Skip to main content

The WiKID Blog

Viewing posts from February, 2010

Secure internet access from security conferences

Have you ever been on the Wall of Sheep at a security conference?  Do you go without Internet to avoid the same? Well no more (at least for RSA/BsidesSF).

Security Missteps Made in the Name of Compliance

In the Five Security Missteps made in the Name of Compliance, Bill Brenner lists "How to Botch Multi-factor Authentication" first.  The point is that if you open holes for users that have forgotten their hardware tokens, you have circumvented your own security, eliminating the value of two-factor authentication.

More on PCI: The Costs of Credit Card Fraud

For all the circus atmosphere of the PCI debate at Shmoo, I got the feeling that most everyone agreed:  PCI is getting the worse security offenders up to speed.  There is no guarantee that they are 'doing it right', but most are doing it better.  If the payment system had been designed correctly, then all of this effort to secure payment data would not be necessary.  Sadly, it is too late to fix this because of cost.  Oh, wait. Stop. Actually, that last point was somewhat contentious.

The Great PCI Debate from Shmoocon

I really enjoyed the PCI debate at Shmoocon, but probably because it was more circus than it should have been. (Here's another summary from Anton Chuvakin)  The pertinent points I came away with where:

SANS Institute Critical Controls

"The SANS Institute has released their "Twenty Critical Security Controls for Effective Cyber Defense: Consensus Audit Guidelines".  Note that  two-factor authentication is listed under boundary controls:

Recent Posts

Archive

2017
2016
2015
2014
2013
2012
2011
2010
2009
2008

Categories

Tags

Authors

Feeds

RSS / Atom