Characteristics of a Relevant Information Security Program: Communications

In a business environment where resources are limited, compliance requirements abound, and budgets are constantly challenged to meet cost containment targets, this article will explore a strategy to align information technology (IT), information security (IS) (note: one is not necessarily inclusive of the other – a topic for another article), system and data owners (SDO), aka: your business units, and leadership.

Why 14 Characters?

While experts have agreed for decades that passwords are a weak method of authentication, their convenience and low cost has kept them around. Until we stop using passwords or start using multi-factor authentication (for everything), a need for stronger passwords exists. And as long as people create their own passwords that must be memorized, those passwords will remain weak and guessable. This blog/article/rant will cover a brief background of password cracking as well as the justification for SynerComm’s 14-character password recommendation.

OpenSSH < 7.7 - Username Enumeration Exploit

On August 15th, 2018 a vulnerability was posted on the OSS-Security list. This post explained that OpenSSH (all versions prior to and including 7.7) is vulnerable to username enumeration by sending a malformed public key authentication request (SSH2_MSG_USERAUTH_REQUEST with type “publickey”) to the service. Read more at our #_shellntel blog.

How to Build a 8 GPU Password Cracker

This build doesn’t require any “black magic” or hours of frustration like desktop components do. If you follow this blog and its parts list, you’ll have a working rig in 3 hours. These instructions should remove any anxiety of spending 5 figures and not knowing if you’ll bang your head for days. Read more at…