Viewing posts tagged Two Factor Authentication
An Analysis of the Inevitable Analyses of the Gawker Password Breach
Posted by: admin 13 years, 4 months ago
Here we go again. Another attack results in a password file being posted on the Internet. Queue the analysis of the password file. State how users always choose the simplest passwords and cannot be trusted with their own security choices. Of course, this is a great time for WiKID to note that two-factor authentication solves this problem.
HTML5 software token tutorial & some comments
Posted by: admin 13 years, 5 months ago
We've published a short-tutorial on how to install the WiKID HTML5 software token over on Howtoforge!
Cloud Security and Two-factor authentication
Posted by: admin 13 years, 6 months ago
We've recently partnered with VM Racks, Inc a secure virtual hosting specialist for their HIPAA-compliant ESX VMware Hosting service. There are three take-aways from this news:
Traditional two-factor authentication is dead.
Posted by: admin 13 years, 6 months ago
At Bsides Atlanta last week, Eric Smith (@infosecmafia) and Dave Kennedy (@dave_rel1k) demonstrated a real-time attack against a Juniper SSL-VPN that by-passes the authentication method used including time-bound one-time passcodes. (Dave's post on "Traditional Penetration Testing is DEAD" on their BSidesAtlanta talk inspired my title. ;)
This type of attack against SSL and DNS has been predicted for some time, taking advantage of user's willingness to accept any SSL certificate. Kudos to Eric and Dave for showing how this type of attack combined with a strategically aimed penetration test can really wreak havoc on an enterprise.
A world without static passwords
Posted by: admin 13 years, 6 months ago
I wanted to quickly clarify my brief twitter rant about SMS authentication. This was all started by Chris Wysopal's tweet about Zeus's new mobile MiTM attacks and that "phones are not secure enough for 2 factor". Zeus is now targeting the text messages that banks are using for authenticating transactions.
Recent Posts
- The latest WiKID version includes an SBOM
- WiKID 6 is released!
- Log4j CVE-2021-44228
- Questions about 2FA for AD admins
- WiKID Android tokens had their data deleted over the weekend by Google Chrome bug
Archive
2024
- January (1)
2022
- December (1)
2021
2019
2018
2017
2016
2015
2014
- December (2)
- November (3)
- October (3)
- September (5)
- August (4)
- July (5)
- June (5)
- May (2)
- April (2)
- March (2)
- February (3)
- January (1)
2013
2012
- December (1)
- November (1)
- October (5)
- September (1)
- August (1)
- June (2)
- May (2)
- April (1)
- March (2)
- February (3)
- January (1)
2011
2010
- December (2)
- November (3)
- October (3)
- September (4)
- August (1)
- July (1)
- June (3)
- May (3)
- April (1)
- March (1)
- February (6)
- January (3)
2009
- December (4)
- November (1)
- October (3)
- September (3)
- August (2)
- July (5)
- June (6)
- May (8)
- April (7)
- March (6)
- February (4)
- January (427)
2008
- December (1)
Categories
- PCI-DSS (2)
- Two-factor authentication (3)
Tags
- wireless-cellular-mobile-devices (7)
- Two-factor authentication (10)
- Wireless, cellular, mobile devices (6)
- NPS (1)
- Phishing and Fraud (111)
- Active Directory (1)
- pam-radius (3)
- privileged access (2)
- Cloud Security (10)
- Mutual Authentication (60)
- Web Application Authentication (1)
- Authentication Attacks (99)
- pci (50)
- Security and Economics (97)
- WiKID (133)
- pam (2)
- VPN (1)
- Installation (2)
- RADIUS Server (1)
- Open Source (64)
- Tutorial (2)
- Strong Authentication (35)
- Information Security (137)
- Transaction Authentication (13)
- Miscellaneous (100)
- Linux (2)
- transaction-authentication (6)
- Two Factor Authentication (254)