News by Professionals 4 Professionals


New Guidelines: End Frequent Password Changes

The agency that develops information security standards for the U.S. federal government is recommending significant changes to password guidelines, essentially reversing some long-held best practices. Changes to the Digital Identity Guidelines are managed by officials at the National Institute of Standards and Technology[1] (NIST), a division of the U.S. Department of Commerce. While NIST standards are not binding except on federal, non-military agencies the guidelines are frequently looked to by private-sector professionals as best practices for creating security policies for businesses and other organizations.

The full draft report[2] is available at NIST, but in an article[3] for, information security expert Slava Gomzin said the new rules call for relying less on frequent password changes and more on encouraging use of longer, irregular passwords.

1. End periodic password changes: It wasn t all that long ago that virtually every organization would prompt users to change their passwords every three months. But there s long been debate about whether such policies do more harm than good, since employees will often try to make those passwords too simple in an effort to make them easier to remember. Other times, users will write them down raising other security issues.

The new guidelines indicate that government experts have come down on the side of deeming frequent password changes as more trouble than they re worth not to mention less secure.

2. Dump rudimentary password complexity restriction: This is aimed at the basketball fan who loves Michael Jordan and regularly uses chicagobulls23 as their favorite password. Security software can impose complexity rules that require every password also have an upper-case letter and a symbol, for instance. But the government research found that changing the above Jordan fan s password to ChicagoBulls23! offers only a slight modicum of additional complexity and could actually provide a false sense of security.

3. Do stringent new password validation: Using this security feature, every password is compared against lists of overused or previously compromised passwords.

Users will be prevented from setting passwords like password, 12345678, etc., which hackers can easily guess, Gomzin wrote in the VentureBeat piece.

In a world of ideal password security, administrators should aim to set validation criteria to require long, random and complicated expressions.

Serious passwords these days are long — think 16 characters or more — and have a pattern that is not likely to be guessed even by the cleverest of tools, according to an article[4] in

A truly strong password, that piece suggests, looks something like: j0MxmoNnEUg9JIflizGU.

Send tips and news to .[5]


  1. ^ National Institute of Standards and Technology (
  2. ^ full draft report (
  3. ^ article (
  4. ^ article (
  5. ^

J&J, Bayer Accused of Hiding Blood-Thinning Drug’s Flaws

Joseph Boudreaux says taking Johnson & Johnson[1] s blood-thinning drug Xarelto was one of the biggest mistakes of his life. While Xarelto[2] was supposed to help cut his stroke risk, Boudreaux says it instead caused internal bleeding that required a week-long hospital stay in the intensive-care unit, several blood transfusions and multiple heart procedures. I don t want anybody else to suffer like I have from that drug, the part-time security guard says. On Monday, Boudreaux urged a New Orleans jury to hold J&J and Bayer AG[3], which jointly developed Xarelto, responsible for the treatment s potentially fatal side effects, in the first lawsuit targeting the medicine to go to trial.

The companies are facing more than 18,000 U.S. patient suits blaming the blood thinner for internal bleeding. The medicine also has been linked to at least 370 deaths[4], according to U.S. Food and Drug Administration reports.

Top Seller

The drug is Bayer s top-selling product, generating $3.24 billion in sales (3 billion euros) last year and $2.5 billion (2.3 billion euros) in 2015 for the Leverkusen, Germany based pharmaceutical company. Xarelto is J&J s third-largest seller, bringing in $2.29 billion in 2016 as the New Brunswick, New Jersey, company seeks to replace revenue from its Remicade arthritis treatment, which lost patent protection a year ago.

J&J, Bayer Accused Of Hiding Blood-Thinning Drug's Flaws

Boudreaux s case is the first of four suits overseen by U.S. District Judge Eldon Fallon in New Orleans slated for trial over the next three months.

The allegations made in the Xarelto lawsuits contradict years of data on the medicine and the FDA s determination of its safety and efficacy, said William Foster, a spokesman for J&J s Janssen unit that sells the drug in the U.S. Bayer says that while there are some patient complaints, Xarelto s bleeding risks are fully outlined on the medicine s warning label and well known by prescribing doctors. Bayer stands behind the safety and efficacy of Xarelto, and will vigorously defend it, spokeswoman Astrid Kranz said in an emailed statement. U.S. regulators approved Xarelto in 2011 to prevent blood clots in users undergoing knee and hip surgeries. The drug s use has been extended to patients, such as Boudreaux, who suffer from irregular heartbeats and are at high risk of stroke.

Xarelto belongs to a new class of drugs aimed at replacing Bristol-Myers Squibb Co.[5] s Coumadin, which has thinned patients blood since the 1960s. Other new thinners include Pradaxa made by Boehringer Ingelheim GmbH[6], a German company that paid $650 million[7] in 2014 to settle thousands of suits claiming it hid the medicine s bleeding risks.

No Antidote

J&J and Bayer are accused of falsely marketing Xarelto as more effective at preventing strokes than Coumadin and easier to use, because Xarelto patients didn t need frequent blood tests. Lawyers for Boudreaux and other former Xarelto patients stress the drug has no antidote, so it puts some users at high risk for bleeding out if they suffer an injury. Coumadin s blood-thinning effects can be stemmed. J&J and Bayer officials should have warned consumers they could be tested to gauge their Xarelto bleed-out risk, patients attorneys claim. Financial concerns ruled out such disclosures, Brian Barr[8], one of Boudreaux s lawyers, told jurors in open statements Monday. The test that would identify people at high risk was inconsistent with the marketing plan they came up with, he said. The business plan came first.

J&J and Bayer point to the FDA s finding that Xarelto is safe and effective for patients seeking to avoid stroke-causing clots to buttress claims the drug doesn t pose undue risks, according to court papers. They also say millions of users have taken the drug without suffering bleeding side effects. The pharmaceutical makers also argue Boudreaux and other patients can t prove doctors would have avoided prescribing the drug even if they d had the kind of bleeding warnings sought by the plaintiffs, according to court filings. Xarelto s label is adequate as a matter of law, the companies attorneys said. The companies also dispute the validity of the safety test designed to gauge Xarelto users bleeding risks, saying in court filings that the test didn t provide useful information to doctors. We don t believe it s a safety test because it doesn t work with this particular drug,” Beth Wilkinson[9], a lawyer for both companies, said in opening statements Monday.

Bellwether Case

The most important business stories of the day. Get Bloomberg’s daily newsletter. Boudreaux s case serves as a bellwether to help decide the strength of the Xarelto claims, said David Logan, a mass-tort law professor at Roger Williams University[10] in Rhode Island. Fallon will allow a number of such trials to see if jurors rule for patients and award damages, Williams said. Once the results are in, the parties may feel more confident about whether to settle the remaining claims, he said.

Xarelto cases filed in federal courts around the U.S. have been consolidated before Fallon while other suits are awaiting trials in state courts in Pennsylvania and Delaware. Fallon previously oversaw suits against Merck & Co. targeting its Vioxx painkiller that resulted in a $4.85 billion settlement[11].

Judge Fallon has been through the process several times, said Carl Tobias, who teaches product-liability law at the University of Richmond in Virginia. He knows how to get suits to trial that will give the companies and plaintiffs a good feel for what these cases are worth.

The cases are Boudreaux v. Janssen, 14-cv-2720, U.S. District Court, Eastern District of Louisiana, and In RE Xarelto Products Liability Litigation, 14-MD-2592, U.S. District Court, Eastern District of Louisiana (New Orleans).


  1. ^ Company Overview (
  2. ^ Drug s Web Site (
  3. ^ Company Overview (
  4. ^ Web Site With FDA Side-Effect Data (
  5. ^ Company Overview (
  6. ^ Company Overview (
  7. ^ Boehringer Pays $650 Million to Settle Blood-Thinner Suits (2) (
  8. ^ Lawyer s Web Site (
  9. ^ Lawyer s Web Site (
  10. ^ Company Overview (
  11. ^ Merck to Pay $4.85 Billion to Resolve Vioxx Claims (Update4) (

Masked men rob security guard collecting cash from Holmes Chapel supermarket

Police are appealing for information after three masked men robbed a security guard collecting cash from a Holmes Chapel supermarket today (Monday). The robbery happened at approximately 11.45am at Aldi on Manor Lane. Cheshire Police say three unknown men drove into the Aldi car park in a black Vauxhall Astra.

The men, who were all dressed in black and wearing balaclavas, then got out of the car and approached a G4S security guard who was collecting cash from the store. They pushed the guard to the floor before stealing a quantity of cash that he was carrying. The men then got back into the Astra and fled the scene, first travelling on southbound on Manor Lane, before turning right onto Chester Road and then left into Selkirk Drive, before parking the car at Holmes Chapel Leisure Centre.

After parking the car one person was seen exiting the vehicle and fleeing the scene. Detective Sergeant Steven Smith said: We are currently following a number of lines of enquiry and as part of the investigation I m keen to hear from anyone who has any information in relation to this incident.

I d specifically like to hear from anyone who believes that they may have seen the black Vauxhall Astra as it travelled away from the store along Manor Lane and Chester Road, as we believe that this is where two of the offenders have exited the Astra and possibly got into a second vehicle. Anyone with any information in relation to the incident is asked to contact Cheshire Police on 101 quoting incident number 287 of 24 April 2017. Information can also be passed anonymously via Crimestoppers on 0800 555 111.