http://www.computerworld.com/s/article/9177780/Researchers_Poor_password_practices_hurt_security_for_all By Elizabeth Heichler IDG News Service June 7, 2010 A large-scale study of password-protected Web sites revealed a lack of standards across the industry that harms end-user security, according to two researchers working at the University of Cambridge in England. In particular, the weak implementations of password-based authentication at lower-security sites compromises the protections offered at higher-security sites because individuals often re-use passwords, Joseph Bonneau and Soren Preibusch asserted in a paper presented at the Workshop on the Economics of Information Security in Cambridge, Mass., Monday. Attackers can use low-security Web sites such as news outlets to figure out passwords associated with certain e-mail addresses, and then use those passwords to access accounts at higher-security sites such as e-commerce vendors, Bonneau said. In an effort that the researchers said is the largest empirical investigation into password implementations to date, they collected data from 150 Web sites and found widespread "questionable design choices, inconsistencies, and indisputable mistakes," according to Bonneau and Preibusch. [...] _____________________________________________________________________________________ Black Hat USA 2010, hosted at Caesars Palace in Las Vegas, Nevada July 24-29th, offering over 60 training sessions and 11 tracks of Briefings from security industry elite. To sign up visit www.blackhat.comReceived on Tue Jun 08 2010 - 01:23:19 PDT
This archive was generated by hypermail 2.2.0 : Tue Jun 08 2010 - 01:32:19 PDT