Honeywords — Honeypot Passwords
CowboyRobot writes "Businesses should seed their password databases with fake passwords and then monitor all login attempts for use of those credentials to detect if hackers have stolen stored user information. That's the thinking behind the 'honeywords' concept first proposed this month in 'Honeywords: Making Password-Cracking Detectable (PDF),' a paper written by Ari Juels, chief scientist at security firm RSA, and MIT professor Ronald L. Rivest (the 'R' in 'RSA'). Honeywords aren't meant to serve as a replacement for good password security practices. But as numerous breaches continue to demonstrate, regardless of the security that businesses have put in place, they often fail to detect when users' passwords have been compromised."
ari
business
cowboyrobot
information
juels
mit
password-cracking
pdf
practice
replacement
rivest
ronald
rsa
scientists
security
Uncle Sam Wants You (to Optimize Your Content for Mobile)
Americans deserve a government that works for them anytime, anywhere, and on any device. — President Barack Obama It’s easy to get frustrated by the pace of change in mobile. Companies drag their feet about actually delivering content and services optimized for mobile devices, commissioning yet more research to “prove” the need for a mobile strategy. Meanwhile, we tap away at our ever-more-capable smartphones and tablets, pinching and zooming our way through sites designed for a much larger screen. Now we can find inspiration for taking quick action in mobile from an unexpected source: the government. President Obama has ordered executive branch federal agencies to make at least two key services available on mobile devices over the next year. The initiative to optimize content for mobile is part of the larger Digital Government strategy aimed at building a twenty-first-century platform to better serve the American people. This strategy outlines a sweeping vision for how to deliver ...
action
africa
african american
agency
americans
api
apis
applications
center
china
christmas
cms
conditions
convenience
cornell
corporations
development
difference
discussion
documents
education
facebook
flanders
fox
gifs
google
government
gps
hispanic
illustration
india
influence
information
inspiration
internet connection
kevin
laziness
minority
necessity
ned
nielsen
organization
pdf
pew
pop-tart
population
predictions
presentation
president barack obama
privacy
probability
procurement
reference
requirements
responsibility
revolution
rss
security
service
statement
steven
susannah
technology
uncle sam
united states
vanroekel
vision
web
Cloud Firm MediaFire Flags Malware Samples For DMCA Violation, Bans Researcher
chicksdaddy writes "A malicious software researcher finds herself in company with First Lady Michelle Obama and science fiction author Neil Gaiman: booted from the Web by hard-headed copyright protection algorithms, according to the Naked Security blog. Mila Parkour, a researcher who operates the Contagio malware blog, said on Thursday that she was kicked off the cloud based hosting service Mediafire, after three files she hosted there were flagged for copyright violations and ordered removed under the terms of the Digital Millennium Copyright Act (DMCA). The files included two compressed and encrypted malicious PDF files linked to Contagio blog posts from 2010. The firm responsible for filing the DMCA take down notice was Paris-based LeakID, which describes itself as a 'digital agency ...founded by experts from the world of radio, television and Internet.' LeakID markets 'Leaksearch,' an 'ownership tool that will alert you within seconds if your content...is being pirated.' According to ...
act
agency
contagio
dmca
gaiman
internet
lady
leakid
leaksearch
mediafire
michelle obama
mila
millennium
neil
notice
ownership
paris-based
parkour
pdf
protection
science fiction
security
service
television
violations
web
Found more than 1 month ago on channel
Slashdot
Serious Web Vulnerabilities Dropped In 2011
wiredmikey writes "It's refreshing to see a security report from a security vendor that isn't all doom-and-gloom and loaded with FUD. Web Application Security firm WhiteHat Security released a report this week (PDF) showing that the number of major vulnerabilities has fallen dramatically. Based on the raw data gathered from scans of over 7,000 sites, there were only 79 substantial vulnerabilities discovered on average in 2011. To compare, there were 230 vulnerabilities on average discovered in 2010, 480 in 2009, 795 in 2008, and 1,111 in 2007. As for the types of flaws discovered, Cross-Site Scripting (XSS) remained the number one problem, followed by Information Leakage, Content Spoofing, Insufficient Authorization, and Cross-Site Request Forgery (CSRF) flaws. SQL Injection, an oft-mentioned attack vector online – was eighth on the top ten."
applications
authorization
csrf
fud
information
pdf
security
sql injection
vulnerabilities
web
xss
Found more than 1 month ago on channel
Slashdot