After the Ashley Madison breach, everyone sighed a breath of relief because the passwords were encrypted with bcrypt. Bcrypt, as used by Ashley Madison, hashed the password 4,096 times. That calculation meant that even with fast computers it would take centuries to crack all of them. Until a group of hobbyists – yes hobbyists, not professional […]
Continue reading → [DISPLAY_ACURAX_ICONS]As researchers continue to review the data dumps from the Ashley Madison breach, there are lessons to be learned from what has been found. While Ashley Madison claimed to have good security, the evidence does not support that. For example, the VPN password from the Internet to their servers was Pass1234, according to one article […]
Continue reading → [DISPLAY_ACURAX_ICONS]Excellus Blue Cross Blue Shield revealed that it has been hacked. Excellus did not detect it had been hacked at all. In fact, it was not until they hired Mandiant to do an audit in the wake of the other Blue Cross hacks that they found out that they had been hacked. The data of […]
Continue reading → [DISPLAY_ACURAX_ICONS]Cancer Care Group, an Indianapolis based Oncology practice learned a lesson the hard way. They allowed an employee to have an unencrypted laptop and a server in his car, from which both computers were stolen. They discovered that the computers contained protected health information – social security numbers and insurance data for 55,000 patients. The […]
Continue reading → [DISPLAY_ACURAX_ICONS]There are reports in the news that Identity Theft Guard Solutions won the contract to offer identity theft protection for the 21.5 million victims of the second OPM breach. This is 90 days after the breach was disclosed. It is unclear how long it will be before people get letters and have the ability to […]
Continue reading → [DISPLAY_ACURAX_ICONS]The Computer Emergency Response Team (CERT), a part of the Department Of Homeland Security, released an alert this week regarding yet another series of DSL routers that have hard coded userids and passwords. The routers, which likely share firmware from a common Chinese manufacturer, all have passwords of the form XXXXairocon, where XXXX are the […]
Continue reading → [DISPLAY_ACURAX_ICONS]