fbpx
mobile header

Wishing to ditch your password manager?

LogMeOnce will credit you for any remaining time on your current bill. See the comparison table...

Latest Posts

Take a moment to consider how many passwords you have online. Sure, there are the primary three or four that you use every day, but how many sites have you created accounts on? Online shopping, accounts associated with work, apps required for package delivery, and more are all things that
Read More

4.88 billion people from around the world use the internet on a regular basis. This might be for work, online banking, shopping, or streaming entertainment services. Every single one of these activities involves logging into a private account and for this, you'll need a password!  Unfortunately, having a big online presence
Read More

Are you frustrated because you can't remember all of your passwords? It can be challenging to get things done on your digital devices when you constantly find yourself stuck and looking for another password.  Thankfully there are several things you can do that will help you to know how to remember passwords.
Read More

The internet is starting to look like the Wild West. In January 2021, a breach at Microsoft left more than 280 million customer records unprotected. Data breaches are costing millions of dollars to deal with, and they're growing more expensive as time passes.  Many people think that data breaches are the
Read More

blog-images_featured-dave

PASSWORDS ARE AND HAVE ALWAYS BEEN AN ACHILLES HEEL IN CYBERSECURITY

“I’m afraid people will remain the weakest link in security, and the vast majority of cybercriminals go after this lowest hanging fruit. It’s the least effort for the most reward.” Introduction At Logmeonce, we’re focused on helping protect you against cybersecurity threats. We do this in many ways. First, we provide you with a suite of tools, including a password management tool, to help keep your passwords safe.  However, technology itself can’t solve all of our security woes (as we’ll soon discuss below). Education plays a big role in staying safe online. For this reason, from time to time, we bring in cybersecurity experts from around the world to help educate you, our blog readers, about the various ways you can protect yourself online.  Today, Logmeonce had the opportunity to chat with Dave Witelegg, a cybersecurity expert, about his involvement in the cybersecurity space.  We have an exciting interview planned for you today, so without further ado, let’s jump in!   The Interview Hello and thank you for taking the time to chat with our blog readers today Dave. You have over 25 years of commercial experience in just about everything related Cyber and Information Security, whether it’s firewalls, biometrics, encryption, operating system security, cybercrime, hacking techniques, data protection, information security management, cyber threat and risk assessing, threat intelligence, payment card security, and even pioneering Satellite VPN connectivity. But let’s start this interview by rewinding back to your early days in the cybersecurity space. What motivated you to get involved in this space? What drew you in in the first place? I have always been fascinated in how technology works, as a young boy in the 1980s I recall taking apart one of the early home budget computers released in the UK, a ZX Spectrum, just to satisfy my curiosity on how this to space-age new technology worked. My inquisitiveness led to break into and recode one of the early football team management ZX Spectrum devices, allowing my football team to have the most money, best players and always win matches. I didn’t know it at the time, not only was I teaching myself how to write code, but the process I was undertaking was hacking, persistently making repeated trial and error attempts until I achieved the outcomes I wanted. When I look at new technology today, I still seek to thoroughly understand how it works, naturally thinking about the weaknesses which could be exploited, and the negative impact of such exploits on the people and businesses using the technology. I developed a kind of a ‘hacker’s eye for business’, this in addition to understanding the motives of the threat actors, makes a good fit for an enjoyable and rewarding career in cyber and information security. Cybersecurity was a very different space 25 years ago. How do you feel the balance of power has shifted within the cybersecurity space within the last 25 years? Do you feel that cybersecurity is becoming better and harder for hackers to penetrate? Or do you believe that advances in technology are only temporary patches that hackers eventually find ways to work around? Over the last 25 years who has been winning in the game of cat and mouse? How have you seen the balance of power shift during the last 25 years? We are all more reliant on technology than any point in our history. In the last 25 years we have seen an information technology revolution, with IT steadily becoming more complicated, widespread and connected. Today we all carry powerful persistently globally connected computers in our pockets, a technology which empowers and enriches our everyday lives. However, this tech revolution also means the attack surface and opportunity is also greater than ever for a growing army of globally connected malicious actors. Today it doesn’t take a great deal of skill or even technology to become a proficient cybercriminal, indeed, technology like cryptocurrencies, the dark web and even YouTube tutorials are aiding bad actors on a global scale to commit nefarious acts. So the unwinnable security game of cat and mouse, has got a whole lot bigger over the past 25 years, and when security stands still, the bad guys always win. Let’s talk a little bit more about password security for a moment. You mention on your blog a case where a Ring camera was compromised and a hacker gained access to a young girl’s room through her camera and then proceeded to have a conversation with her. This hack seemed to be caused by “password stuffing”. Have you noticed an uptick in the amount of IoT device hacks, not due to the device itself being compromised, but due to weak passwords? In many of these cases where the hackers target an IoT device, what are they often looking to gain from the hack? Passwords are and have always been an Achilles Heel in cybersecurity, especially with IT systems connected to the internet, such as IoT devices like the Ring camera. The first issue with password security is people choosing a weak strength password, to help them easily remember them. Cybercriminals know this too well, so will try all the most popular and commonly used passwords obtained from past data breaches, to attempt to break into the online accounts. The second problem is people use the same exact username and password credentials on multiple online accounts, so if one account password is compromised, which may not even be the account holders fault perhaps due to a compromise of a third party website, cybercriminals are able to use the same stolen credentials to log in to other online accounts the user might have. Typically the bad actors will attempt to access popular online email accounts, social networking and popular eCommerce websites. These types of attacks using stolen credentials can be performed on mass in so-called ‘credential stuffing’ attacks, which automates the process and reveals accounts where the same credentials are used. One effective method to safeguard the inherent insecurity of passwords is to enable

Read More »
blog-images_featured-georgia

“As Mobility Becomes The Majority, We Will See More Mobile Attacks.”

“But the red team fascinated me. It was just simple stuff like putting up message boxes on our systems that said, “I like turtles” and using remote administration tools like Nuclear RAT or Poison Ivy, but not knowing anything about hacking I thought it was the coolest thing in the world. Like a future virtuoso hearing the sound of the cello for the first time, I realized that all I wanted to do was be able to do that.” Introduction At Logmeonce, we’re focused on helping protect you against cybersecurity threats. We do this in many ways. First, we provide you with a suite of tools, including a password management tool, to help keep your passwords safe.  However, technology itself can’t solve all of our security woes (as we’ll soon discuss below). Education plays a big role in staying safe online. For this reason, from time to time, we bring in cybersecurity experts from around the world to help educate you, our blog readers, about the various ways you can protect yourself online.  Today, Logmeonce had the opportunity to chat with Georgia Weidman, founder and CEO of Bulb Security. She is also a serial entrepreneur, penetration tester, security researcher, speaker, trainer, and author. She holds an MS in computer science as well as holding CISSP, CEH, and OSCP certifications. Her work in the field of smartphone exploitation has been featured internationally in print and on television. We have an exciting interview planned for you today, so without further ado, let’s jump in!   The Interview Hello and thank you for taking the time to chat with our blog audience today about your experience in the cybersecurity space. Can you begin by telling us a little bit more about your early days within the cybersecurity space? What was it about this niche that grabbed your attention and never let go?  I studied Math as an undergrad. I wanted to just be in a lab doing math problems all day, but quickly realized in graduate school that those kinds of positions were hard to come by. So, I switched to computer science in graduate school since it seemed like I could at least get a job in that. In graduate school, we competed in the Mid-Atlantic Collegiate Cyber Defense Competition. Don’t get me wrong, being on a student team getting pulverized by the professional attackers on the red team, yelled at by the mock CEO for services being down due to said red team, and having to figure out things like how to set up Active Directory on the fly made me want to vomit from the stress. But the red team fascinated me. It was just simple stuff like putting up message boxes on our systems that said, “I like turtles” and using remote administration tools like Nuclear RAT or Poison Ivy, but not knowing anything about hacking I thought it was the coolest thing in the world. Like a future virtuoso hearing the sound of the cello for the first time, I realized that all I wanted to do was be able to do that. It didn’t hurt that as a security researcher I could totally sit in a lab all day doing math-like problems. Your work in the realm of smartphone exploitation has been featured internationally in different media channels. You were also awarded a grant to continue your work within the field of mobile device security. What is it about mobile device security that you find so fascinating? Why is this an area of specific interest to you? There wasn’t any particular plan behind it. I did my first research project and presented at Shmoocon on SMS based botnets, before it became in vogue for attackers to do just that. Then the DARPA Cyber Fast Track program started and I was encouraged to apply. I needed some major research project and it occurred to me that mobile was just as vulnerable as anything else to phishing attacks, local privilege escalation attacks, and even remote code execution and client sides as any other platform. Yet it wasn’t, and still isn’t other than my products, being served by the security testing market. So, I proposed creating a tool for doing penetration testing for mobility and was accepted by DARPA. The rest, as they say, is history. So mobile became my niche. I often consider doing a research project on something completely different just to keep people guessing.  All of your hard work has paid off and resulted in you being able to release an open source project into the world called “Smartphone Pentest Framework” or SPF. Can you tell us a little bit more about what SPF is and how it contributes to the world of mobile security? Why did you decide to make it open source?  Well SPF was the result of my DARPA grant. The idea was to comprehensively be able to simulate the same attacks attackers use against mobile — from phishing to client sides to simulated malware and post exploitation. SPF has now been folded into Shevirah’s Dagah product line for enterprise security testing and monitoring. It’s not open source any more since my investors didn’t want it to be, but there is still a free edition with all of the features of SPF and more.  The free edition is aimed at students and security researchers wanting to test their personal device or do mobile security research as opposed to penetration testing a client or doing continuous monitoring of an enterprise with the professional and enterprise editions respectively. On the topic of mobile security, what three pieces of actionable advice would you give to smartphone users who have little understanding of complex security issues at play, but want to keep themselves protected the best they can? Take mobile phishing seriously. So many security awareness programs focus solely on email. People are learning not to click on suspicious links in emails, but you can be phished any way a link can be served to you. Mobile services

Read More »
blog-images_featured-lisa

Technology And Education Will Be Key In Helping Users With Their Cyber Hygiene

“The (educational) information delivered to end users needs to be simple and easy to follow without complex language, jargon or acronyms.” Introduction At Logmeonce, we’re focused on helping protect you against cybersecurity threats. We do this in many ways. First, we provide you with a suite of tools, including a password management tool, to help keep your passwords safe.  However, technology itself can’t solve all of our security woes (as we’ll soon discuss below). Education plays a big role in staying safe online. For this reason, from time to time, we bring in cybersecurity experts from around the world to help educate you, our blog readers, about the various ways you can protect yourself online.  Today, Logmeonce had the opportunity to chat with Lisa Ventura,  an award-winning Cyber Security consultant and is the CEO and Founder of the UK Cyber Security Association (UKCSA), a membership association that is dedicated to individuals and companies who actively work in cyber security in the UK. She has over 10 years’ experience in the cyber security industry and is passionate about raising awareness of being more cyber aware in business to help prevent cyber-attacks and cyber fraud. We have an exciting interview planned for you today, so without further ado, let’s jump in!   The Interview Hi Lisa and thank you for taking the time to speak with our blog readers today about your experience in the cyber security space. You’ve been involved in cyber security since 2009. Can you kick off the interview by telling us a little bit more about how you got into the cyber security space? What was it about the industry that pulled you in and never let you go? In 2009 my ex-husband founded a cyber security software development company called Titania Ltd from our home office. I joined to help him develop it and at the time it was just the two of us from home (although he was still working full-time employed as an ethical hacker when he founded the company). We soon moved into offices and employed our first members of staff, and the company grew quickly. I loved all aspects of cyber security, especially the psychology of hacking, the mind of a hacker and of raising awareness of the importance of cyber security, especially within businesses of all sizes. When my ex-husband and I separated and divorced in 2012 I knew I wanted to stay in the industry. After a short contract at a locally based charity to get me back on my feet again I joined BT and worked on their Assure Cyber product. After that I undertook a wide variety of cyber security contracting work and founded the UK Cyber Security Association. Can you tell us a little bit more about what a typical day looks like for you as a cyber security specialist? I’m sure it always changes, but for those thinking about getting into this field, who might want to learn more about what a typical day looks like, how would you describe that to them? I am currently undertaking some work for Pinsent Mason’s solicitors as a cyber security awareness consultant, as well as running the UK Cyber Security Association. No two days are the same, but some of the tasks that I would undertake in a day includes working on crunching data following phishing email simulation exercises, putting together powerpoint decks on things such as ransomware, phishing, identity badge security for the senior partners at Pinsent Masons, updating the UK Cyber Security Website with the latest data breaches and threat reports and updating the UK Cyber Security Association’s social media channels with any cyber security breaking news that would be of interest to our audience. In addition, I will work on sending email bulletins out to our members, organising events, webinars and liaising with our event partners. You’re a leader when it comes to inspiring other women to get involved in the cybersecurity space. You even wrote a book on the topic. On your website you mention “few women pursue careers in cybersecurity, but those who do are shattering the glass ceiling and contributing to the safety and security of the internet, the CNI and our day to day lives.” Why do you think it is that few women pursue careers in cyber security? I think that women today might be interested in cyber security as a career path but might be put off entering it as it is still a male dominated profession. They may also think they lack the relevant skills and qualifications to enter the industry, but transferable experience also counts for a lot. Unfortunately, I have been subjected to bullying in the industry, and interestingly I’ve been bullied by other women in the industry, not by men. This can be soul destroying but I am determined to not let it affect me and to continue to work towards my goals. I have also observed that many trade shows and exhibitions are aimed mainly at men and aren’t very welcoming to women. For example, I attended Infosec last June for the first time in a few years. When I was walking past the exhibitor booths on the second day, I noticed that some of them were handing out bottles of beer – at 10.00am in the morning! What’s more, those serving the beer bottles were only giving them to men who were walking past the stands in question and the staff on the stands were deliberately pulling the men in to talk to them, but not women. I called this #BeerBias. Much more needs to be done to change the perception of cyber security being a male dominated profession. You have a focus on data/analytics, software, artificial intelligence and machine learning as they relate to cyber security. How are these technologies (for example AI) impacting the password security landscape? I think these technologies are making an impact but there is still a long way to go before they completely replace traditional password methods. For example,

Read More »
Scott-Schober

Humans are not very good at remembering anything longer than 9 characters in length

“If our phone numbers or social security numbers were just a few digits longer, most of us would have trouble remembering them so they were designed with this in mind.” Introduction At Logmeonce, we’re focused on helping protect you against cybersecurity threats. We do this in many ways. First, we provide you with a suite of tools, including a password management tool, to help keep your passwords safe.  However, technology itself can’t solve all of our security woes (as we’ll soon discuss below). Education plays a big role in staying safe online. For this reason, from time to time, we bring in cybersecurity experts from around the world to help educate you, our blog readers, about the various ways you can protect yourself online.  Today, Logmeonce had the opportunity to chat with Scott Schober, the author of Hacked Again and President and CEO of Berkeley Varitronics Systems (BVS), a 48 year-old New Jersey-based privately held company and leading provider of advanced, world-class wireless test and security solutions. Scott is a highly sought after author and expert for live security events, media appearances and commentary on the topics of ransomware, wireless threats, drone surveillance and hacking, cybersecurity for consumers and small business. We have an exciting interview planned for you today, so without further ado, let’s jump in!   The Interview First of all, thank you for taking the time to chat with our cybersecurity blog readers today Scott. We really appreciate it. Let’s kick off the interview by having you tell us a little bit more about what inspired you to get involved in the cybersecurity space? What was it about this niche that pulled in you and never let you go? Berkeley Varitronics Systems (BVS) is a 48 year old family business that was founded by my father, Gary Schober. We developed the first wireless test tools used to build out early cellular networks back in the mid 80s and have stayed in the wireless network space ever since. Since then, wireless cell phones have become an integral part of our modern lives. Over the past decade, modern smart phones have gained even more cameras, microphones, video and communications features all accomplished through a variety of wireless standards including 3G and 4G LTE, bluetooth and bluetooth low energy, Wi-Fi, and NFC. Just recently we’ve seen a major push towards 5G and ultra wideband technologies too. My company has developed over 200 unique wireless test and security tools so we’ve had a hand in all of these standards over the years. Since hackers and cyber criminals primarily set their sights on the weakest, easiest targets, wireless has become the natural intersection where BVS faces off with criminals. The more time I have spent this past decade educating and presenting on security, the more I have become a target of cyber criminals. My company and myself have received multiple attacks to my credit card, debit card and online accounts. My company’s online store was hit with repeated DDoS (Distributed Denial of Service) attacks. Cyber criminals stole approximately $65,000 out of our company checking account. We got all of our money back but ordeal taught me a valuable lesson. No one is 100% safe from a determined hacker, but we can all take some basic steps to keep us safe. This led me to publish my first book ‘Hacked Again’ which essentially told my story in the hopes that others could avoid the mistakes and anguish I went through. Let’s talk about your book Hacked Again. In the book you talk about many things, including but not limited to the importance of strong passwords, wireless threats, malware, ransomware and SPAM. However, in the book you also talk about about the dark web where people buy and sell login credentials. Can you tell us a little bit more about the dangers of this login credential marketplace? Where are hackers getting these login credentials to sell in the first place? How big of a market is the black market for login credentials? The dark web is the Internet’s underbelly. The average user is never on the dark web so it can be a bit intimidating. In reality, it is a much smaller part of the larger surface web we use everyday, but the dark web allows cyber criminals to buy and sell illicit products on a multi-billion dollar marketplace with a high degree of anonymity. After being victimized by cyber criminals, I learned all about markets for stolen personal information that exist all over the dark web. Taken alone, our email address or the last four digits of our social security number might not be that valuable, but when pieced together, they become a jigsaw puzzle that resembles our digital identity. Since criminals operate and communicate freely across the dark web, they often trade, buy and sell these pieces of data to each other. I have been working closely with an exciting company called Cyberlitica that provides dark web scans and alerts for users so I’ve seen the direct consequences of dark web transactions. Last year, I thought it was time to offer an all inclusive Cyber Security Survival Kit which provides cybersecurity education and alerts to its subscribers. It’s an easy way for consumers, business owners and even enterprise to simply run their daily business and stay ahead of cybercriminals without devoting too much time and resources to security. From a buyers perspective how valuable can these credentials be? What are the most common systems they are looking to access?  Due to their anonymity in the dark web, cybercriminals can wait for the highest bidder without fear of being tracked or busted by authorities. Dark web users require Tor software which is open sourced and free and enables anonymous communication whether you are a good guy or a cybercriminal. Tor was initially developed by the U.S. Navy Research Laboratory in order to protect U.S. intelligence communications so it is global network that conceals every user’s location making surveillance extremely difficult. All traffic is

Read More »

Search

Category

Protect your passwords, for FREE

How convenient can passwords be? Download LogMeOnce Password Manager for FREE now and be more secure than ever.

Copyright © 2011-2024 LogMeOnce. All rights reserved.