Password complexity and authentication has always been a subject of contention both for users and system administrators. Many assume that forcing users to create more complex passwords, and changing them frequently, will lead to greater system safety - in theory this may be true. Given human nature, things rarely go as planned and research has shown that forcing users to comply with these additional requirements has actually had a detrimental effect on system security.Read More
With RSA Conference 2018 behind us, we asked Onliner Derek Nwamadi to share some of his observations from the conference floor.
This year’s RSA Conference did not disappoint. Once again attendees were treated to a great line up of presentations, events, and an always impressive expo floor. Looking back at my week at RSA, one word kept coming to
Trust; we seem to be living in an age where we are technology and data rich but trust poor.
As always, there are some technologies and buzzwords that become industry hot buttons and generally drive it for the rest of the year (more on that later).
With the European Union’s GDPR regulation coming into effect on May 25, we sat down with Online’s legal counsel/privacy consultant, Laura Sulymosi, to discuss the biggest questions being asked by organizations looking to be compliant.
As you may have heard in the news, computer researchers have recently discovered a design flaw that results in a security vulnerability in the CPU chip that powers nearly all the world’s computers, including PCs, smartphones, and data center computers. This hardware bug allows malicious programs to steal data that is being processed in the computer memory. The name given to these vulnerabilities is ‘Meltdown’ for Intel chips or ‘Spectre’ for AMD and ARM chips. The first reports were published on January 2, 2018, prior to a coordinated disclosure scheduled for the week of January 8. There is no evidence of exploitation at this time, but the publicly disclosed proof-of-concept (PoC) exploit code could result in the vulnerabilities being weaponized for malware delivery.Read More
There is a huge problem in cybersecurity. It has been festering for years and it isn’t going away anytime soon. This problem isn’t the latest zero day threat, malicious attackers, or even a rogue nation-state. There is a scarcity of cybersecurity professionals available to meet the increasing need for improved cybersecurity among businesses. The lack of qualified cybersecurity personnel has been a concern for years. Recently, the problem has intensified as organizations become more aware of their own vulnerabilities.Read More
Over the years, our team has performed thousands of penetrations tests. In the first 15 minutes of a pen test there are a handful of issues that we often discover. These issues are simple to understand and they're easy to correct, but they're almost always there. They don’t require authentication, need minimal expertise to find, and aren't the focus of the OWASP Top 10.Read More