A Case Study: Implementing a Db2 for z/OS Implicit Trusted Connection

Robert's Db2

In requesting a connection to a Db2 system, the application provides an authorization ID and an associated password (assuming authentication using an ID and a password, versus an ID and a certificate). Often, the ID and password in question are known by several of the application's developers. I've been interested in the role and trusted context features of Db2 for z/OS for a long time (I posted a two-part blog entry on the topic back in 2011).

Google's Data on Login Thefts

Schneier on Security

This is interesting research and data: With Google accounts as a case-study, we teamed up with the University of California, Berkeley to better understand how hijackers attempt to take over accounts in the wild. From March 2016 to March 2017, we analyzed several black markets to see how hijackers steal passwords and other sensitive data. [.].

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Data Breaches, Phishing, or Malware? Understanding the Risks of Stolen Credentials

Elie

In this paper, we present the first longitudinal measurement study of the underground ecosystem fueling credential theft and assess the risk it poses to millions of users. billion usernames and passwords exposed via data breaches and traded on blackmarket forums. Drawing upon Google as a case study, we find 7–25% of exposed passwords match a victim’s Google account.

Crooks offer millions to skilled black hats to help them in extortion campaigns

Security Affairs

Cybercrime gangs aim at hiring skilled hackers that can help them in extortion campaign against high-worth individuals, in this case they promise $30,000 per month ($360,000 per year). Scammers, in fact, claim to have evidence and use previously exposed passwords as “proof” of compromise.

Sales 114

NEW TECH: This free tool can help gauge, manage third-party cyber risk; it’s called ‘VRMMM’

The Last Watchdog

Turn the corner into 2019 and we find Citigroup, CapitalOne, Wells Fargo and HSBC Life Insurance among a host of firms hitting the crisis button after their customers’ records turned up on a database of some 24 million financial and banking documents found parked on an Internet-accessible server — without so much as password protection. Last year’s study, which looked at 2017 data, showed steady, incremental year-over-year gains, painting an overall encouraging picture.

Risk 120

What did you do for European Cyber Security Month?

IT Governance

Among its suggestions are to: Change default passwords when setting up an account; Turn on automatic security updates; and. For example, did you know that 77% of UK workers don’t receive cyber skills training and 23 million people use ‘123456’ as their password ?