What Is Kerberos?

What Is Kerberos?

What is it?   Kerberos is an authentication protocol enabling systems and users to prove their identity through a trusted third-party. The protocol was initially developed at the Massachusetts Institute of Technology (MIT) as part of a larger project called Project Athena. Project Athena was a joint initiative of MIT, Digital Equipment Corporation, and IBM to build a distributed computing environment for educational use.   The protocol centers around tickets. Tickets are issued by the trusted third-party and utilize symmetric encryption (the key known only to the trusted third-party) to establish their trust. As we’ll explain later, certain user passwords are also used to encrypt and sign specific tickets. However, the root…

Read More Read More

EU-US Privacy Shield Revoked: What This Means for EU-US Commercial Data Transfers

EU-US Privacy Shield Revoked: What This Means for EU-US Commercial Data Transfers

Europe’s top court, the Court of Justice of the European Union, recently struck down the EU-US data privacy arrangement known as Privacy Shield, which many organizations rely on when transferring data from the EU to the United States. Privacy Shield was enacted in 2016 to replace the Safe Harbor Privacy Principles, which was declared invalid by the same court in 2015. In addition to replacing Safe Harbor, it aimed to protect the fundamental rights of anyone in the EU whose…

Read More Read More

Back to “The Basics” Blog Series

Back to “The Basics” Blog Series

Webinar Preview: Back to “The Basics” – Pragmatic advice from Gavin Ashton, author of “Maersk, me, & notPetya” Part 1 – Ransomware The origins of modern ransomware trace back all the way to the AIDS trojan of 1989. Its use of simple symmetric cryptography and gentle extortion of $189 seems almost infantile compared to the techniques used and extortions of today. In the midst of a global pandemic, ransomware has been on the rise – economically motivated actors would never…

Read More Read More

A History of Passwords

A History of Passwords

The following blog post was created using an excerpt from the Stealthbits Technologies/emt Distribution presentation “Prioritizing Password Security with Troy Hunt: The Good, the Bad, and the Ineffective”. Please see here to view the complete presentation. Let’s talk about passwords. In particular, let’s talk about where we’ve come from, where we are at the moment, and where things are going in the future. The history lesson of passwords is enormously important because it helps us understand why we are in…

Read More Read More

How to Hide API Keys, Credentials, & Authentication Tokens on GitHub

How to Hide API Keys, Credentials, & Authentication Tokens on GitHub

With the rise of open-source, more and more public repositories are being hosted on GitHub. In fact, back in 2018 GitHub celebrated 100 million live repositories, and things have only been growing from there. However, with easy access to version control and open source, it’s important to make sure sensitive credentials and authentication tokens aren’t exposed to the public.  Exposed Credentials  Let’s say I’m writing an application that takes advantage of data from an API call. For example, I could be targeting weather data from OpenWeatherMap: GET “https://api.openweathermap.org/data/2.5/weather?&id=5128581&appid={YOUR API KEY}” As this API call is prepared, it’s not…

Read More Read More

What is Data Lifecycle Management?

What is Data Lifecycle Management?

Data Lifecycle Management (DLM) can be defined as the different stages that the data traverses throughout its life from the time of inception to destruction. Data lifecycle stages encompass creation, utilization, sharing, storage, and deletion.  Each stage of the data life cycle is controlled through a different set of policies that control data protection, resiliency, and regulatory compliance. Companies rely on different types of data to generate and grow revenue, create new market opportunities, and compete in the marketplace. The limitless potential of data can be harnessed by focusing on data protection, data security, data resiliency, and compliance.  Data can be treated like any…

Read More Read More

What is the SigRed vulnerability in Windows DNS Server?

What is the SigRed vulnerability in Windows DNS Server?

What is it? SigRed, CVE-2020-1350, is a remote code execution vulnerability in the Microsoft Windows DNS server that was publicly disclosed on July 14, 2020, by Israeli cybersecurity firm Check Point.   When a DNS server receives a query for a domain it isn’t responsible (authoritative) for it asks a DNS server further up the hierarchy which DNS server is, and then queries that DNS server for the record. The vulnerability exists in how the Windows DNS server parses the…

Read More Read More

A Guide to California Consumer Privacy Act (CCPA) Compliance in 2020

A Guide to California Consumer Privacy Act (CCPA) Compliance in 2020

The California Consumer Privacy Act was signed into law in 2018 and went into effect on January 1st, 2020. With the EU’s GDPR paving the way, CCPA has a significant impact on how enterprises manage security and compliance for user data, as well as how data breaches are handled.  Simply put, the CCPA gives residents of the state of California greater control over their personal data, requiring companies to be more transparent about the data collected and stored about consumers. Businesses with practices in place to comply with GDPR are at an advantage, however, CCPA has…

Read More Read More

What are Group Managed Service Accounts (gMSA)?

What are Group Managed Service Accounts (gMSA)?

High Level Overview of GMSAs Group Managed Service Accounts Overview Group Managed Service Accounts (gMSA) were introduced in Windows Server 2016 and can be leveraged on Windows Server 2012 and above. gMSAs offer a more secure way to run automated tasks, services, and applications. How are gMSAs more secure you ask? Well, their passwords are completely handled by Windows. gMSA passwords are randomly generated, automatically rotated, and not required to be known by any user. The service accounts themselves are…

Read More Read More

PROTIP: How to Update the “Have I Been Pwned” (HIBP) Breach Dictionary in StealthINTERCEPT Enterprise Password Enforcer and StealthAUDIT

PROTIP: How to Update the “Have I Been Pwned” (HIBP) Breach Dictionary in StealthINTERCEPT Enterprise Password Enforcer and StealthAUDIT

ALERT: If you are NOT a StealthINTERCEPT Enterprise Password Enforcer or StealthAUDIT customer, view this blog for greater relevance and a more appropriate read. With 34% of people saying they share passwords with coworkers1 and 62% reusing the same password for work and personal accounts2, the importance of checking passwords is paramount. Last Friday (June 19, 2020) we saw our first update to the “Have I Been Pwned” (HIPD) database in almost 12 months.  The database jumped from 555,278,657 to…

Read More Read More

Start a Free Stealthbits Trial!

No risk. No obligation.

Privacy Preference Center

      Necessary

      Advertising

      Analytics

      Other