Security Alerts & News
by Tymoteusz A. Góral

History
#616 Changing your password regularly is a terrible idea, and here's why
If users are forced to change passwords they will mostly choose something that is a slight variation on the original one, or one that they have used elsewhere, or a weaker one. These behaviours can be exploited, CESG said: attackers can often work out the new password, if they have the old one.

Regularly changed passwords are more likely to be written down (another vulnerability) or forgotten, which means lost productivity for users and a pain for the help desk that has to reset it.

"It's one of those counter-intuitive security scenarios; the more often users are forced to change passwords, the greater the overall vulnerability to attack. What appeared to be a perfectly sensible, long-established piece of advice doesn't, it turns out, stand up to a rigorous, whole-system analysis." CESG said.
Read more
#619 New system to identify people by their 'brainprints'
#618 Android Security Report: 29 percent of active devices not up to patch vevels
#617 Chrome extensions will soon have to tell you what data they collect
#616 Changing your password regularly is a terrible idea, and here's why
#615 MIT reveals AI platform which detects 85 percent of cyberattacks
#614 US-CERT to Windows users: Dump Apple Quicktime
#613 Rogue source code repos can compromise Mac security due to old Git version.
#612 Google Alerts, direct webmaster communication get bugs fixed quickly
#611 How hackers eavesdropped on a US Congressman using only his phone number
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12