Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 10 and 11 allows remote attackers to bypass the Same Origin Policy and inject arbitrary web script or HTML via vectors involving an IFRAME element that triggers a redirect, a second IFRAME element that does not trigger a redirect, and an eval of a WindowProxy object, aka “Universal XSS (UXSS).”
Creating and using strong passwords is an important part of your server security.
If your old password was compromised, make sure that your new password is very different from your old one.
Things to include
- At least eight characters.
- One or more of each of the following:
- lower-case letter
- upper-case letter
- punctuation mark
- Lookalike characters to protect against password glimpses. Examples:
- O as in Oscar and the number 0.
- Lower-case l and upper-case I.
- The letter S and the $ sign.
Things to avoid
- Words you can find in the dictionary.
- Passwords shown as “example strong passwords.”
- Personal information, such as names and birth dates.
- Keyboard patterns, like qwerty or 12345. Particularly avoid sequences of numbers in order.
- Common acronyms.
- All one type of character – such as all numbers, all upper-case letters, all lower-case letters, etc.
- Repeating characters, such as mmmm3333.
- The same password you use for another application.
Memorable password tips
While passwords that are easy for you to remember are also less secure than a completely random password, following these tips can help you find the right balance between convenience for you and difficulty for hackers.
- Create a unique acronym for a sentence or phrase you like.
- Include phonetic replacements, such as ‘Luv 2 Laf’ for ‘Love to Laugh.’
- Jumble together some pronounceable syllables, such as ‘iv,mockRek9.’
Keep your password secret
- Never tell your password to anyone (this includes significant others, roommates, coworkers, etc.). If you need to grant someone access to your server, set up a separate username and password for that person.
- Never write your password down, especially not anywhere near your computer.
- Do not store your password in a plain text file on your computer.
- Never send your password over an unecrypted connection – including unencrypted email.
- Periodically test your current password.
- Update your password every six months.
Password strength tests
This blog will cover the following topics:
- Attacker.NET offers & News
- Security Advisories
- Tutorials & How-To’s
- Genetal IT news, Issues and Best practices