Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Windows 10 Security Questions Prove Easy for Attackers to Exploit
Newest First  |  Oldest First  |  Threaded View
CameronRobertson
50%
50%
CameronRobertson,
User Rank: Moderator
12/22/2018 | 6:42:38 AM
Cost to security balance
I've always thought security questions are a little silly because it's just some random question that comes for a pre-existing drop down list. You only need to do a little bit of digging to find out that kind of information I reckon? Surely with blockchain and all that sort of thing, security issues might be better managed? Otherwise companies are surely able to come up with a better way to protect our personal information somehow as long as it helps them to manage costs! 
jenshadus
50%
50%
jenshadus,
User Rank: Strategist
12/19/2018 | 6:30:43 AM
Re: Companies improve too
I completely agree with you that it's each company's responsibility to implement end user security. I'm just thinking that the technology that MS and MC are developing may work.  I for example refuse to get a MC.  So then what?
michaelmaloney
50%
50%
michaelmaloney,
User Rank: Apprentice
12/18/2018 | 10:50:41 PM
Companies improve too
Well, users have no control in the security measures being put in place by the various companies. If it is known that security questions serve no purpose in preventing threats from attacking, then it is entirely up to the companies to do their part and improve. This is for their own customers' sake and for their business to continue receiving support without fail.
jenshadus
50%
50%
jenshadus,
User Rank: Strategist
12/6/2018 | 9:32:39 AM
broken security
There is all this talk about multi factor authentication.  One would think someone (not me, I'm clueless) would figure out how to use MFA to address getting locked out of a system.  I know that MS and Mastercard (MC) are talking about this combination to use as MFA, but still think they need to to bring everyone else on board with this.  So back to the MFA, is it possible?


Stop Defending Everything
Kevin Kurzawa, Senior Information Security Auditor,  2/12/2020
Small Business Security: 5 Tips on How and Where to Start
Mike Puglia, Chief Strategy Officer at Kaseya,  2/13/2020
5 Common Errors That Allow Attackers to Go Undetected
Matt Middleton-Leal, General Manager and Chief Security Strategist, Netwrix,  2/12/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
How Enterprises Are Developing and Maintaining Secure Applications
How Enterprises Are Developing and Maintaining Secure Applications
The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-5530
PUBLISHED: 2020-02-18
Cross-site request forgery (CSRF) vulnerability in Easy Property Listings versions prior to 3.4 allows remote attackers to hijack the authentication of administrators via unspecified vectors.
CVE-2020-1842
PUBLISHED: 2020-02-18
Huawei HEGE-560 version 1.0.1.20(SP2); OSCA-550 and OSCA-550A version 1.0.0.71(SP1); and OSCA-550AX and OSCA-550X version 1.0.0.71(SP2) have an insufficient authentication vulnerability. An attacker can access the device physically and perform specific operations to exploit this vulnerability. Succe...
CVE-2020-8010
PUBLISHED: 2020-02-18
CA Unified Infrastructure Management (Nimsoft/UIM) 9.20 and below contains an improper ACL handling vulnerability in the robot (controller) component. A remote attacker can execute commands, read from, or write to the target system.
CVE-2020-8011
PUBLISHED: 2020-02-18
CA Unified Infrastructure Management (Nimsoft/UIM) 9.20 and below contains a null pointer dereference vulnerability in the robot (controller) component. A remote attacker can crash the Controller service.
CVE-2020-8012
PUBLISHED: 2020-02-18
CA Unified Infrastructure Management (Nimsoft/UIM) 9.20 and below contains a buffer overflow vulnerability in the robot (controller) component. A remote attacker can execute arbitrary code.