EPA Ignores Experts Setting Password Security Policy

In case you missed it, EPA is yet again changing it's password requirements. This attempt to strengthen security will ultimately reduce security.

As noted security expert Bruce Schneier notes, the National Institutes of Standards and Technology (NIST) recently published its four-volume SP800-63b Digital Identity Guidelines. As Bruce notes, the document "makes three important suggestions when it comes to passwords:

Read More

Beware: Computer "Ransomware" Impersonates OPM

According to Phishme and Fedscoop, there's a new piece of computer Malware that can infect your computer that appears to come from the U.S. Office of Personnel Management. According to Phishme, the thieves send an email to unsuspecting users "that cite[s] the purported detection of 'suspicious movements' in the victim’s bank account that were detected by the US Office of Personnel Management." The emails ask the recipient to "examine the attached scanned record," which is a file that, if opened, infects the recipients computer.

The Malware, dubbed "ransomware,"....

Read More

Just Because You're Paranoid...

Bruce Schneier's  webpage .

Bruce Schneier's webpage.

....doesn't mean people aren't out to get you.

This week, noted security expert Bruce Schneier mentioned in his Crypto-Gram newsletter an interesting hack of a computer monitor. He notes:

A group of researchers has found a way to hack directly into the tiny computer that controls your monitor without getting into your actual computer, and both see the pixels displayed on the monitor -- effectively spying on you -- and also manipulate the pixels to display different images.

Mr. Schneier's note reminds us of an important point. When you're using your government computer, the agency can and does actively spy on its employees. They can view the websites you visit, passwords you type on your keyboard, and even activate the camera and microphone on your computer.

All this is a way of saying that you should avoid doing personal web surfing on your government equipment. While EPA has a limited personal use policy that allows some use of the government computer for non-government purposes, it always easier not having to explain to your boss why you are visiting 75 pages a day on the Washington Post website. Our recommendation is do your surfing on your personal phone.