NDYNAMICS Blog

On Monday, June 15, LastPass officials warned that attackers have compromised servers that run the company's password management service and made off with some master passwords of users of the LastPass service. You can read more detail about the attack here:  http://arstechnica.com/security/2015/06/hack-of-cloud-based-lastpass-exposes-encrypted-master-passwords and here: https://blog.lastpass.com/2015/06/lastpass-security-notice.html/ There's lots of jargon in those article about algorithms, encryption, hashes, anomalies, multifactor authentication, vault contents, SHA's and GPU's.  Enough to make your head spin!  Here's the bottom line: the passwords you store on ...

Is the password an outdated type of security measure? This question seems to be getting asked around quite a bit, especially with more powerful threats loose all over the Internet. Unfortunately, the fault in passwords generally lies in the fact that humans generally don’t pick passwords that are secure enough. Thanks to a new method called “spaced repetition,” it seems there might be some hope left for the password after all.

Last week, the Heartbleed bug was identified as a weakness in the OpenSSL cryptographic library, potentially leaking two-thirds of the Internet's secure information from any websites utilizing this encryption style. While most major websites such as Google, Yahoo, and Facebook released patches quickly, it does little to actually remediate the problem. Your data could have been leaked over the year-plus that the vulnerability could have been accessed. There is no way to know if it has been compromised.

On April 7th, a new bug on the Internet was discovered that's putting millions of users' personal data at risk. Given the name "Heartbleed bug," it's capable of allowing infiltrators to collect information while you are securely browsing a SSL/TLS website. Since SSL/TLS is so widely used, it's very probably that your personal data is at risk.

Heartbleed is a major security hole on Internet Web sites.   Whenever you access a web site to log in or type credit card information, the site “encrypts” your data so it is secure as you type it.  You may notice the difference between “http” and “https” in the web site address in your browser.  The “https” means the web site is encrypting the connection between you and the site so the information you type can only be read at both ends, and not captured in the transmission.  The same technology is also used in many VPN connections, so if you connect to a network remotely you might also be affected. The Heartbleed security hole takes advantage of a security flaw in O...