IT Security Horror Story: Digging your own grave with Default Credentials
October 29, 2014, Mark Manousogianis, Information Security Consultant, Coalfire Labs
I recently performed a penetration test that really required no “hacking skills” whatsoever. I was able to obtain domain administrator rights simply by logging into web applications and network hardware using default credentials.
A billion reasons to enhance your penetration testing
August 20, 2014, Mike Weber, Vice President, Coalfire Labs
There are so many questions regarding those leaked Russian passwords. Is this for real? What sites are on that list? How can you tell if your site’s users are in the “Russian Billion”? Isn’t this just a matter of changing user passwords? Bottom line: As a company with websites that have user accounts, what should you do?
War on Passwords? Check with Your QSA First!
March 14, 2013, Matt Getzelman, PCI Practice Director
Passwords have long been the workhorse of user authentication schemes, and many security experts are speaking out on the need for more effective controls. It seems like hardly a week goes by when we don’t see a password breach in the news.