[img_assist|nid=6042|title=|desc=|link=none|align=right|width=90|height=90]Researchers at Microsoft and Harvard University warn that popular passwords pose a bigger risk to online security than weak ones and suggest that many tools to enforce strong passwords actually steer users to choices that are easy to guess.
Browsing Author: Paul Roberts
[img_assist|nid=511|title=|desc=|link=none|align=left|width=115|height=115]Guest editorial by Paul Roberts In a weird kind of synchronicity, two stories recently have raised the specter of discarded (not merely misplaced) hard drives as the source of considerable consternation and legal wrangling. In the most serious incident, the Inspector General of the National Archives and Records Administration (NARA) launched an investigation into a potential data breach that could expose the personal information and health records of up to 70 million veterans.
As a security show, the RSA Conference leaves a lot to be desired. Its technical sessions carry an uncomfortable load of marketing baggage and don’t have either the cachet or entertaining edge of those at Black Hat or CanSecWest.
Anyone will tell you that the real business of RSA is happening off the show floor – in conference rooms and hotel suites and restaurants, where companies are doing business: technology partnerships and strategic alliances, mergers and acquisitions. Speaking personally, I’ve always found it ironic that the show, which started as a retreat for monkish cryptographers, has morphed into the back-slapping, business development Lollapalooza that it is today, but so it is.
By Paul F. Roberts, The 451 Group
Starting this week at the annual CanSecWest conference in Vancouver, British Columbia, some of the world’s best hackers will crack their knuckles and get to work on a different kind of problem: hacking mobile devices including Apple’s über popular iPhone. The annual Pwn2Own contest is likely to be a wake-up call to companies about the dangers posed by BlackBerrys, iPhones and other mobile devices. Despite that, many security firms are still playing catch up on mobile device management and security. Their enterprise customers may pay the price.