Securing Your Email Space

Yesterday, Lavabit – a secure e-mail provider – announced that it’s closing down their operations. The official text and the Website looks like this: Lavabit was one of the very few secure e-mail service providers bringing security for its paid customers… Read Full Article

Passwords13 (Hot Topic in Hot City)

Before BlackHat and DefCon taking place this week in Las Vegas, another conference attracts security experts:  Passwords13. A free to attend conference about Passwords and Authentication from attackers and defenders perspective. Last conference (Passwords12) in Oslo was the opposite when it… Read Full Article

Public points of data loss

In an airport lounge during my last trip I came across some cool tab devices running on Android integrated with an external keyboard available for public use and connected to the Internet. I performed a quick check of downloaded files, most visited sites and browser history and found a huge list of sensitive information. Here are some examples: Read Full Article

The Zappos Breach and Textual Password Based Authentication

Following their major database breach, Zappos leadership is doing the right thing by what seems to be quickly and clearly communicating what data was accessed and what was not – there are no unexplained delays or confusion on their part about the event. It’s like another Aurora moment in my book, when Google extraordinarily opened up about their breach while the other 30-odd Aurora-breached major corporations did the opposite, aggressively maintaining NDA’s to hide their Aurora incidents and hide their heads in the sand. Zappos reset 24 million customers’ passwords and emailed all of them about the problem last night.

Read Full Article