A Case Study: Implementing a Db2 for z/OS Implicit Trusted Connection

Robert's Db2

In requesting a connection to a Db2 system, the application provides an authorization ID and an associated password (assuming authentication using an ID and a password, versus an ID and a certificate). Often, the ID and password in question are known by several of the application's developers. I've been interested in the role and trusted context features of Db2 for z/OS for a long time (I posted a two-part blog entry on the topic back in 2011).

Google's Data on Login Thefts

Schneier on Security

This is interesting research and data: With Google accounts as a case-study, we teamed up with the University of California, Berkeley to better understand how hijackers attempt to take over accounts in the wild. From March 2016 to March 2017, we analyzed several black markets to see how hijackers steal passwords and other sensitive data. [.].

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Data Breaches, Phishing, or Malware? Understanding the Risks of Stolen Credentials

Elie

In this paper, we present the first longitudinal measurement study of the underground ecosystem fueling credential theft and assess the risk it poses to millions of users. billion usernames and passwords exposed via data breaches and traded on blackmarket forums. Drawing upon Google as a case study, we find 7–25% of exposed passwords match a victim’s Google account.

Security Affairs newsletter Round 258

Security Affairs

addresses two zero-days exploited in the wild Microsofts case study: Emotet took down an entire network in just 8 days New Coronavirus-themed campaign spread Lokibot worldwide. A new round of the weekly newsletter arrived! The best news of the week with Security Affairs.

Career Choice Tip: Cybercrime is Mostly Boring

Krebs on Security

“The message put out there is that cybercrime is lucrative and exciting, when for most of the people involved it’s absolutely not the case.”

Crooks offer millions to skilled black hats to help them in extortion campaigns

Security Affairs

Cybercrime gangs aim at hiring skilled hackers that can help them in extortion campaign against high-worth individuals, in this case they promise $30,000 per month ($360,000 per year). Scammers, in fact, claim to have evidence and use previously exposed passwords as “proof” of compromise.

Sales 112

NEW TECH: This free tool can help gauge, manage third-party cyber risk; it’s called ‘VRMMM’

The Last Watchdog

Turn the corner into 2019 and we find Citigroup, CapitalOne, Wells Fargo and HSBC Life Insurance among a host of firms hitting the crisis button after their customers’ records turned up on a database of some 24 million financial and banking documents found parked on an Internet-accessible server — without so much as password protection. Last year’s study, which looked at 2017 data, showed steady, incremental year-over-year gains, painting an overall encouraging picture.

Risk 118

FTC Releases Report on Facial Recognition Technology

Hunton Privacy

The report focuses on privacy concerns associated with facial recognition technology, which is becoming increasingly ubiquitous across a variety of commercial applications ranging from search engines to video games to password authentication. In the report, the FTC illustrates through case studies how companies may implement these principles. In a third case study, a social networking website uses facial recognition technology to help its users “tag” photos of their friends.

What did you do for European Cyber Security Month?

IT Governance

Among its suggestions are to: Change default passwords when setting up an account; Turn on automatic security updates; and. For example, did you know that 77% of UK workers don’t receive cyber skills training and 23 million people use ‘123456’ as their password ?