Annual "Worst Passwords" revealed - the winner is 123456

Software firm SplashData has released the 2013 edition of its annual "Worst Passwords" list, and for the first time, "password" has been displaced from the top spot. The dubious distinction now goes to "123456", which had been in second place for the past two years.

After a year of high-profile security breaches, including a massive leak of Adobe user account details, it is evident that a huge number of users continue to put themselves at risk online by choosing easy-to-remember but highly unsecure passwords. SplashData's list was compiled after combing through millions of passwords leaked or posted online following security breaches in 2013.

Many of the top 25 weak passwords are as short as four characters, use simple sequences of only numbers or characters, or are simply the names of the websites or services that the user has signed up for. "qwerty" takes the number four spot, while "iloveyou" is at number nine.   
The annual worst passwords list is a way to spread public awareness about password security.

SplashData, which sells password management software, recommends the use of a strong password manager that can automatically log in to websites, allowing users to create strong passwords that they don't have to remember. Other common-sense tips include avoiding number-letter substitutions such as "p4s$w0rd", and avoiding the same username and password combinations across multiple services.

Ref: NDTV !!!

Top 10 UK cyber security stories of 2013

Cyber security has moved up the national agenda in the past year, with the UK government paying increasing attention and allocating increasing budget to bolstering UK cyber defences.
The government has stepped up its efforts in this area to help support UK business, with special attention to those that form part of critical national infrastructure and financial infrastructure.

The launch of the first national cyber threat sharing partnership marked an important step forward in the past year, with another milestone due in 2014 when the UK national CERT becomes operational.
The UK government plans several more initiatives in 2014 aimed at promoting the UK as a safe place to do business online and at taking a global leadership position on cyber security matters amid growing calls for international treaties on cyber security and cyber weapons.
Read Computer Weekly's top 10 UK cyber security stories of 2013 here:

1. UK government launches cyber threat data-sharing partnership

In March, the UK government announced a partnership with industry to share information and intelligence on cyber security threats. Cyber attacks were rated as one of the top four threats to UK national security, alongside international terrorism, in the National Security Strategy of 2010 and a re-assessment in 2012.The Cyber Security Information Sharing Partnership (CISP) delivers a key component of the UK national cyber security strategy in facilitating information-sharing on cyber threats.

2. UK CERT moves to next phase with director Chris Gibson

In November, Chris Gibson was confirmed as the director of the UK’s new national computer emergency response team (CERT-UK), which is set to become operational in early 2014. Francis Maude, the Minister for Cabinet Office, said Gibson brings a wealth of experience in cyber incident response in the private sector, both in the UK and internationally. “His first-hand knowledge and understanding of cyber security will be invaluable as he leads the national CERT,” he said.

3. FTSE 350 firms complete cyber risk assessment

Most of the FTSE 350 companies place cyber risk on the board agenda, with over half accounting for cyber risk in their strategic risk register, a cyber governance health check has revealed. In July 2013, the heads of the UK’s intelligence agencies and the Department for Business, Innovation and Skills called on the country’s top 350 listed companies to take part in the exercise. The call was made a day after business consultancy firm KPMG published a report revealing that cyber leaks at FTSE 350 firms are putting the UK’s economic growth and national security at risk.

4. First UK Certified Incident Response firms named

Five organisations have been named as the first certified consultancies in the government’s scheme to help UK organisations respond effectively to the increase in cyber attacks. The Certified Incident Response scheme is backed by CESG, the information assurance arm of GCHQ, and the Centre for the Protection of National Infrastructure (CPNI).

5. Security experts welcome UK banking cyber attack test

Security experts welcomed the most extensive cyber threat exercise in two years to test the preparedness of the financial infrastructure to withstand a sustained cyber attack. On 12 November 2013, Operation Waking Shark 2 tested thousands of staff at London’s major financial institutions with a simulated cyber attack on systems on which the UK’s financial system depends. The Bank of England, the Treasury and the Financial Conduct Authority monitored responses to assess the ability of the UK’s core financial services providers to withstand cyber attacks.

6. UK must legislate on critical cyber security, says ViaSat

The UK must set rules for the cyber security of critical national infrastructure to ensure utilities are safe from attack, says Chris McIntosh, chief executive at communications firm ViaSat UK. “We need legislation because simply issuing a government advisory means there will always be organisations that will ignore that,” he told Computer Weekly.

7. UK invests £850m in tackling cyber threats

The UK government is to invest more than £850m to develop and maintain what it calls“cutting-edge” capabilities to tackle cyber threats.“Crime is at record low levels and this government is taking action to tackle the cyber threat, investing more than £850m through the national cyber security programme,” the Home Office said. The statement comes after a report by the Home Affairs Select Committee said that, despite being the preferred target of online criminals in 25 countries, the UK is still complacent about cyber crime.

8. MoD teams up with defence firms for cyber security

The Ministry of Defence (MoD) is teaming up with nine large defence firms and telecoms providers to strengthen the UK’s cyber security. The Defence Cyber Protection Partnership (DCPP) is the latest in a series of cyber security initiatives by the government since cyber threats were categorised as one of the national defence priorities in 2010. The partnership will look to implement controls and share threat intelligence to increase the security of the defence supply chain.

9. GCHQ sets up £4.5m cyber vulnerability research institute

In March, UK communications intelligence agency GCHQ announced a second academic research institute, which will find new ways of analysing software automatically to combat cyber threats. The GCHQ group’s work is aimed at providing businesses, individuals and government with additional confidence that software will behave in a secure way when installed on operational networks. Funded by a £4.5m grant, the new research institute is made up of teams from six universities and forms part of the government’s plan to increase the UK’s academic capability in all fields of cyber security.

10. Kaspersky calls for international cooperation on cyber security

Governments must understand that cyber weapons are extremely dangerous and have to agree not to use them, according to Eugene Kaspersky, founder and chief of security firm Kaspersky Lab. “It would be good if governments were to sign a treaty against the use of cyber weapons in the same way as they have done against nuclear, biological and chemical weapons,” he told Computer Weekly.

  Courtesy: http://www.computerweekly.com/news/2240210690/