Think about all the passwords we use to access information every day. Whether it is email, social media, financial institutions or numerous other services, passwords have become the keys to our digital kingdoms. So it’s no surprise that Advanced Persistent Threat (APT) actors and malicious software target these credentials once they have compromised a system or systems in our network to further entrench and seek profit from unlocking our personal and corporate data. In order to curb this problem, most enterprises and operating systems encrypt this data to keep it safe. However, we have seen with the right tools these credentials can be unencrypted and used for more nefarious means. This problem has plagued even the largest organizations and the list of companies suffering from credential leaks is growing almost daily and includes such giants as LinkedIn, EHarmony and Yahoo.
In this talk, we discuss how these breaches occur, the risks to the organization as well as the individual and what can be done to mitigate this growing security epidemic. An “Enclave Protected Defense-in-Depth” strategy toward creating, securing and managing passwords against this class of attack will be propounded and a focus will be placed on explicating the tools, techniques and practices (TTPs) used by malicious actors that leverage these attacks to gain access within the network to breach critical data that can bring harm to the individual and organization. Lastly, we will explore how to improve personal and enterprise password strategies, discuss alternatives like two factor authentication and Active Directory Group Policy strategies to help mitigate this risk and, finally, speculate to what the future of authentication may look like.
StopWatching.us is a coalition of more than 100 public advocacy organizations and companies from across the political spectrum. Join the movement at Stop Watching Us. This video harnesses the voices of celebrities, activists, legal experts, and other prominent figures in speaking out against mass surveillance by the NSA. Please share widely to help us spread the message that we will not stand for the dragnet surveillance of our communications.
The Electronic Frontier Foundation (EFF) is a nonprofit civil liberties law and advocacy center that has been fighting the NSA’s unconstitutional spying for years.
Jesselyn Radack, Government Accountability Project, joins Thom Hartmann. Edward’s Snowden’s revelations about the NSA’s spying program have quite literally changed the world. What does Snowden himself think about all this?