords are still something you have to somehow remember and enter with your keyboard, and armed with the secret characters, anyone can do it for you, or as you.”

With professional vulnerability assessments, password vulnerabilities can be exposed and solved.

“The way to expose vulnerabilities in any environment is to test for them,” Caruso says, “and password problems are no different. When we do our vulnerability assessment and penetration testing (pen-testing) for clients, we usually launch a full blown spear phishing campaign to see who we can dupe into giving us their credentials, and we’ve never failed to get users on the hook in any organization we’ve ever tested. And when the responses start rolling in, we get to see the passwords people are using, and let me tell you, it can be frightening to see. The really dumb stuff like “qwerty,” “abc123,” and “god” protecting access to sensitive business data or digital assets still pop up so often it makes you really wonder what some folks could possibly be thinking. It’s so ridiculous it can sometimes border on amusing. Then there is the usually another crew that like to use names and dates of loved ones and events, many of which could be easily figured out just by visiting their Facebook page, which hackers love to roam for that kind of information. But when we bring it up during the reporting stage and call out the offenders, no one is laughing. And once we’re armed with the evidence, we go to work, hand in hand with the client, to create, fix or strengthen their policies, procedures, and enforcement concerning passwords, while also identifying any other weak links anywhere along the cyber security chain. There are many ways to approach solving the problem, but armed with our testing results and an in-depth knowledge of the client’s digital landscape, data flow, business requirements and regulatory compliance issues after the assessment and testing process, we can help them tailor a plan which will fit just right.”

Custom solutions for today's cyber threats

*Global Digital Forensics is a recognized industry leader in the fields of computer forensics, cyber security and emergency incident response, with years of experience assisting clients in the government, banking, healthcare, education and corporate arenas. For a free consultation with a Global Digital Forensics specialist, call 1-800-868-8189 about tailoring a cost-effective plan which will meet your unique needs, without wasting resources on solutions you simply don’t need. Emergency responders are also standing by 24/7 to handle intrusion and data breach emergencies whenever and wherever they arise. Time is critical if a cyber incident has occurred, so don’t hesitate to get help. For more information, visit http://www.evestigate.com.

Read the full story at http://www.prweb.com/releases/2014-Russian-Hackers/Stole-a-billion-passwords/prweb12083958.htm.


'/>"/>
Source: PRWeb
Copyright©2014 Vocus, Inc.
All rights reserved

Related medicine news :

1. Bright Plaza offers “Kaje” Website Security Solution to Russian Hacker Password Breach
2. Global Vision Enters the Russian Market
3. The Russian Banya, a Second Mother
4. Chestnut Street Apartments, San Francisco's Hottest Russian Hill Apartments for Rent, Participates in Trinity Management Job Fair
5. 123Greetings Launched Spanish, Chinese, Russian, & Hindi Ecards Under World Languages, Adding Diversity To Its Collection
6. CogniFit launches its online brain training website in Russian
7. Certified Russian Kettlebell Instructor Accepting New Students in San Diego
8. Cody Bramlett, Certified Russian Kettlebell Instructor (RKC), Launches Kettlebell X Boot Camp
9. Recent marijuana use in HIV-infected Russians associated with increased sex and drug risk behaviors
10. The Holiday Season Means Phishing Season for Hackers
11. Targets of Opportunity Still Hackers’ Best Friends, With Some New Twists, Mid-Year 2013 ENISA Report Shows
Post Your Comments:
*Name:
*Comment:
*Email:
(Date:5/3/2016)... ... May 03, 2016 , ... ... industry, announced today that Legacy Health is expanding its use of Intrigma’s cloud-based ... a highly successful initial proof of concept. The Portland, Oregon based health system ...
(Date:5/3/2016)... ... 03, 2016 , ... AvePoint, the Microsoft Cloud ... 6 Service Pack (SP) 7, the enterprise-class infrastructure management platform for SharePoint. ... of the platform’s latest features – whether in an on-premises, cloud, or hybrid ...
(Date:5/3/2016)... MD (PRWEB) , ... May 03, 2016 , ... ... line of reusable bags to replace billions of single-use, throw away plastic baggies. The ... devastating our oceans and sea life. , “The LunchSkins mission is all ...
(Date:5/2/2016)... FL (PRWEB) , ... May 03, 2016 , ... ... version of its FDA approved sSOIP telemedicine stethoscope software that enables the stethoscope ... version is called PCP-SSP and works with RNK’s flagship PCP-USB stethoscope. , Remote ...
(Date:5/2/2016)... ... May 02, 2016 , ... As directed by its ... Pennsylvania (HAP) issues its full support to allow certified nurse practitioners (CNP) to practice ... they have worked under such supervision for three years and 3,600 hours. , In ...
Breaking Medicine News(10 mins):
(Date:5/3/2016)... -- Pharmaceutical giant Johnson & Johnson has ... who says its talc-based powder products caused ovarian cancer. ... $5 million in compensatory damages and $50 million in ... ) , This is the second in ... the same court awarded $72 million to the family ...
(Date:5/3/2016)... Intec Pharma Ltd. (NASDAQ: ... today announced the appointment of Pnina Strauss-Levy ... "Ms. Strauss-Levy has 15 years of experience in clinical ... track record, having supported the advancement of several products ... the United States and ...
(Date:5/3/2016)... 2016 Norgine B.V. ... einen entscheidenden Meilenstein durch diese Veröffentlichung zur  ... Handeln, um Patientenresultate  bei Verdauungs- und Lebererkrankungen ... im Verständnis der Hepatischen Enzephalopathie bei und ... Hepatische Enzephalopathie in der Öffentlichkeit zu schaffen ...
Breaking Medicine Technology: