The Law Offices of Mary N. Chaney, P.L.L.C.
The Cyber Security Law Firm of Texas

Mary's Blog

The Breach Whisperer

About Mary....

Mary N. Chaney, Esq., CISSP® is a former Special Agent for the FBI where she investigated cybercrime, a seasoned corporate executive that built and operated information security teams and now a cybersecurity attorney.

As a self-described “Breach Whisperer” our firm can train your company to properly prepare for your eventual breach!

The overall goal of our firm is to use our wealth of knowledge and expertise to help support, translate and advise, Boards of Directors, CIO's, CISO's and General Counsel's on how to legally protect their company from cyber related risk.

Blog Entries


 

Stop Signing In With Facebook (or Gmail) On Other Sites

See Article Here

Have you ever been asked on a site, instead of creating a unique username and password, to log in with you Facebook or Gmail account? That’s called a single-sign on feature and that is what attackers took advantage of with the latest Facebook breach. The most interesting thing about this feature is that, once applied, there is really no way to reverse it, i.e. create a single sign off feature.

50 million Facebook users, had their access tokens compromised and although the tokens were reset, because Facebook does not enforce developer guidelines there is an unknown amount of third-party services and mobile apps that could not be reset. I know it’s easy and convenient, but it is never a good idea to use these types of features, especially when there is really no easy way to reverse the action. Use a password manager (or a passphrase with unique site identifier as suggested in my previous blog post) and create a unique user id and password for each site, it keeps your personal risk level down.