pass

ABB IDAL HTTP Server Authentication Bypass

The IDAL HTTP server CGI interface contains a URL, which allows an unauthenticated attacker to bypass authentication and gain access to privileged functions. In the IDAL CGI interface, there is a URL (/cgi/loginDefaultUser), which will create a session in an authenticated state and return the session ID along with the username and plaintext password of the user. An attacker can then login with the provided credentials or supply the string 'IDALToken=......' in a cookie which will allow them to perform privileged operations such as restarting the service with /cgi/restart.




pass

Protecting Yourself from Malware with Better Password Security

4

In Week 1 of National Cybersecurity Awareness Month (NCSAM) we looked at spoofed emails, cybercriminals' preferred method of spreading malware. Today, in an effort to provide you with the best information out there to keep you safe online, we're hitting you with a double dose of cybersafety news.

Let's take look at the topics for Week 2 and 3 of National Cybersecurity Awareness Month: malware and password security. They're separate but related issues in the world of Internet crime prevention, and a better understanding of each is key to protecting your property and personal information in today's digital world.

Malware

Malware is an umbrella term used to describe software that is intended to damage or disable computers and computer systems. If you'd like, you can take a moment and watch this video on malware from Norton Security. But the best way to begin protecting yourself against this stuff is to learn about all the different types of malware that can affect your computer. There are tons, so we'll just go over the broader categories for now.

Viruses: Malicious bits of code that replicate by copying themselves to another program, computer boot sector, or document and change how a computer works. Viruses are typically attached to an executable file or program and spread once a user opens that file and executes it.

Worms: They're like viruses, but are different in terms of the way they're spread. Worms typically exploit a vulnerability or a weakness that allows an attacker to reduce a system's information assurance. Missed that last Windows update? You might be more vulnerable to worms.

Trojans: These look like legitimate pieces of software and are activated after a user executes them. Unlike a virus or a worm, a trojan does not replicate a copy of itself. Instead, it lurks silently in the background, compromising users' sensitive personal data.

Ransomware: This refers to a type of malware that prevents or limits users from accessing their system, either by locking the system's screen or by locking or threatening to erase the users' files unless a ransom is paid. You may recall the WannaCry attack that affected users across the globe this summer, only to be thwarted by the accidental discovery of a "kill switch" that saved people from the malicious software.

Spyware: This malware collects your personal information (such as credit card numbers) and often passes this information along to third parties online without you knowing.

You can check out more descriptions and examples of the types of malware that exist today at MalwareFox, a malware detection and removal software program.

Tips for Protecting Yourself Against Malware

Staying malware-free doesn't require an engineering degree. You can greatly reduce, if not completely eliminate, your chances of falling victim to malware by following these easy tips.

  • Keep your operating system current.
  • Keep your software up to date, particularly the software you use to browse the Internet.
  • Install antivirus and security software and schedule weekly scans. At TechSoup, we're protected by Symantec Endpoint Protection. At home, there are dozens of solutions you can use to protect yourself (PCMag lists many here).
  • Mind where you click. Think twice before you download torrent videos or free Microsoft Office templates from some random website.
  • Avoid public, nonpassword, nonencrypted Wi-Fi connections when you can. Use a VPN when you cannot.

Spread the Word

Let people know that TechSoup is helping you become more #CyberAware by sharing a message on your social media channels. If you tag @TechSoup on Twitter, we'll retweet the first two tweets. Remember, we're all in this together.

Password Security

Now that we've covered the nasty stuff that can make your life miserable if it ends up on your computer, let's go over some password security tips to help prevent malware from getting there in the first place. Using best practices when it comes to protecting your passwords is a proven way to protect your personal and financial information. Curious how knowledgeable you already are? Watch this video and take this quiz to enter a drawing for a $25 Amazon gift card!

First, let's go over some facts.

  • Passwords are the first line of defense to protect your personal and financial information.
  • A weak password can allow viruses to gain access to your computer and spread through TechSoup's or your family's network.
  • It's estimated that 73 percent of users have the same password for multiple sites and 33 percent use the same password every time. (Source: Digicert, May 2014)
  • Despite a small sample size of 1,110 U.S. adults, a recent YouGov survey still found that 28 percent of adults use the same passwords for most of their online accounts. (Source: Business Insider, October 2017).

Best Practices for Effective Password Protection

One great way to better protect yourself is by opting for a passphrase, which is much more difficult to crack than a single-word password. Here are some guidelines to creating one.

  • Pick a famous quote or saying and use the first letter of each word.
  • Add a number that you can remember.
  • Capitalize one letter.
  • Make it unique by adding the first letter of your company's name to the beginning or end of the passphrase.
  • Make it between 16 and 24 characters.

You should never write your password down, but if you must, never store user IDs and passwords together. Finally — even though it might seem unwieldy — you should always use a different password for each site that requires one. In today's world, everything is connected. A savvy hacker can easily breach your bank account, email, and medical records in one fell swoop if you're using the same password for all three.

Additional Cybersecurity Resources

In case you missed it, take a look at last week's post on recognizing suspicious emails.

Need a little inspiration? Find out how TechSoup and Symantec are making a difference in the lives of at-risk teens.

Get more security tips from the National Cyber Security Alliance. National Cyber Security Alliance Month — observed every October — was created as a collaborative effort between government and industry to ensure that all Americans have the resources they need to stay safer and more secure online. Find out how you can get involved.




pass

Passion Capital partner puts faith in London fintech scene

Passion Capital's Eileen Burbidge talks to fDi about what fintech companies should consider when expanding internationally, and why London will always be a key market in the sector.




pass

New SSH Attack Weakens Passwords




pass

FERC's data shows US renewable generating capacity has surpassed coal

According to an analysis by the SUN DAY Campaign of data just released by the Federal Energy Regulatory Commission (FERC), U.S. electrical generating capacity by renewable energy sources (i.e., biomass, geothermal, hydropower, solar, wind) has now - for the first time - surpassed that of coal.




pass

New York to pass 'one of the most aggressive clean energy mandates in the country'

New York is poised to pass its own version of the Green New Deal with a climate bill that would more than triple the state’s solar capacity and aggressively promote development of wind farms off the state’s coast.




pass

Solar industry, advocates hail New York passage of ambitious climate bill

New York’s Climate Leadership and Community Protection Act passed the Assembly early in the morning of June 20 and will now await the governor’s signature. Solar advocates praised the state legislature’s adoption of long anticipated legislation that will require at least 70 percent of electric generation come from renewable sources by 2030 and providing needed funding to low-income and environmental justice communities.




pass

Maryland lawmakers pass Clean Energy Jobs Act

Clean industry leaders celebrated the passage of the Clean Energy Jobs Act (CEJA) by state lawmakers yesterday. The bill now goes to the governor’s desk for signature.




pass

FERC's data shows US renewable generating capacity has surpassed coal

According to an analysis by the SUN DAY Campaign of data just released by the Federal Energy Regulatory Commission (FERC), U.S. electrical generating capacity by renewable energy sources (i.e., biomass, geothermal, hydropower, solar, wind) has now - for the first time - surpassed that of coal.




pass

New York to pass 'one of the most aggressive clean energy mandates in the country'

New York is poised to pass its own version of the Green New Deal with a climate bill that would more than triple the state’s solar capacity and aggressively promote development of wind farms off the state’s coast.




pass

Delaware Joins 34 States in Passing C-PACE Legislation; A Cleaner Energy Supply to Follow

Last month, Delaware Governor John Carney signed Senate Bill 113 into law, enabling Commercial Property Assessed Clean Energy (C-PACE) financing in Delaware. Once implemented, PACE will offer a new method for financing commercial energy efficiency and renewable energy projects.




pass

FERC's data shows US renewable generating capacity has surpassed coal

According to an analysis by the SUN DAY Campaign of data just released by the Federal Energy Regulatory Commission (FERC), U.S. electrical generating capacity by renewable energy sources (i.e., biomass, geothermal, hydropower, solar, wind) has now - for the first time - surpassed that of coal.




pass

U.S. House passes bill designed to streamline hydroelectric power licensing

The U.S. House of Representatives has passed bipartisan hydroelectric power regulatory improvement provisions as part of the North American Energy Security and Infrastructure Act of 2015, potentially helping to expedite the project approval process.




pass

US$1.6 billion Northern Pass transmission line will deliver Canadian hydropower to the U.S.

The US$1.6 billion Northern Pass transmission line that could tap into 1,096 MW from Canada’s largest hydropower producer, HydroQuebec, was approved Dec. 7, by a 6-0 vote of New Hampshire’s Site Evaluation Committee [SEC].
 




pass

New York to pass 'one of the most aggressive clean energy mandates in the country'

New York is poised to pass its own version of the Green New Deal with a climate bill that would more than triple the state’s solar capacity and aggressively promote development of wind farms off the state’s coast.




pass

PG&E Seeks Court Protection From Federal Regulators on Renewable Energy PPASs

PG&E Corp. is seeking court protection to amend or cancel power purchase agreements with suppliers as part of its bankruptcy proceedings.




pass

FERC's data shows US renewable generating capacity has surpassed coal

According to an analysis by the SUN DAY Campaign of data just released by the Federal Energy Regulatory Commission (FERC), U.S. electrical generating capacity by renewable energy sources (i.e., biomass, geothermal, hydropower, solar, wind) has now - for the first time - surpassed that of coal.




pass

Why Are We So Stupid About RDP Passwords?

Ransomware Gangs Keep Pwning Poorly Secured Remote Desktop Protocol Endpoints
In honor of World Password Day, here's a task for every organization that uses remote desktop protocol: Ensure that all of your organization's internet-facing RDP ports have a password - and that it's complex and unique.




pass

Why Are We So Stupid About RDP Passwords?

Ransomware Gangs Keep Pwning Poorly Secured Remote Desktop Protocol Endpoints
In honor of World Password Day, here's a task for every organization that uses remote desktop protocol: Ensure that all of your organization's internet-facing RDP ports have a password - and that it's complex and unique.




pass

Why Are We So Stupid About RDP Passwords?

Ransomware Gangs Keep Pwning Poorly Secured Remote Desktop Protocol Endpoints
In honor of World Password Day, here's a task for every organization that uses remote desktop protocol: Ensure that all of your organization's internet-facing RDP ports have a password - and that it's complex and unique.




pass

Why Are We So Stupid About RDP Passwords?

Ransomware Gangs Keep Pwning Poorly Secured Remote Desktop Protocol Endpoints
In honor of World Password Day, here's a task for every organization that uses remote desktop protocol: Ensure that all of your organization's internet-facing RDP ports have a password - and that it's complex and unique.




pass

Why Are We So Stupid About RDP Passwords?

Ransomware Gangs Keep Pwning Poorly Secured Remote Desktop Protocol Endpoints
In honor of World Password Day, here's a task for every organization that uses remote desktop protocol: Ensure that all of your organization's internet-facing RDP ports have a password - and that it's complex and unique.




pass

Why Are We So Stupid About RDP Passwords?

Ransomware Gangs Keep Pwning Poorly Secured Remote Desktop Protocol Endpoints
In honor of World Password Day, here's a task for every organization that uses remote desktop protocol: Ensure that all of your organization's internet-facing RDP ports have a password - and that it's complex and unique.




pass

Why Are We So Stupid About RDP Passwords?

Ransomware Gangs Keep Pwning Poorly Secured Remote Desktop Protocol Endpoints
In honor of World Password Day, here's a task for every organization that uses remote desktop protocol: Ensure that all of your organization's internet-facing RDP ports have a password - and that it's complex and unique.




pass

Why Are We So Stupid About RDP Passwords?

Ransomware Gangs Keep Pwning Poorly Secured Remote Desktop Protocol Endpoints
In honor of World Password Day, here's a task for every organization that uses remote desktop protocol: Ensure that all of your organization's internet-facing RDP ports have a password - and that it's complex and unique.




pass

Why Are We So Stupid About RDP Passwords?

Ransomware Gangs Keep Pwning Poorly Secured Remote Desktop Protocol Endpoints
In honor of World Password Day, here's a task for every organization that uses remote desktop protocol: Ensure that all of your organization's internet-facing RDP ports have a password - and that it's complex and unique.




pass

Why Are We So Stupid About RDP Passwords?

Ransomware Gangs Keep Pwning Poorly Secured Remote Desktop Protocol Endpoints
In honor of World Password Day, here's a task for every organization that uses remote desktop protocol: Ensure that all of your organization's internet-facing RDP ports have a password - and that it's complex and unique.




pass

Why Are We So Stupid About RDP Passwords?

Ransomware Gangs Keep Pwning Poorly Secured Remote Desktop Protocol Endpoints
In honor of World Password Day, here's a task for every organization that uses remote desktop protocol: Ensure that all of your organization's internet-facing RDP ports have a password - and that it's complex and unique.




pass

Why Are We So Stupid About RDP Passwords?

Ransomware Gangs Keep Pwning Poorly Secured Remote Desktop Protocol Endpoints
In honor of World Password Day, here's a task for every organization that uses remote desktop protocol: Ensure that all of your organization's internet-facing RDP ports have a password - and that it's complex and unique.




pass

Why Are We So Stupid About RDP Passwords?

Ransomware Gangs Keep Pwning Poorly Secured Remote Desktop Protocol Endpoints
In honor of World Password Day, here's a task for every organization that uses remote desktop protocol: Ensure that all of your organization's internet-facing RDP ports have a password - and that it's complex and unique.




pass

Why Are We So Stupid About RDP Passwords?

Ransomware Gangs Keep Pwning Poorly Secured Remote Desktop Protocol Endpoints
In honor of World Password Day, here's a task for every organization that uses remote desktop protocol: Ensure that all of your organization's internet-facing RDP ports have a password - and that it's complex and unique.




pass

Why Are We So Stupid About RDP Passwords?

Ransomware Gangs Keep Pwning Poorly Secured Remote Desktop Protocol Endpoints
In honor of World Password Day, here's a task for every organization that uses remote desktop protocol: Ensure that all of your organization's internet-facing RDP ports have a password - and that it's complex and unique.




pass

Why Are We So Stupid About RDP Passwords?

Ransomware Gangs Keep Pwning Poorly Secured Remote Desktop Protocol Endpoints
In honor of World Password Day, here's a task for every organization that uses remote desktop protocol: Ensure that all of your organization's internet-facing RDP ports have a password - and that it's complex and unique.




pass

Why Are We So Stupid About RDP Passwords?

Ransomware Gangs Keep Pwning Poorly Secured Remote Desktop Protocol Endpoints
In honor of World Password Day, here's a task for every organization that uses remote desktop protocol: Ensure that all of your organization's internet-facing RDP ports have a password - and that it's complex and unique.




pass

Why Are We So Stupid About RDP Passwords?

Ransomware Gangs Keep Pwning Poorly Secured Remote Desktop Protocol Endpoints
In honor of World Password Day, here's a task for every organization that uses remote desktop protocol: Ensure that all of your organization's internet-facing RDP ports have a password - and that it's complex and unique.




pass

Why Are We So Stupid About RDP Passwords?

Ransomware Gangs Keep Pwning Poorly Secured Remote Desktop Protocol Endpoints
In honor of World Password Day, here's a task for every organization that uses remote desktop protocol: Ensure that all of your organization's internet-facing RDP ports have a password - and that it's complex and unique.




pass

Why Are We So Stupid About RDP Passwords?

Ransomware Gangs Keep Pwning Poorly Secured Remote Desktop Protocol Endpoints
In honor of World Password Day, here's a task for every organization that uses remote desktop protocol: Ensure that all of your organization's internet-facing RDP ports have a password - and that it's complex and unique.




pass

Why Are We So Stupid About RDP Passwords?

Ransomware Gangs Keep Pwning Poorly Secured Remote Desktop Protocol Endpoints
In honor of World Password Day, here's a task for every organization that uses remote desktop protocol: Ensure that all of your organization's internet-facing RDP ports have a password - and that it's complex and unique.




pass

Why Are We So Stupid About RDP Passwords?

Ransomware Gangs Keep Pwning Poorly Secured Remote Desktop Protocol Endpoints
In honor of World Password Day, here's a task for every organization that uses remote desktop protocol: Ensure that all of your organization's internet-facing RDP ports have a password - and that it's complex and unique.




pass

Why Are We So Stupid About RDP Passwords?

Ransomware Gangs Keep Pwning Poorly Secured Remote Desktop Protocol Endpoints
In honor of World Password Day, here's a task for every organization that uses remote desktop protocol: Ensure that all of your organization's internet-facing RDP ports have a password - and that it's complex and unique.




pass

EWC Mourns Passing of Board Member Tadashi Yamamoto

The East-West Center joins many in the international relations community in mourning the April 15 passing of EWC Board of Governors member Tadashi Yamamoto, a strong advocate of the development of a vibrant, internationalized civil society in Japan and of deepened Japanese ties with other countries.




pass

Former EWC President Everett Kleinjans Passes Away

The East-West Center community has been saddened to learn that former EWC President Everett “Ets” Kleinjans passed away on April 30 at a care home in Michigan.

A linguist who taught in China and Japan before joining the Center in 1967 as Vice Chancellor for Academic Affairs, Kleinjans then became EWC’s Chancellor from 1968 to 1974. After helping to guide the Center through independent incorporation, he became its first President in 1975, serving until 1980. Subsequently, he taught at Hawai’i Pacific University and worked for a number of years in Cambodia before returning to his home town of Holland, Michigan.




pass

Former EWC Board Member Tai Yu-Lin Passes

The East-West Center community was saddened to learn of the Nov. 4 passing of former EWC Board of Governors member Tai Yu-Lin (also known as Wu Yu-Lin), a pioneer in bilingual education. Serving from 1978 – 1984, she was the first Asian woman elected to the EWC Board.

Born in Northeast China in the 1920s, she was educated in Shanghai, as well as at the University of Malaya, Columbia University and later at the University of London's School of Oriental and African Studies, where she began her language career.




pass

EWC Community Mourns Passing of Senator Inouye

Sen. Inouye with EWC students in 2007.

The East-West Center community is greatly saddened by the passing of Hawai‘i Senator Daniel K. Inouye, long one of the Center’s most avid supporters. EWC President Charles E. Morrison extended the EWC community’s heartfelt condolences to Senator Inouye’s family and loved ones.

“We are deeply saddened by the loss of a great patriot and statesman who served his nation and state in many different capacities,” Morrison said. “Senator Inouye has always been the staunchest supporter of the East-West Center, not just in Washington, but also frequently interacting with participants and alumni. We will sorely miss him.”




pass

Former EWC President Victor Li Passes Away

The East-West Center community is saddened by the death former EWC President Victor Hao Li, who passed away on Sept. 18 in Oakland, California, at the age of 72.

Born in Hong Kong, Dr. Li taught Chinese and international law at the University of Michigan, Columbia and Stanford before serving as President of EWC from 1981-1989.




pass

EWC Saddened by Passing of Former Board Member and House Speaker Tom Foley

The East-West Center community is saddened by the death of former EWC Board of Governors member Thomas S. Foley, a U.S. congressman from Washington State for three decades, speaker of the House from 1989 to 1995, and later Ambassador to Japan.  Foley, who passed away Oct. 18 at age 84, served on the EWC board from 1995 to 1997. 




pass

EWC Community Saddened by Passing of Center's First Leader, Longtime Arts Coordinator

The East-West Center community is saddened by news of the recent passing of the Center’s first leader, Murray Turnbull, and longtime arts and exhibits coordinator Jeanette "Benji" Bennington.

"Murray Turnbull was the father of the concept of bringing the young people of the Asia Pacific region together, and the East-West Center was established because of him," said EWC President Charles E. Morrison. "And Benji was an incredible, invaluable resource during her decades of service at the Center. She embodied the EWC spirit, and her legacy remains with us all.”




pass

EWC Community Saddened by Sudden Passing of Larry Smith

The East-West Center community has been saddened to learn of the sudden passing of former Education Director and longtime community supporter Larry Smith, who suffered a fatal heart attack over the weekend, shortly after arriving in New Delhi to attend a conference.




pass

EWC Community Saddened by Passing of Former Dean of Students Sumi Makey

HONOLULU (October 22, 2019) -- The East-West Center community has been saddened to learn of the passing on October 20 of former Dean of Students and longtime Center supporter Sumi Makey. Generations of EWC alumni carry warm memories of Sumi as a caring mentor over the course of her several decades leading the Center’s student and Open Grants programs, which she helped to establish, and later as an active supporter and donor. (Read Sumi’s EWC oral history.)




pass

AIFMD update: ESMA updates AIFMD Q&As and delays opinion on the extension of the AIFMD passport to non-EU entities

Updated AIFMD Q&As The European Securities and Markets Authority (ESMA) has published an updated version of its Q&A paper on the application of the Alternative Investment Fund Managers Directive (AIFMD). This publication was released on...