Web Threats-18 there was a news report that a user id and password stolen from a website through sql injection were used illicitly by the attacker to log onto another website. it can be assumed that the user of the stolen id and password were using the same id and password for multiple sites.various websites use user id and password to identify and authenticate their users.accordingly, users are required to set a user id and password on each site. however, they tend to use the same id and password for multiple sites as it is difficult for them to manage different ids and passwords. meanwhile, websites that manage user ids and passwords to provide services do not know if the same id and password are used for other sites. so it is not easy to establish a technical measure to address this issue.since before 2008, web users had been alerted not to use the same user id and password for multiple sites. security incidents that occurred in 2008 due to the same user id and password being used brought to the surface that users do find it difficult to manage different ids and passwords per service. in 2008, a security alert was issued to warn against the use of the same user id and password for multiple online services.主な対策として利用者はパスワード管理ソフトなどを利用し適切にパスワードを管理できる仕組みを使い webサイト間で同じユーザid とパスワードを設定しないような対策のほか、同じユーザid とパスワードを設定しない、安易なパスワードを設定せずに推測されにくいパスワードを設定する、データ漏洩に備え最小限に被害を抑えるよう最新の対策をチェックするなどusers should take measures such as not setting the same user id and password on multiple websites by using a tool that provides adequate password management (e.g., password management software). it is also important to use a hard-to-guess password.system administrators should instruct system users not to use the same user id and password for multiple purposes, reminding them of the seriousness of this problem and raising their awareness of information security. in addition to not using the same user id and password, it is also important to use a strong password. 国内においては価格等後日発表予定の ipad新機能など楽しみですね
AMERICA NEED PUBLIC WAYーその204不正を許した長過ぎた日本に this is the worst earthquake to hit the area in more than 200 years. entire communities have been ripped apart and as many as 3 million people have been directly affected, including tens of thousands of american citizens who are in haiti.
Twitter 「I×C×T」 there's been some discussion today about the security of online accounts, so we wanted to share our perspective. these are topics that we take very seriously because we know how important they are to our users. we run our own business on google apps, and we're highly invested in providing a high level of security in our products. while we can't discuss individual user or customer cases, we thought we'd try to clear up any confusion by taking some time to explain how account recovery works with various types of google accounts and by revisiting some tips on how users can help keep their account data secure.one of the more common requests for assistance that we receive from regular gmail users is to help them regain access to their accounts after they have misplaced or forgotten their password. we know that it can be frustrating when you can't access your account, and we've worked hard to come up with a system designed to help our users regain access to their accounts as smoothly as possible while taking appropriate precautions to protect their account security. when you select a password as you create an account, we recommend that you also choose a security question and provide a secondary email address. recently, we also added a field where you can input a mobile phone number to assist with later account recovery. we regularly provide tips about how you can choose good passwords and security questions, and we also share our best ideas for what to do when you can't access your account. it's important to keep your password, security question, and secondary email address up to date. it's not enough to just tell us your email address to try to change your password. the security question helps us identify you, but if you want to initiate a password reset, we'll only send that information to the secondary address or the mobile phone number you provide. we handle password recovery differently for our google apps customers. there is no password recovery process for individual google apps users. instead, users must communicate directly with their domain administrator to initiate password changes on their individual accounts. earlier this year we added new password security tools for google apps that allow administrators to set password length requirements and view password strength indicators to identify sufficiently long passwords that may still not be strong enough. for businesses that desire additional authentication security, since 2006 we have supported saml single sign on, a protocol that allows organizations to use two factor authentication solutions such as certificates, smartcards, biometrics, one time password devices, and other stronger tokens.
