Archive for May 8th, 2006

Four of ten users have only one password… WHAT!!!?

08 May

According to a new survey unveiled at the Infosec Europe 2006 show in London, 41% of the users are having one password to access all the websites†and services!!

Despite the fact that this survey hits the ordinary†password authentication techniques in†a deadly spot, it tells me two things:

1- SSO and Identity-Federation†should (would?)†be the key concepts†in the near future.. and maybe the InfoCard scheme that will be deployed with Windows Vista will help pushing users to such concepts…

2- “The user is going to pick dancing pigs over security every time”† as Bruce Schneier used to say.
the user is going to try hardly to put himself in the most “convenient” situation… ordinary password are not sufficient any more!! we†must consider more seriously other password techniques such as OT-Password, Query-Based-Password, etc..

According to the survey that†relied on the†answers of 500 users and conducted by “Sophos”, only†14% use a different password for every website, and 45% admitted that they had a small handful of different passwords to choose from!!

The Study



Homeland Security Audit uncovers “major” Linux flaw

08 May

According to eWeek, a critical flaw has been discovered recently in Linux X-Window by an open-source security audit program funded by the U.S. Department of Homeland Security…
It was caused due to a buffer size calculation error within the X Render extension triangle handling code, according to a Secunia advisory…

The flaw could be used to allow local users to execute code with root privileges!!

The company†managing the project†described the flaw as the “biggest security vulnerability” found in the X Window System code since 2000!!

Press Here