FemaleSingaporeMember since 23 Dec 13Last online 3 years ago

  • keirthlei

    Dyman Associates Risk Management Review: The Best Password Managers for PCs, Macs and Mobile Devices

    3 years agoReply
    6 local and cloud-based password managers make passwords stronger and online life easier for Windows, Mac, iOS, Android, BlackBerry, and Windows Phone users.

    Thanks to high-profile computer security scares such as the Heartbleed vulnerability and the Target data breach, and to the allegations leveled at the government and cloud providers by Edward Snowden, more of us Internet users are wising up about the security of our information. One of the smarter moves we can make to protect ourselves is to use a password manager. It's one of the easiest too.

    A password manager won't shield you against Heartbleed or the NSA, but it's an excellent first step in securing your identity, helping you increase the strength of the passwords that protect your online accounts because it will remember those passwords for you. A password manager will even randomly generate strong passwords, without requiring you to memorize or write down these random strings of characters. These strong passwords help shield against traditional password attacks such as dictionary, rainbow tables, or brute-force attacks.

    Many password managers allow you to automatically populate your password vault by capturing your Web log-ins using a browser plug-in and allowing you to store these credentials. Other options for populating your password database include importing an Excel spreadsheet or manually entering your log-in information. Further, using these stored credentials is typically automated using a browser plug-in, which recognizes the website's username and password fields, then populates these fields with the appropriate log-in information.

    Although several browsers offer similar functionality out of the box, many password managers offer several benefits over the built-in browser functionality -- including encryption, cross-platform and cross-browser synchronization, mobile device support, secure sharing of credentials, and support for multifactor authentication. In some cases, usernames and passwords must be copied from the password manager into the browser, reducing the ease-of-use but increasing the level of security by requiring entry of the master password before accessing stored log-in information.

    Some password managers store your credentials locally, others rely on cloud services for storage and synchronization, and still others take a hybrid approach. Some of the options using local storage (such as KeePass and 1Password) still support synchronization through Dropbox or other storage services. Deciding which password manager is best for you will come down to features and ease-of-use, as well as to whether you're comfortable storing your passwords on the Internet.

    Continue Reading @ infoworld.com/article/2607798/security/r..

    Visit Dyman Associates Risk Management @ http://dymanassociatesprojects.com/

    Read for more related articles @ http://dymanassociates.blogspot.nl/

    Or follow us @ https://twitter.com/dymanassociates

  • keirthlei

    Dyman Associates Risk Management: eBay In Security Storm With Dangerous Flaw Wide Open

    3 years agoReply
    Auction site eBay has found itself in the midst of another security storm after apparently choosing to leave a security hole wide open – in the interests of user functionality – as customer details were being stolen.

    It is the latest in a trio of serious cybersecurity problems at the company this year, following a database breach in May, and the theft of details from its StubHub ticket site customers two months later.

    eBay allows highly visual JavaScript and Flash content to be included in its listings, which is a somewhat unsurprising step – however, the company reportedly knew for months that a number of hackers were manipulating this code for malicious content, and left the ability to add the code largely as it is, in the interests of offering sellers attractive auction listings.

    Cyber criminals have been using the technology to introduce cross-site scripting (XSS) – in which customers are led to a fake, eBay-mimicking site to enter their payment details. At least 100 exploited listings have been identified by the BBC, which reports that the problems continue even though eBay may have been aware of them since February.

    ‘Not An Okay Situation’

    Security experts have lambasted eBay’s handling of the problems. Chris Oakley, principal security consultant at testing firm Nettitude, says he would expect “all organizations, particularly those with vast quantities of customer data to protect” to have the required, standard cross site scripting defenses in place.

    “This hat-trick of security incidents will surely do the company no favors in terms of restoring and maintaining consumer confidence,” adds Paul Ayers, European VP at data security vendor Vormetric, and Mikko Hypponen, chief research officer at security firm F-Secure, describes the situation as “not okay”. Independent expert Graham Cluley told The Drum website that eBay was not in “proper control” of the situation, which he described as “embarrassing”.

    Solving The XSS Problem

    Experts have proposed a number of solutions for eBay, including simply removing the harmful code or listings, or providing its own Javascript editor in which sellers’ code can be more easily managed and controlled.

    Dr Adrian Davis, EMEA managing director at security organization (ISC)2, tellsForbes that XSS is a well known threat, adding that “we can’t afford to tolerate relatively simple security issues like this, especially for a company as massive as eBay”.

    Sites with the issue “need to update their current code to remove the vulnerability”, he says. “Functionality for the user would not be impaired, providing the code running in the browser and application is written properly.”

    He warns that developers need to be much better trained to write secure code and not focus solely on usability, with “fully qualified and certified individuals, such as those holding (ISC)2’s CISSP or CSSLP” qualifications being involved “throughout the entire process”.

    “This is an issue that must rise above the purely technical considerations and go onto the agendas of management and business leaders that are driving the development projects. Only then would we see investment in curbing incidents like these.”

    Act Much More Quickly

    Randy Gross, chief information officer at industry association CompTIA, says that it is “always difficult” for organizations to strike the right balance between security and convenience. But he adds: “With financial transactions, especially given recent high profile attacks, the pendulum needs to swing hard back toward security and give consumers the confidence their information is secure.”

    Fayaz Khaki, an associate director of information security at IDC, adds in aForbes email interview that it is always difficult for large and complex sites, such as eBay, to be completely XSS free. “However, once an XSS vulnerability has been identified the organization must act quickly to remove the vulnerability”, even if it means removing a listing.

    Active content such as Javascript, he says, should only be used where completely necessary, and regular monitoring and vulnerability assessments ought to be carried out to minimize risk.

    “XSS vulnerabilities have existed for a number of years and really companies such as eBay, that came into existence solely as an internet organization, should be on top of these types of vulnerabilities and should have the capability to identify and mitigate these vulnerabilities very quickly.”

    eBay said in a statement that cross site scripting risks exist across the internet, and that it has “hundreds” of engineers and security experts who collaborate with researchers to make its own site both usable and safe.

    Article Source:
    forbes.com/sites/leoking/2014/09/23/ebay..

    Read More:
    http://dymanassociatesprojects.com
    http://dymanassociatesprojects.tumblr.co..
    http://dymanassociates.blogspot.nl
  • keirthlei

    Dyman Review: Panchal Associates, Boilers Accessories

    3 years agoReply
    1 Like
    We would like to introduce ourselves as a Manufacturer of Duoblock type Industrial OIL / GAS Burners, their spares & accessories. The Proprietor, Mr. B. H. Panchal is having vide experience in Erection, Commissioning & Servicing of M/S OERTLI & KLOCKNER type OIL / GAS Burners with M/S. IAEC INDIA LTD; BHANDUP, MUMBAI. We manufacture Oil / Gas Burners, their Spares, Accessories & Controllers like Positioner controllers, Electronic Low Water probe relay etc.

    We also manufacture replacement spares for the Boilers manufactured by M/S. IAEC INDIA LTD., MUMBAI and any other Make & Brands of The Boilers & Burners. We Design & Manufacture Import substitute for special purpose Burners & their accessories. We also Sale & Service LANDIS & GYR, SATRONIC, PETERCEM & other Make & Brands of Sequence controllers for Oil & Gas Burners. We also undertake Guaranteed repairs of all types of the Burners & Boilers components, Controllers & their accessories.
Loading ...