Risk Radar Free Cyber Security Newsletter – December 2015 beta

2016 Reality: Lazy Authentication Still the Norm
Even if you do everything right your online accounts may get hacked. Brian Krebs tells how his PayPal account got reset twice, even after he called the first time. PayPal only locked the account when a suspicious money transfer was attempted by the hacker. Hopefully PayPal and similar services will make improvements in their password reset policies.
Microsoft to Remove Superfish-Like Programs Starting in March
Microsoft will start checking for and removing Superfish like programs in 2016. This is a great move by Microsoft. Hopefully this will deter OEMs from putting these programs in future Windows computers. I was very disappointed with Lenovo when they put Superfish on their consumer computers (glad I was using a ThinkPad).
New Year’s Resolutions from Internet Storm Center
Internet Storm Center has three security recommendations for 2016. Remove Flash, enable 2 factor authentication, and enable storage encryption on your mobile device. These are some good recommendations to think about. It does seem doable to live without flash and 2 factor authentication, it just makes sense to do it where available. I do wonder about the performance hit by enabling encryption on my mobile device. It may be worth a small performance hit to do the encryption.