Under the Hood of Password Managers

Security No Comments

Password managers allow the storage and retrieval of sensitive information from an encrypted database. Users rely on them to provide better security guarantees against trivial exfiltration than alternative ways of storing passwords, such as an unsecured flat text file. In this paper we propose security guarantees password managers should offer and examine the underlying workings of five popular password managers targeting the Windows 10 platform: 1Password 7 [1], 1Password 4 [1], Dashlane [2], KeePass [3], and LastPass [4]. We anticipated that password managers would employ basic security best practices, such as scrubbing secrets from memory when they are not in use and sanitization of memory once a password manager was logged out and placed into a locked state. However, we found that in all password managers we examined, trivial secrets extraction was possible from a locked password manager, including the master password in some cases, exposing up to 60 million users that use the password managers in this study to secrets retrieval from an assumed secure locked state.

Source: Password Managers: Under the Hood of Secrets Management

CIS Controls Self Assessment Tool

Security No Comments

The Center for Internet Security has launched the CIS Controls Self-Assessment Tool, or CIS CSAT, to enable organizations to track and prioritize their implementation of the CIS Controls. The tool includes features such as the ability to:

  • Delegate questions to other team members
  • Set deadlines for each CIS Control and sub-control
  • Collect documentation related to your findings
  • Capture team discussion about each assessment question

To start with the Self Assessment Tool, visit https://csat.cisecurity.org/

Health Industry Cybersecurity Practices

Security No Comments

Health and Human Services (HHS) released the Health Industry Cybersecurity Practices (HICP): Managing Threats and Protecting Patients publication that aims to provide voluntary cybersecurity practices to healthcare organizations of all types and sizes, ranging from local clinics to large hospital systems. The guide is available at Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients.

The guide includes:

China’s Global Satellite Internet Service

Technology No Comments

Over the weekend, China launched a satellite into low-earth orbit, the first step of a plan to provide global satellite internet to people who still don’t have reliable access. Nearly 3.8 billion people are unconnected to the internet, and women and rural poor are particularly affected.
The satellite, called Hongyun-1, took off at China’s national launching site Jiuquan Satellite Launch Center on Saturday (Dec. 22). Hongyun-1, or “rainbow cloud,” is the first of 156 satellites of the same name developed by state-owned spacecraft maker China Aerospace Science and Industry Corporation (CASIC). A Long March 11 rocket, made by another state-owned firm, China Aerospace Science and Technology Corporation, carried the Hongyun-1.

China got on the bandwagon to provide global satellite internet

Wallor – Slim, Smart, RFID Wallet

Technology No Comments

Wallor is a slim wallet with smart capabilities. The wallet has worldwide GPS tracking, Bluetooth alert system and RFID protection.

Key Features:

  • Card Fit/Number of Cards: 10-12
  • Bill Fit/Number of Bills: 15+
  • Keys/Coins: Yes. Special pocket
  • Size: 4.6 x 3.5 x 0.25 inch (110 x 85 x 7 mm)
  • Material: Black Nappa Leather
  • RFID Protection: Yes
  • GPS Tracking: Cloud data tracking
  • Data Plan: Free

Related Links:

Wallor 2.0

© 2019 Leonard Nelson. All Rights Reserved. The content on this site reflects my own personal opinion and does not represent the views of any other individual or organization. All suggestions, solutions, advice and opinions come as-is with no warranty or responsibility implied.

MENU

Navigation