News by Professionals 4 Professionals


New Guidelines: End Frequent Password Changes

The agency that develops information security standards for the U.S. federal government is recommending significant changes to password guidelines, essentially reversing some long-held best practices. Changes to the Digital Identity Guidelines are managed by officials at the National Institute of Standards and Technology[1] (NIST), a division of the U.S. Department of Commerce. While NIST standards are not binding except on federal, non-military agencies the guidelines are frequently looked to by private-sector professionals as best practices for creating security policies for businesses and other organizations.

The full draft report[2] is available at NIST, but in an article[3] for, information security expert Slava Gomzin said the new rules call for relying less on frequent password changes and more on encouraging use of longer, irregular passwords.

1. End periodic password changes: It wasn t all that long ago that virtually every organization would prompt users to change their passwords every three months. But there s long been debate about whether such policies do more harm than good, since employees will often try to make those passwords too simple in an effort to make them easier to remember. Other times, users will write them down raising other security issues.

The new guidelines indicate that government experts have come down on the side of deeming frequent password changes as more trouble than they re worth not to mention less secure.

2. Dump rudimentary password complexity restriction: This is aimed at the basketball fan who loves Michael Jordan and regularly uses chicagobulls23 as their favorite password. Security software can impose complexity rules that require every password also have an upper-case letter and a symbol, for instance. But the government research found that changing the above Jordan fan s password to ChicagoBulls23! offers only a slight modicum of additional complexity and could actually provide a false sense of security.

3. Do stringent new password validation: Using this security feature, every password is compared against lists of overused or previously compromised passwords.

Users will be prevented from setting passwords like password, 12345678, etc., which hackers can easily guess, Gomzin wrote in the VentureBeat piece.

In a world of ideal password security, administrators should aim to set validation criteria to require long, random and complicated expressions.

Serious passwords these days are long — think 16 characters or more — and have a pattern that is not likely to be guessed even by the cleverest of tools, according to an article[4] in

A truly strong password, that piece suggests, looks something like: j0MxmoNnEUg9JIflizGU.

Send tips and news to .[5]


  1. ^ National Institute of Standards and Technology (
  2. ^ full draft report (
  3. ^ article (
  4. ^ article (
  5. ^

The Real Story Behind the ‘Somali Pirates VS Ship’s Private Security …

The Real Story Behind The 'Somali Pirates VS Ship's Private Security ...A team member of a private security team aboard the MV Avocet points his weapon at an incoming pirate skiff in the Arabian Sea, likely sometime in 2011.

We have come a long way since the height of Somali piracy when highly organized pirate gangs roamed the Gulf of Aden and Indian Ocean in search of merchant ships to hijack for multi-million dollar ransoms. During the most active years, from 2008 to 2012, armed pirates were attacking hundreds of ships per year[1], successfully pirating more than 130 vessels and taking their crews hostage some of whom were held captive for years[2] in the most abominable conditions imaginable. Fortunately, a combination of international naval presence in the region and private armed security teams contracted by the ship owners was successful in suppressing the scourge of piracy in Horn of Africa region. And while a spate of recent incidents bearing the characteristics of Somali piracy during its peak have been a cause for alarm, Somali piracy is far from the point it was at over a half-decade ago. So when a video posted last week by a supposedly pro-seafarer page showing a shipboard security team opening fire on an incoming pirate skiff went viral, we thought it was necessary to provide some context and/or details since absolutely none was given.

The video in question is titled Somali Pirates VS Ship s Private Security Guards and since it was posted last Thursday it has racked up over 12 million views, easily reaching YouTube s top trending list. It has also prompted some publishers to re-post as if this just happened. The problem is, the video is now more five years old.

Video Details

The video in question was originally posted online by an unidentified source in April 2012. Details of the video were not immediately clear in the original posting on LiveLeak[3], but in May 2012 Bloomberg was able to track down the video s origin[4] and shed some light on the incident after it sparked a debate about the guards use of of force, which many at the time called excessive. Here s the video in question:

[embedded content]

According to the Bloomberg report, the video first appeared at a shipping conference in December 2011 and was filmed by a team member from the Norfolk, Virginia-based private security firm Trident Group while operating aboard the MV Avocet, a 53,462 dwt bulk carrier owned by New York-based Eagle Bulk Shipping Inc. In the Bloomberg article, Thomas Rothrauff, president of Trident Group, defended the team s actions, saying their operating procedures were legal and in full compliance with rules for use of force. In the report, Rothrauff even noted that at least some of the boat s occupants were probably killed or injured, although there is no way to know for sure. We re not in the business of counting injuries, Rothrauff told Bloomberg at the time.

Rothrauff added that the attack shown in the video was the second in 72-hours launched by pirates operating from a nearby mothership, and also said that the pirates in the video were returning fire, although it is somewhat hard to tell from the video. The report also noted that all of Trident Group s operations are shot on video, and the video is technically owned by the hiring company, which in this case is Eagle Bulk Shipping Inc.

So why the re-post now?

For one, Somali piracy is back in the news[5] after years of calm. In March, Somali pirates were able to hijack their first commercial ship since 2012[6] the oil tanker Aris 13. The vessel was released a few days later following a clash with local maritime forces and no ransom was paid. Since then, there have been a handful of other incidents that have added to the concern, but nothing compared to what we were seeing during the height of piracy. The good news, currently Somali pirates have no commercial vessels or hostages under their control. So, to the re-uploaders of this video, we say shame on you. While you may claim to be a group highlighting the lives of all those connected to the high seas. In our opinion, all you are doing is creating confusion by regurgitating old content, which you do not own, without context or details, and all for the sole reason of generating views and income. If you really cared about the seafaring community, you would donate 100% of the proceeds from video to any one of the number of charities helping seafarers and former hostages who are still struggling with the lasting effects of piracy on the high seas.


  1. ^ attacking hundreds of ships per year (
  2. ^ held captive for years (
  3. ^ posting on LiveLeak (
  4. ^ the video s origin (
  5. ^ Somali piracy is back in the news (
  6. ^ Somali pirates were able to hijack their first commercial ship since 2012 (

Chemical leaks prompt protective gear talks

Two recent incidents involving anhydrous ammonia leaks in Princeton are prompting local officials to consider better protecting the emergency responders who deal with such situations. Princeton City Council members were briefed on the leaks, at the Agrichem facility on U.S. 62 West, by Princeton Fire and Rescue Assistant Chief Brent Thompson. Anhydrous ammonia, a widely-used nitrogen-based farm fertilizer is stored under high pressure in a liquid state.

When released from compression, its temperature drops to minus 28 degrees Fahrenheit, enough to freeze-burn skin on contact, and to freeze clothing to the skin. In addition, the chemical, which contains no water, will seek out water or any moist areas, including living tissue.

When anhydrous ammonia contacts water, it forms ammonium hydroxide. Living tissue is dehydrated quickly and the cells destroyed on contact, a report from the North Dakota State University Extension Service states. The alkali formed in the reaction also causes serious chemical burns.

Anydrous ammonia is extremely destructive to animal tissue, the NDSU report notes.

Skin is reduced to a sticky, gooey substance as the chemical burn progresses. Skin that is chemically burned by the ammonia actually is killed and is not capable of healing or replacing itself.

The chemical also vaporizes quickly. A cubic foot in its liquid state produces 855 cubic feet of ammonia gas. Exposure to high concentrations can cause serious injury and death.

It s a hazardous material that we have to deal with when these things happen, Thompson told the council Monday.

Anhydrous is a very dangerous chemical, and we have a very large distribution plant, he said. The chemical is transported to Agrichem by rail and transferred to a large storage tank.

In January, fire and rescue personnel responded to the plant for an anhydrous leak that occurred when a valve was inadvertently opened during a transfer. The two leaks during the weekend were attributed to faulty tank seals, Thompson noted. The assistant chief extended appreciation to the Princeton Police Department for officers assistance in shutting down U.S. 62 around the plant during the leak responses.

Police Chief Don Weedman, in turn, credited the fire department s quick response for keeping the impact of the leaks to a minimum. At the same time, he said, the personnel responsible for stopping the leak need better protective equipment. Ideally, level A hazmat suits would be used, Thompson noted.

The suits offer the highest level of protection against chemical exposures. At one time, the local department had access to such suits, when post-9/11 federal Homeland Security funds were directed to states to form hazardous materials/weapons of mass destruction response teams. Kentucky had 14 such teams, and Caldwell County served as host county for the Pennyrile region s team, known as HazMat-2.

The grant money dried up, and everybody s hazmat teams have gone away, Thompson told the council.

Princeton had 10 level A suits at one time, provided through the federal grant, but they had a five-year shelf life, and replacing them would cost in excess of $1,500 each, he added.

Those did expire, and because of the cost, we did not buy new ones. Now, Paducah is the nearest city with level A suits. The local fire department has level B suits, which are less expensive but also offer less protection.

In the recent incidents, responders used their regular turnout gear and taped down the openings around their boot cuffs and gloves to guard against exposure to the chemical. Several of the department s firefighters have completed hazardous material technician training, and fire officials hope to train the remainder of the department as well.

We need to get the rest of them up to that level, said Thompson. An initial 40-hour training is required, as well as a 24-hour recertification every two years.

Barring another agency stepping in to handle such hazmat incidents, the responsibility for future responses will remain a local one.

It s basically up to the fire departments now if we re going to do this or not, Thompson told the council. It s not going away.

1 2 3 775