Blog: Cybersecurity & Cyber Defense

Blog: Cybersecurity & Cyber Defense

How to Build Complex Passwords and Avoid Easy Breaches

In the wake of the iCloud celebrity photo hack, expert Keith Palmgren offers advice on how to build more effective passwords and avoid easy data breaches.

For more than 40 years, the IT industry has been fighting the password battle and losing. The recent celebrity iCloud hack is just one of many high-profile examples of our failure. So how can something so seemingly simple, like a password, be so difficult?

The problem with password security is that it is so simple, that it is actually paradoxically hard. In security, the most dangerous thing in the world is what you think you know, because then you don't question your knowledge. If you ask a typical IT security professional if they understand passwords, the vast majority will respond with a confident and emphatic "Yes." But if that were really true, why are

...

Windows Security SEC505: Washington DC Conference in December 2014

The SANS 'Securing Windows with the Critical Security Controls' course (SEC505) will be offered at the December conference in Washington DC.

Patch Tuesday Update - September 2014

It's Back To School - With An Exceptionally Light Patch Tuesday

This Patch Tuesday is a welcome light one with only a single critical issue in the Cumulative update for Internet Explorer and only three important issues. Back in September 2013 we saw a much larger IT work load with 13 bulletins — 4 critical and 9 important.

Looking at the details this Patch Tuesday, we have MS14-052 that is the cumulative update for Internet Explorer, which is rated as Critical and that handles mitigations for 37 CVE, related issues. Microsoft has recently updated their Exploitability Index and indicates that for this Internet Explorer patch, Microsoft has seen exploits; hence this patch is for most environments a very high priority.

Patch Tuesday Update - August 2014

August Patch Tuesday is a Big Win for IE

This patch Tuesday handles 2 Critical and 7 important issues. The good news is that 28 CVE related issues for Internet Explorer have been addressed including CVE 2014-2817 (attacks seen in the wild) and CVE 2014-2819 (publicly reported). The balance of the IE issues were privately reported and have not seen active attacks. Lastly for Internet Explorer, Microsoft is also now blocking out of date ActiveX Controls.

Summary of Bulletins:


  • MS14-043 Mitigates a Critical issue in Windows Media Center could allow Remote Code Execution. The vulnerability could be taken advantage of with a specially crafted office document sent via email. The patch addressed 1 related CVE issue.

  • MS14-044 Mitigates an
...

Patch Tuesday Update - July 2014

July Patch Tuesday Brings 6 Bulletins Addressing 29 CVE's

This Patch Tuesday we have 6 bulletins — 1 Moderate, 3 Important and 2 Critical. While July's patches address 29 CVE issues none are reportedly being used in the wild. Several issues reported during the Pwn2Own hacking contest are corrected this Patch Tuesday.

Looking at the details:


  • MS14-037 is a Cumulative Security Update for IE. It is rated critical and mitigates 24 CVE issues. Only 1 was reported publicly and it addresses a certificate handling issue.

  • MS14-038 mitigates a Critical issue that impacts the Windows Journal that could allow a Click2Pwn exploit. This patch mitigates 1 CVE related issue.

  • MS14-039 is an Important issue that mitigates a vulnerability in the On-Screen Keyboard that could allow an
...