Tenable Network Security Podcast 203 - "Ebay Got Hacked"
- We're hiring! - Visit the Tenable website for more information about open positions.
- Want to ask questions about Nessus, SecurityCenter, LCE, and PVS and get answers from the experts at Tenable? Join Tenable's Discussion Forum for custom scripts, announcements, and more!
- You can find links to subscribe to Tenable's Podcast feed, YouTube Channel, Twitter and Facebook accounts at http://www.tenable.com/podcast!
- Good Ol’ SQLi Used to Hack Naval Database from Nuclear Carrier
- How to wiretap a country
- Bitly Installs Two-Factor Security After Insider Account Compromise
- Why Your Router Is A Security Risk & How To Fix It
- Schneider Electric asks users to patch Heartbleed again
- Another Internet Explorer Zero Day Surfaces
- Why is eBay burying news of its security breach from its users?
- Hacking the D-Link DSP-W215 Smart Plug
- eBay Urges Password Changes After Breach — Krebs on Security
- Ebay Got Hacked - This is the same story I feel like I've read 1,000 times. It boils down to "big web site was breached, they stole the password database, everyone needs to change their passwords". A few things:
- While there are issues with two-factor authentication in corporations for authenticating users to applications, if your business is a web site (Ebay, Google, LinkedIN) at some point you have to make two-factor authentication available and make it easy for people to use.
- People always shout about the passwords, but tend to gloss over the fact that someone exploited something to gain access in the first place. In this case, it sounds like, nothing official here, Ebay employees were socially engineered and lost their passwords. Training, user awareness, etc... all apply here
- So on the password soap box again, store your passwords securely. Its well documented.
- Make it easy for the user to change their passwords!
- Finallly, can we solve this problem of passwords already? I guess not.
- The Internet Is A Horrible Place - Yea, I said it. The problem is what do we do about it? I tell you what we should not do is create browsers and web browser technology that has lots of vulnerabilities. Darn, too late. All too often we cover vulnerabilities in web browsers, Flash, Java and the like. Securing this technology leads to user unhappiness, such as what if I were to reset a virtual system hosting a web browser each time you used it? Your bookmarks, cookies and saved passwords would all go away. There has to be a better way, but in the mean time, have a strong patch and vulnerability management system.
Cybersecurity News You Can Use
Enter your email and never miss timely alerts and security guidance from the experts at Tenable.