Showing posts with label Cybersecurity. Show all posts
Showing posts with label Cybersecurity. Show all posts

Tuesday, December 27, 2022

My New Criteria for a Password Manager

December 27, 2022

by Steve Endow


On December 22, 2022, LastPass disclosed that they had discovered that an attacker had copied a backup of customer "vault data" following a cyberattack and data breach that occurred in August 2022.

Aside from the obvious bad news, I initially learned of two interesting things about LastPass that I never would have thought to consider when evaluating password managers.

1. While web site username and password values are encrypted, the URL for the web site entry is not encrypted by LastPass.  I believe this poses a security risk for LastPass users.

2. Prior to 2018, LastPass used 5,000 iterations in the key derivation process. In 2018, they increased that to 100,100 iterations.  Even if you don't know what key derivation iterations are, just make note of that significant change.  From what I've read, older vaults were not automatically upgraded to the more secure configuration.  In theory, this means that vaults created prior to the 2018 upgrade are potentially more vulnerable to brute force password cracking.

Sunday, December 18, 2022

Improving Personal Email Security

by Steve Endow

Last week I discovered that my personal information was included in 2 massive data breaches in under 24 hours.

This was the last straw for me.

Yet Another Data Breach


Background

Data breaches aren't new, and have unfortunately become so common that I don't think they garner any more than an eye roll or a shrug these days.  Here is just a partial list of breaches that occurred in 2022.  I happen to know that December 2022 is missing several significant entries.  And this doesn't include all of the shady data brokers who buy and sell your data constantly.

https://tech.co/news/data-breaches-2022-so-far

I don't see data breaches decreasing any time soon, and I assume that we will continue to see an increasing number of breaches in coming years.  It's going to get far worse before it gets better.

So what does this have to do with email?

The problem is that several of these breaches have included my "personal" email address.  

Business Central Simple Tip #4: Exporting Leading Zeroes to Excel and then CSV- It works fine!

by Steve Endow This may seem obvious to some, but I've learned through many painful lessons that unless I actually test a scenario and s...