DFA | Smart Thinking Solutions

7 September 20227 September 2022

Why authentication, authorisation and accountability are cornerstones of your cyber security

authentication authorisation accountability

I have written an article over on CyberAwake, (our online cyber security training site), looking at triple A. Why you should care about the TLA AAA! – CyberAwake

26 August 202225 August 2022

Pass the cookie attack – but you still need to use MFA and have these extra steps in place

We cannot emphasise how important multi-factor authentication is to your cyber security – however, of course, the threat actors do have ways around it: Cookie stealing: the new perimeter bypass – Sophos News The threat is malware getting into your system and stealing session cookies that are associated with the …

Continue reading “Pass the cookie attack – but you still need to use MFA and have these extra steps in place”

14 July 20225 October 2022

I have told everyone to use MFA so I do not need to think about more cyber security! UPDATED 14 July 2022

This post was original published on 27 June 2022 Update 14 July 2022 Here is an article from the Microsoft Threat Intelligence Center (MSTIC) and the Microsoft 365 Defender Research Team outlining how the big phishing campaigns backed by experienced and skilled hackers can bypass the security of multi-factor authentication: …

Continue reading “I have told everyone to use MFA so I do not need to think about more cyber security! UPDATED 14 July 2022”

18 May 202228 April 2023

CISA joint advisory on access control. Are you still missing MFA?

The US Cybersecurity and Infrastructure Security Agency has issued a joint advisory with the cyber security organisations from the UK, New Zealand, Netherlands and Canada listing ten regularly exploited weak security controls, poor configurations, and bad practices that allow threat actors to compromise networks. Here is the article: Weak Security …

Continue reading “CISA joint advisory on access control. Are you still missing MFA?”

12 May 202216 January 2024

Passwordlessness

Following my article on Monday here on Smart Thinking: The Guardian has a feature on on going passwordless which is worth reading: TechScape: Apple, Google and Microsoft are about to make passwords a thing of the past | Technology | The Guardian The effectiveness of “passwordlessness” (I just made that …

Continue reading “Passwordlessness”

Cookie	Duration	Description
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.