Skip to main content

The WiKID Blog

Viewing posts tagged Authentication Attacks

15-percent-of-corporate-pcs-have-keystroke-loggers

According to David Aucsmith, architect and CTO, Security Business & Technology Unit at Microsoft, 15% of corporate PCs have key stroke loggers.

anatomy-of-a-phishing-attack-response

There is a great article with superb detail over on the Gonzo Banker site about how a bank responded to a phishing attack:

bankash

Dave Evans from Teros pointed out that the PWSteal.Bankash.D trojan includes two lists: one for sites that

better-password-strength-just-one-factor

Pete over at Spire Security points out the obvvious(which alluded me):

As far as I can tell, Bruce Schneier's current Wired column, MySpace Passwords Aren't So Dumb, is intended to be taken seriously. The article is supposed to be about how "good" passwords on MySpace are these days, and there isn't a hint of irony in his statement:
"But seriously, passwords are getting better."
I am at a loss to explain how he can come to this conclusion when every single one of the 34,000 passwords he analyzed were stolen through a phishing attack. What he should have said was: "This shows that a 1-character password (the shortest they harvested) is just as secure as a 32-character password (the longest they harvested)"
He also points out that if you're not going to do two-factor authentication, then don't worry about long passwords. If any data is important enough or vulnerable enough to require a strong and therefore annoying password policy, use two-factor authentication.

better-password-strength-just-one-factordeleteme

Pete over at Spire Security points out the obvvious(which alluded me):

As far as I can tell, Bruce Schneier's current Wired column, MySpace Passwords Aren't So Dumb, is intended to be taken seriously. The article is supposed to be about how "good" passwords on MySpace are these days, and there isn't a hint of irony in his statement:
"But seriously, passwords are getting better."
I am at a loss to explain how he can come to this conclusion when every single one of the 34,000 passwords he analyzed were stolen through a phishing attack. What he should have said was: "This shows that a 1-character password (the shortest they harvested) is just as secure as a 32-character password (the longest they harvested)"
He also points out that if you're not going to do two-factor authentication, then don't worry about long passwords. If any data is important enough or vulnerable enough to require a strong and therefore annoying password policy, use two-factor authentication.

Recent Posts

Archive

2018
2017
2016
2015
2014
2013
2012
2011
2010
2009
2008

Categories

Tags

Authors

Feeds

RSS / Atom