6 C
Tuesday, November 21, 2017
Home Tags SET

Tag: SET

Dave Newman Major tech companies, advocacy groups, and at least one senator have publicly proclaimed their opposition to two bills currently working their way through Congress.

The two pieces of proposed legislation would each significantly expand use of National Security Letters to include "Electronic Communication Transactional Records"—better known as metadata. As Ars has reported previously, federal investigators issue tens of thousands of NSLs each year to banks, ISPs, car dealers, insurance companies, doctors, and others in terrorism and espionage investigations.

The letters demand personal information, and they don't need a judge's signature, much less a showing of probable cause.

They also come with a default gag to the recipient that forbids the disclosure of the NSL to the public or the target.On Thursday, the Senate Judiciary Committee is set to vote on one of those provisions as an amendment to a bill called the Electronic Communications Privacy Act Amendments Act of 2015 (S. 356). The provision would allow NSLs to target "account number, login history, length of service (including start date)… Internet Protocol address… routing, or transmission information…" and more. This amendment is authored by Sen. John Cornyn (R-Texas), and it's being tacked on to a pending Senate bill.
If passed, the Electronic Communications Privacy Act Amendments Act of 2015 would mandate a warrant for the government to access e-mail and data stored online. (The House unanimously passed its companion version, known as the Electronic Communications Privacy Act, in April 2016.) The second possible legislative route to expanding NSL power comes via a revision to the Intelligence Authorization Act for Fiscal Year 2017. In a letter sent to the Judiciary Committee on Monday, groups including the American Civil Liberties Union, Amnesty International, and the Electronic Frontier Foundation said they would withdraw their support for the badly needed ECPA reform bill if the Cornyn amendment or the revision to the IAA were allowed to stand. As they wrote: The civil liberties and human rights concerns associated with such an expansion are compounded by the government’s history of abusing NSL authorities.
In the past ten years, the FBI has issued over 300,000 NSLs, a vast majority of which included gag orders that prevented companies from disclosing that they received a request for information.

An audit by the Office of the Inspector General (IG) at the Department of Justice in 2007 found that the FBI illegally used NSLs to collect information that was not permitted by the NSL statutes.
In addition, the IG found that data collected pursuant to NSLs was stored indefinitely, used to gain access to private information in cases that were not relevant to an FBI investigation, and that NSLs were used to conduct bulk collection of tens of thousands of records at a time. For his part, Sen. Ron Wyden (D-Ore), a longstanding civil liberties-minded lawmaker, also voiced his opposition to this amendment in a statement sent to Ars. "This bill takes a hatchet to important protections for Americans’ liberty," Wyden said, speaking specifically of the IAA. "This bill would mean more government surveillance of Americans, less due process, and less independent oversight of US intelligence agencies."
An updated spacewalk-remote-utils package that adds one enhancement is nowavailable for Red Hat Network Tools. Red Hat Network Tools provide programs and libraries that allow your system touse provisioning, monitoring, and configuration management capabilities providedby Red Hat Network and Red Hat Network Satellite.

The spacewalk-remote-utilspackage contains the spacewalk-create-channel utility that can be used to createchannels with a package set for a particular release.This update adds the following enhancement:* The spacewalk-remote-utils package has been updated to include channeldefinitions for Red Hat Enterprise Linux 6.8. (BZ#1336900)All users of Red Hat Network Tools are advised to upgrade to this updatedpackage, which adds this enhancement. Before applying this update, make sure all previously-released erratarelevant to your system have been applied.This update is available via the Red Hat Network.

Details on how touse the Red Hat Network to apply this update are available athttps://access.redhat.com/site/articles/11258Red Hat Network Tools SRPMS: rhnlib-2.5.22-6.el5.src.rpm     MD5: 66c92a7bb99e2c26708af6da90927679SHA-256: d0b521bb289389a45afa24f3733813c4e867481e9b0c9059fd6235c56ee05d43 spacewalk-remote-utils-2.3.0-9.el5sat.src.rpm     MD5: d4d3ee390467d4706fd3f78a2f3a54c0SHA-256: ca162f8b775c563da38978f780c6ac1e0140149ef696eb04a193df08cae2517d spacewalk-remote-utils-2.3.0-9.el6sat.src.rpm     MD5: b39ebbdee4347d3a46dbb6f0fb11ca9cSHA-256: eabb177e3a0d0ad3a6a6036fb65887b0e4f4bfb2d64a9a2af48b56a420192d74 spacewalk-remote-utils-2.3.0-9.el7sat.src.rpm     MD5: f12bffe8a43a8346aee90d762120c205SHA-256: bceda3e31b3122f0983a41931382d859bace1f7a3f18e563de0002a1699b423b   IA-32: spacewalk-remote-utils-2.3.0-9.el5sat.noarch.rpm     MD5: 1df514d25364a106ab11fc0812b42f17SHA-256: e5f0e259e3172581d0fadd10f06d6082eb2a3103d0f8185e3c964689730cfacc spacewalk-remote-utils-2.3.0-9.el6sat.noarch.rpm     MD5: 2655f3b66fe2128a8bc707474a2f638dSHA-256: d91034e3d78e652ec72a3626fd88cdd3fa365959d572386ca256cfb2e660cb10   IA-64: spacewalk-remote-utils-2.3.0-9.el5sat.noarch.rpm     MD5: 1df514d25364a106ab11fc0812b42f17SHA-256: e5f0e259e3172581d0fadd10f06d6082eb2a3103d0f8185e3c964689730cfacc   PPC: spacewalk-remote-utils-2.3.0-9.el5sat.noarch.rpm     MD5: 1df514d25364a106ab11fc0812b42f17SHA-256: e5f0e259e3172581d0fadd10f06d6082eb2a3103d0f8185e3c964689730cfacc spacewalk-remote-utils-2.3.0-9.el6sat.noarch.rpm     MD5: 2655f3b66fe2128a8bc707474a2f638dSHA-256: d91034e3d78e652ec72a3626fd88cdd3fa365959d572386ca256cfb2e660cb10 spacewalk-remote-utils-2.3.0-9.el7sat.noarch.rpm     MD5: 23614359ee293c2a177370d08c4f352cSHA-256: 1f126d0c25df4acfcd0e5be45d14fb6b4bb16aa082c59455ab5a9b8cfe8f8973   PPC64LE: spacewalk-remote-utils-2.3.0-9.el7sat.noarch.rpm     MD5: 23614359ee293c2a177370d08c4f352cSHA-256: 1f126d0c25df4acfcd0e5be45d14fb6b4bb16aa082c59455ab5a9b8cfe8f8973   s390x: spacewalk-remote-utils-2.3.0-9.el5sat.noarch.rpm     MD5: 1df514d25364a106ab11fc0812b42f17SHA-256: e5f0e259e3172581d0fadd10f06d6082eb2a3103d0f8185e3c964689730cfacc spacewalk-remote-utils-2.3.0-9.el6sat.noarch.rpm     MD5: 2655f3b66fe2128a8bc707474a2f638dSHA-256: d91034e3d78e652ec72a3626fd88cdd3fa365959d572386ca256cfb2e660cb10 spacewalk-remote-utils-2.3.0-9.el7sat.noarch.rpm     MD5: 23614359ee293c2a177370d08c4f352cSHA-256: 1f126d0c25df4acfcd0e5be45d14fb6b4bb16aa082c59455ab5a9b8cfe8f8973   x86_64: rhnlib-2.5.22-6.el5.noarch.rpm     MD5: 78994612aaefed5d0e0a05c6f9aa73e8SHA-256: f9c82b9606fd29827ded0e6b14de60cd33aa16ea13fe0b38191e2b23c2ed09d6 spacewalk-remote-utils-2.3.0-9.el5sat.noarch.rpm     MD5: 1df514d25364a106ab11fc0812b42f17SHA-256: e5f0e259e3172581d0fadd10f06d6082eb2a3103d0f8185e3c964689730cfacc spacewalk-remote-utils-2.3.0-9.el6sat.noarch.rpm     MD5: 2655f3b66fe2128a8bc707474a2f638dSHA-256: d91034e3d78e652ec72a3626fd88cdd3fa365959d572386ca256cfb2e660cb10 spacewalk-remote-utils-2.3.0-9.el7sat.noarch.rpm     MD5: 23614359ee293c2a177370d08c4f352cSHA-256: 1f126d0c25df4acfcd0e5be45d14fb6b4bb16aa082c59455ab5a9b8cfe8f8973   (The unlinked packages above are only available from the Red Hat Network) 1336900 - Need update of spacewalk-remote-utils with RHEL 6.8 channel definitions These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
Microsoft's EMS integration with Lookout aim to strengthen customer access policies. Microsoft has partnered with mobile security company Lookout.

The integration of Microsoft’s Enterprise Mobility Suite (EMS) with Lookout is aimed at combining efforts to thwart mobile threats and protect data across users, devices, and applications.

Businesses will be able to include threat intelligence from Lookout into the conditional access policies set up in EMS. “Lookout shares our belief that mobility should empower employees, not restrict them,” said Brad Anderson of Microsoft’s Enterprise Client & Mobility Group, adding “Companies should limit their exposure to potential security breaches.” Lookout CEO Jim Dolce said: “The business agility provided by mobile computing will continue to drive adoption despite the security risks involved.” Microsoft also has made a financial investment in Lookout. To learn more on the partnership, read Lookout’s blog post. Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events.

For more information from the original source of the news item, please follow the link provided in this article.
View Full Bio More Insights
A provocative white hat hacker who has previously disclosed vulnerabilities in both California’s ObamaCare portal and FireEye's core security product has now revealed a serious flaw in the Council of Better Business Bureau’s (CBBB) Web-based complaints application, which is used by nearly a million people annually to file complaints against businesses.The CBBB criticized the “unauthorized application vulnerability test” but said in a statement that they believe “the motivation was not malicious," and are "not pursuing the matter further." The CBBB is the umbrella organization for the independent local BBBs, the not-for-profit consumer advocacy groups that operate in the United States, Canada, and Mexico.

The BBBs attempt to mediate disputes between consumers and businesses, and also accredit businesses based on how well the business meets the BBB’s “Standards of Trust.” Independent security researcher Kristian Erik Hermansen discovered the vulnerability while attempting to file a complaint against Verizon. He told Ars the telecoms giant had defrauded a family member and that despite a successful class-action lawsuit against the company, the fraudulent charges were causing the family member credit problems. "I saw an earlier complaint I filed and noticed the ID numbers were close in proximity," he told Ars. "Thus, they were likely incremental. Whenever I see integers, I increment, and see [what happens]....Then I attempted to access one report using another ID," he said, "and it worked, but only if you have a valid cookie / session token." CBBB told Ars the vulnerability is now fixed. However, Hermansen took the opportunity to explain his work. His exploit set a cookie and increments the attachment ID: n='10000044'; curl -s -b 'OurBBBODRExtranet=F99BDCDFDE33270CC83556A9E540355DC7B870387F8A1C52FF7C27D1B99A29E65C635305959DBA7A8D8D416A5295FD4DCCEBBD710B15C79D35C1D8B5825196AC502809E79356DC8B48F9ED91C2760114859ACBAAE3557256A22C4C941A8CE793882AB171E022E66014F19714468F02C975188FFE6509B3482E134E6F43FB3088AB541C2275BCB9C468E516020767B76DC2F405FB6557A52FCE611BDBEE071AF595C629144766F176F8B4E7632A7CF57FDBF0C1DA77D89916341A9C7651FCAC4639A9E68A236C7AD4A0936FF9B8C02ECB6742E64ADB5B07E1ED8D1599E31EEA6399798E692AE11A0FEEC31792B7E1368B5C13B08B0A5A3EF37996BB9CD7AD634E356DA684561978256306F38D34B13295CEF15FD5F8E4029579620FB36BCDC102E8DF86EEDFD5368DF8474CEDADA81227912D55904949B26A76D28D0F3EB5B0D0B960E434C460F773F9D4F3AA819C0A41ADCFB9F27E93744FA5EEB9864745D5B766A2E0E9C2A96C92EC68DC2A6029046F7D62E241CA319132C77221147E72C2DFE8216ABE51D3348139EA916E3A9F3FF4FEA6F61F59C9F0C0B32335538A7C79080B4C54CA' "https://bluecomplaints.bbb.org/MessageAttachment.aspx?MessageID=${n}&MessageAttachmentIndex=0" > /tmp/10000044.pdf "Pick any number n,” Hermansen said. “You need to change the extension based on content-dispositon header." A quick iteration produced a list of files that included thousands of e-mail attachments from people using BBB's online complaint process—including document names that suggested the presence of sensitive personally identifying information (PII), such as social security numbers, dates of birth, credit card details, and so forth. Enlarge / Hermansen provided Ars with a list of more than 4,000 filenames, including documents that appear to refer to disputes regarding credit card transaction, locksmiths, disability insurance, auto repair, collection agencies, and many others.

Ars has redacted the filenames to protect the privacy of the affected users. Alarmed, Hermansen contacted the BBB to alert them to these issues. "I called multiple times over the last week or so," he told Ars. "No calls back.
I did get a couple people on the phone but they were clueless non-technical people." Hermansen also tried to use the BBB's online complaint system to lodge a support ticket but says the BBB closed the ticket because he wanted to report the vulnerability anonymously.
It was only after he successfully reported the vulnerability that he agreed to be identified publicly. Frustrated by any clear path to report this serious issue, Hermansen reached out to Ars. A day later, our request for comment led to a 45-minute telephone conversation between Hermansen and Michael Perdue, COO of the Council of Better Business Bureaus. According to Hermansen, the COO thanked him for his efforts, and promised to make it easier to report security vulnerabilities in the future. "I think they are doing a good job now," Hermansen said. "It's because their organization is fragmented and run like a non-profit franchise so each one doesn’t know all the process for getting info to the right people sometimes." In a statement, the CBBB made it clear it was less than thrilled by the “unauthorized test.” "A user of BBB’s complaint system," they wrote, "who is also a security expert, performed an unauthorized application vulnerability test of one of the organization’s primary IT vendors.

The user notified BBB about a vulnerability that he detected.

As soon as this vulnerability was brought to CBBB’s attention, it was quickly fixed.

CBBB believes the motivation was not malicious, and is not pursuing the matter further." Hermansen denied conducting an unauthorized vulnerability test and emphasized that he did not access any users' data besides his own. "I have not performed any penetration testing," he said. "I have used mathematics to increment an integer.
See The State vs. Weev." The difference between this case and Weev's, he added, is that the notorious black hat had "accessed other people's private info.
I have not. Only my own." CBBB's statement also denied that their complaint processing application collected personally identifiable information (PII) such as date of birth, social security numbers, or banking details.

CBBB wrote: Through its complaint handling system, BBB collects the following PII: name, address, telephone number, and e-mail address.

This PII is redacted before the details of the complaint are published at bbb.org. Other information collected pertains to the nature of the complaint: the business, its address, the date and nature of the transaction in question, and details about the dispute. BBB does not request other PII or sensitive information such as date of birth, Social Security or Social Insurance numbers, banking or credit card information, etc. Users of the BBB online complaint filing system are urged not to attach any documents that include such information. But, Hermansen pointed out, even though the BBB does not collect that information on purpose, that information is "in there due to the nature of consumer issues with banks and credit firms." He also noted that some of the complaint attachments appeared to contain personal health information (PHI). "BBB has a specific form for PHI." BBB declined to answer our follow-up questions asking what additional steps they intend to take to secure their online services going forward, saying only that the “written statement is our only on-the-record comment.” Of late, headlines have been full of “white hat finds vulnerability, police make arrest at gunpoint in dawn raid.” The CBBB deserves credit for responding so rapidly—and dare we say, so maturely—to Hermansen’s provocative efforts to report the security flaw. As Hermansen put it, "It usually doesn't work this way." J.M. Porup is a freelance cybersecurity reporter who lives in Toronto. When he dies his epitaph will simply read "assume breach." You can find him on Twitter at @toholdaquill. This post originated on Ars Technica UK
Recently, Microsoft published a new password policy recommendation paper containing advice that flies in the face of conventional wisdom on the subject.
Some of the contrarian viewpoints include: Eliminate long password requirements Eliminate complexity requirements Do away with password life expirations Along with this unconventional advice comes a bunch of useful suggestions: Ban common passwords Eliminate password reuse Enforce multifactor authentication Enable risk-based, multifactor authentication challenges Altogether, this is one of the more useful password references I’ve seen in a long time.
If you ask me, some of these updated recommendations are overdue.

To understand why, you need to know a little about how guidelines for passwords have evolved. Conventional password wisdom Traditional password recommendations, as implemented by most companies, typically call for passwords at least eight to 12 characters long, complexity that includes at least three different character sets (letters, uppercase, lowercase, numbers, symbols, and so on), and the stipulation that passwords should be changed at least every 90 days. It has taken most companies decades to implement those recommendations rigorously. Moreover, those same companies probably still have a system or two on which they were unable to enforce the policy. How have users dealt with those password rules? They grudgingly moved from short, six-character passwords with no expiration date or complexity to long, complicated strings.

That move made it hard for most people to remember what they chose for a password, a problem best captured in a now classic XKCD cartoon. How password problems have changed After the initial pain of using longer, more complex, more frequently changed passwords passed, users have for the most part accepted it as a way of life.
Implementing those recommendations actually decreased the risk of password guessing/cracking. But over the last decade, hackers have changed the way they attack passwords.

Back in the day, most password attackers literally guessed at user’s passwords.

They found an externally accessibly portal where they could guess using manual or automated methods -- or they found the password hash and used rainbow tables to convert passwords back to the plaintext equivalents. Today, almost all password attacks are one of two types. Users are either socially engineered (phished) out of their password, or the attacker steals their hash and uses it during other authentication attempts.
In both scenarios, long and complex passwords offer little protection. Yes, some attackers and malware still try to guess passwords, but they're now in the minority. New password attack methods require new policies. Eight (to 12 characters) is enough If you use account lockouts after X number of password tries -- or monitor for and alert on instances of very fast, automated password guessing -- passwords of eight to 12 characters are long enough in most instances. You can add complexity requirements, but it doesn’t increase protection by much anymore. (In fact, as the XKCD cartoon illustrates, it can be detrimental.) I’ve registered at a few websites lately where users are unlikely to enter sensitive information.

There's no reason to require extra complexity -- yet these sites demand passwords containing four or five character sets! It’s truly insane.
I end up with a  gobbledygook password I can never remember. Let’s use our passwords longer Today, many companies require new passwords every 45 to 90 days.
I say that forcing changes every 120 to 180 days is fine.
I’ve seen a few companies push forced password changes to one year without any increase in password hacking issues. That said, I still think highly privileged accounts should have their passwords changed very frequently, perhaps as often as once per day or once per use.
It virtually assures you’ll need additional software to accomplish this, but since those accounts are the ones attackers target, it makes sense. Don’t reuse passwords across security domains This recommendation is huge -- and hard to enforce. When you reuse passwords across security domains, websites, or various services, you increase your hacking risk exponentially. Many big, recent hacks have occurred due to password reuse. Many companies even download (or subscribe to a commercial service that downloads) illegally obtained website password databases to see if their employees' passwords are located in them.
If so, the employee gets a warning -- and may even get fired. Use risk-based scenarios I’m particularly enthusiastic about the recommendation to implement risk-based, multifactor authentication challenges.
It makes sense that higher-risk scenarios should require greater authentication assurance. For instance, if you log into your email account from your normal computer from your normal location, it may even be OK to allow some sort of autologon using a stored, simple password.

But if you try to log on to the same email account from a new computer in a new country, you need stronger measures. Hotmail works this way for me right now: I use a simple password on my own computer at home, but if I log on to the same account from a new hotel, I need to enter a PIN sent via text to my phone. Microsoft’s risk-rating mechanism is even smart enough to recognize that I’m a frequent traveler, so I don’t get asked for the second-factor PIN all the time now -- only when I’m in high-risk areas or if I’ve traveled very far, very quickly from my last logon location. Problem with password policy changes I'd love to see these these new password policies implemented overnight. Unfortunately, most companies are forced to apply traditional password policies by one or more regulatory agencies, regardless of what Microsoft or any other vendor recommends. It took decades for the regulatory bodies to implement those outdated requirements.
It will probably take a decade for those same regulatory bodies to accept any new, improved password policies.

Even if we decide want to implement a new set of password policies -- and even if those changes are backed up by data -- regulations will lag far behind and can prevent change from occurring. Some of those legacy rules are pretty stupid.

For example, a six-to-eight-character complex password would be acceptable according to most regulatory policies, but none allow a 42-character, noncomplex, easy-to-remember password made up of a random series of words, even though the latter is inarguably more resistant to attack. It reminds me that there's often a difference between security policy and true security. One is an unyielding dictum, the other is faster and more flexible in the face of new attacks and facts. Nonetheless, we all need to rethink what our password policies should be. We and our regulators need to move as quickly as our attackers.
Cyber-security firm to work with security specialist value-added distributor to support aggressive EMEA expansion plansLondon – 7 June 2016 – Malwarebytes™, the leading advanced malware prevention and remediation solution, today announced it has signed Wick Hill as a pan-European value-added distributor specialising in security.

The agreement supports Malwarebytes’ rapidly growing presence in Europe and continued strategy to expand in the area through channel relationships. Ian Kilpatrick, chairman Wick Hill Group Wick Hill and Malwarebytes will work together to offer the cyber security company’s advanced endpoint protection and remediation capabilities for enterprises to resellers in the UK, DACH, Benelux, France and the Nordics, as part of a two-tier distribution model. Wick Hill is frequently recognised as one of the best specialist security distributors in the region, and the deal will further expand Malwarebytes’ reach while providing Wick Hill with access to an increasingly in-depth portfolio of layered solutions. Anthony O’Mara, VP, EMEA at Malwarebytes, said: “Given the ever advancing threat landscape, the possibility of suffering a security breach has never been higher. Our proven ability to quickly detect and remediate these threats means our products are in higher demand than ever. “Given its reach and reputation in the cyber security space, Wick Hill is an ideal partner for us.

The company also operates an enviable range of partner support services and has a track record of helping vendors expand their reseller base and grow sales.

As part of Rigby Private Equity (RPE), Wick Hill also has access to an established network of resellers across EMEA, and we will be taking advantage of that to grow our presence even further in the future.” Ian Kilpatrick, chairman Wick Hill Group, continued: “We are delighted that Malwarebytes has chosen Wick Hill as a pan-EMEA distribution partner.

Driven by the strength of its product set, the company has a uniquely valuable brand in the security market, providing resellers with a massive opportunity.” “In today’s increasingly insecure IT environment, multi-level protection is vital and we feel Malwarebytes fits perfectly into our existing portfolio. We’re very excited about helping the company grow its EMEA channel to expand across the region.” In July 2015, Wick Hill became part of Rigby Private Equity (RPE). RPE is building an EMEA-wide, high-value, specialist distribution business, with a common proposition and consistent delivery.
Value added distributor Zycko, is also part of RPE with the combined Wick Hill and Zycko product portfolio encompassing networking, infrastructure, security, communications, storage, access, performance, monitoring and management. Paul Eccleston, head of RPE, commented: “The appointment of Wick Hill by Malwarebytes is another milestone for RPE, following Zycko’s recent appointment by Unitrends as its sole EMEA wide distributor.
It demonstrates that there is a strong need for a pan-EMEA distributor that can work with companies wanting to expand and grow internationally, in partnership with a value added distributor that can deliver technical and sales support consistently, whilst giving vendors access to an established reseller network.” -- ENDS -- About MalwarebytesMalwarebytes protects consumers and businesses against dangerous threats such as malware, ransomware, and exploits that escape detection by traditional antivirus solutions. Malwarebytes Anti-Malware, the company’s flagship product, has a highly advanced heuristic detection engine that removed more than five billion malicious threats from computers worldwide. More than 10,000 SMBs and enterprise businesses worldwide trust Malwarebytes to protect their data.

Founded in 2008, the company is headquartered in California with offices in Europe, and a global team of researchers and experts.

For more information, please visit us at https://www.malwarebytes.com/.Malwarebytes reflects the operating philosophy of its founder and CEO Marcin Kleczynski: to create the best disinfection and protection solutions to combat the world’s most harmful Internet threats. Marcin was recently named “CEO of the Year” in the Global Excellence awards and has been named to the 2015 Forbes 30 Under 30 Rising Stars of Enterprise Technology list and the Silicon Valley Business Journal’s 40 Under 40 award, adding those to a 2014 Ernst & Young Entrepreneur of the Year Award. About Wick HillEstablished in 1976, value added distributor Wick Hill specialises in secure IP infrastructure solutions.

The company sources and delivers best-of-breed, easy-to-use solutions through its channel partners, with a portfolio that covers security, performance, access, networking, convergence, storage and hosted solutions. Wick Hill is particularly focused on providing a wide range of value-added support for its channel partners.

This includes strong lead generation and conversion, technical and consultancy support, and comprehensive training. Wick Hill Group is part of Rigby Private Equity, a subsidiary of Rigby Group Investments, an independent company within Rigby Group plc. Wick Hill has its headquarters in the UK and offices in Germany and Austria. Wick Hill also offers services to channel partners in fourteen European countries and worldwide, through its association with Zycko, as part of RPE. For further press information on Wick Hill, please contact Annabelle Brown on 01326 318212, email pr@wickhill.com. Wick Hill https://www.wickhill.com.

For further press information on Malwarebytes, please contact Aislinn Collins on 07980 711864, email malwarebytes@fieldhouseassociates.com
NEWS ANALYSIS: Facebook founder and CEO Mark Zuckerberg made a mistake that many, perhaps most, people make and reused passwords for some social networking sites. To some extent, the breach that got Facebook's Mark Zuckerberg was more an amusing lesson than a catastrophe. Zuckerberg's LinkedIn login information was taken in the massive breach of that service four years ago, but it wasn't made public until a few weeks ago. When hackers found Zuckerberg's password, they tried it in other places, briefly hijacked his Twitter and Pinterest accounts, and then bragged about it online.Fortunately, Zuckerberg has a top security team, so the password problem was fixed almost instantly.

Apparently, Zuckerberg overlooked the passwords on some accounts that he uses only infrequently, and when they were set up years ago, nobody thought much about security.

Today they do.One of the basic rules about security when it comes to passwords is that you should have unique passwords for every place you visit online that uses passwords and that you should change them periodically.

This is a good rule, and if everybody followed it, we'd see fewer breaches like the one that caught Zuckerberg.

But almost nobody follows the advice because it's hard. Really hard.Think of all the places where you enter your user name and password and add them all up.
It will certainly be in the dozens when you count your corporate, financial and sensitive services, such as your medical records.

Then add your social media sites, recreational and shopping sites, and you could start getting into the hundreds.

This would mean that you create and keep track of hundreds of unique passwords that are complex enough to preclude guessing. It also requires making sure they can't be guessed because user names are frequently known publicly, what with the current trend of requiring your email address as your user name on many sites.

This means that a hacker really only has to guess one thing to get into your accounts—your password.
So it needs to be good. And now we come to the problem that confronted Zuckerberg and which almost certainly confronts you now. How do you create those passwords and how do you keep track of them? It's a daunting task, especially in cases where it's an account you rarely use.Fortunately, there's an answer. Password managers are available from a variety of sources.

They're frequently free for individuals, but there are also enterprise password managers.

There are a couple of very nice, very secure password management devices for situations when software on your computer or in the cloud just isn't secure enough.For years, I've used the password manager from Mandylion Labs for things that are really important.

This is a token that will create complex passwords for you, and it will keep track of up to 50 logins. You can access the token through a keypad and small screen or through a USB connection.

The keypad requires a coded set of button presses, and if you get them wrong, it can lock the token or erase it completely.Not everyone is ready for a password manager with military-grade security, so there are plenty of software password managers available. Most will work on Windows computers and on Android and iOS devices.
Some will also work on Mac OS devices.