Articles on Authentication

• Risk Management The Risks of Remote Desktop for Access Over the Internet
  Exposing RDP to direct Internet connections is risky—beyond credential-guessing opportunities, critical vulnerabilities like CVE-2012-0002 can allow remote code execution without authentication....
• Authentication Anticipating The Future of User Account Access Sharing
  Roughly one in three teens share passwords as expressions of trust, much like giving out school locker combinations. Adults also share credentials for practical reasons—Netflix accounts, admin...
• Incident Response 9 Convenient Lies in Information Security
  Common security claims are often oversimplifications: encryption alone doesn't secure data, compliance doesn't address all necessary controls, security seals reflect limited scans, background checks...
• Malware 5 Events in 2011 That Challenged Online Security and Trust Assumptions
• Malware The Dark Side of Remote Desktop
  The Morto worm spread by scanning for RDP on port 3389 and brute-forcing Administrator passwords using common credentials. Tools like TSGrinder and Ncrack automate RDP password attacks. Mitigations...
• Tools Common Failures of Information Security Tools (Part 2)
  HIPS can miss attacks or wrongly block legitimate actions. Log management may fail to capture necessary events or confuse analysts with poor reporting. Vulnerability management tools may miss patches...