Search

Recent Entries

ZeroSSL with IIS 10
Account Breach Monitoring
DBML Visualizer VERY Slow - solved!
Poor Man's SQL Log Shipping (Kinda)
Excel Column Letter To Number.com
Easy & Powerful Ecommerce Solution
asp:Menu Flicker on Page_Load - Solved
Windows Server 2008 Install DLL into GAC

Categories

Skip Navigation Links.
You are here: Rants, Rave, & Tips

 

By Ted Krapf on 9/20/2017 9:36 AM
As a software developer that has to deal with user accounts, one of the topics always in my mind is security.  Is the box/vm/host secured? Did we implement strong enough password/login rules? What ciphers are enabled? Have the rules changed? Are the users doing something crazy that could compromise the security of the system?

As with social engineering, the weakest link in a well designed security model is usually the users.  So, what happens if one of the users (maybe one with elevated security rights) uses the same password on our system that they did on another system that was breached?  Now there's the possibility that this user's email address (username) and password are out in the wild.  It's just a matter of time and some snooping before a black hat or an AI realizes that user X is on our system and logs in.

One evening, I was on my Xbox shooting some baddies.  All of a sudden I get this prompt from Microsoft that says I have to change my password because my Live email address was involved in a 3rd party data breach.  My first thought was, "oh no!".  Next it was, "way to go Microsoft for telling me this so I can protect my Xbox account!" And lastly, "wait?! how did Microsoft know that I was involved in a 3rd party breach??"....