Speaking on Consumerization and Security at SecureWorld Charlotte
Speaking on Consumerization and Security at SecureWorld Charlotte
Hi folks!
This week, I’ll be presenting The Mobile Edge: Consumerization and Security at the SecureWorld Charlotte event. Due to other scheule commitments Thursday, I’ll only be at the event Wednesday, April 10th. I asked for the Early Bird Session at 8:30, so I can tackle the task of waking you up.
Read more: Speaking on Consumerization and Security at SecureWorld CharlotteWhere to find JJ at RSA 2013 – NAC, certs, SBN and more
Where to find JJ at RSA 2013 – NAC, certs, SBN and more
Each year I like to share some of my where-abouts with you, and invite you to come say hello or join me in a session, discussion, debate or even a party. This year, I’m involved with two RSA sessions and some extra-curricular activities with organizations like TCG. Here’s the scoop!
Read more: Where to find JJ at RSA 2013 – NAC, certs, SBN and moreThe great Nothing at Security Uncorked
The great Nothing at Security Uncorked
I hesitate to post here today. I’m looking at my recent blogging history and I’m saddened. It’s as though The great Nothing has come and devoured this digital land of mine.
I didn’t fall off the face of the Earth though, and the Nothing hasn’t completely taken ownership this spot. I’ve been writing, as usual for other media outlets and analyst groups. Some of that content is publicly available and I have failed you, my readers, in linking those posts here.
And so, my sad eyes look now upon a single grain of sand; the sole remaining piece of my digital home, seemingly consumed by The Nothing. As I imagine this blog restored to its full potential, with more content, education and hilarity, I see a glimmer of hope and a landscape manifesting in front of me.
“We can’t wait for a snail. Can I carry you?”
“Don’t worry, it’s a racing snail!”
“Oh but, but, we can’t even wait for a racing snail.”
“Tally ho!”
“Hey, it really is a racing snail!”
Upcoming:
- Where to find me at RSA this year
- RSA sessions for NAC and endpoint security, wireless and trends
- What I’ve been up to
- More on wireless and wireless security
- Updated NAC white papers and vendor comparison
# # #
Is LinkedIn lying about their new password salting?
Is LinkedIn lying about their new password salting?
Wow, we’re a skeptical and paranoid bunch, aren’t we? I can’t blame the numerous security professionals that are making claims that LinkedIn is likely lying about their new password salting for added security. If you’re not a cryptography junkie, it may not make sense. I’ve been running things by several cryptography specialists and our security research friends as a sanity check too, but some of these claims are getting out of hand.
Is LinkedIn lying about implemented salts to secure user passwords?
Read more: Is LinkedIn lying about their new password salting?How to crack your own LinkedIn password hash
How to crack your own LinkedIn password hash
Several people have asked what it means to crack a password hash, and others have asked for an even simpler explanation of what a hash is.
In brief, a hash is a one-way cryptographic function. In security circles, it’s not really considered to be encryption, in the technical sense, but it is a function of cryptography. When we hash something, we take a value, it can be any length of letters, numbers, text and we perform a function on it that spits out a fixed-length value. With the LinkedIn passwords, they use a hash algorithm called SHA-1. SHA-1 always gives us an output of exactly 160 bits. You’ll see a specific example set below.
Read more: How to crack your own LinkedIn password hash
