Skip to main content

The WiKID Blog

Viewing posts tagged WiKID

More Marketing Service firms in the news

Dark Reading is reporting that Best Buy has suffered a second loss of customer data - e-mail addresses - through another vendor (not Epsilon).  

HTML5 software token tutorial & some comments

We've published a short-tutorial on how to install the WiKID HTML5 software token over on Howtoforge!  

Cloud Security and Two-factor authentication

We've recently partnered with VM Racks, Inc a secure virtual hosting specialist for their HIPAA-compliant ESX VMware Hosting service.   There are three take-aways from this news:

Traditional two-factor authentication is dead.

At Bsides Atlanta last week, Eric Smith (@infosecmafia) and Dave Kennedy (@dave_rel1k) demonstrated a real-time attack against a Juniper SSL-VPN that by-passes the authentication method used including time-bound one-time passcodes.  (Dave's post on "Traditional Penetration Testing is DEAD" on their BSidesAtlanta talk inspired my title. ;)

This type of attack against SSL and DNS has been predicted for some time, taking advantage of user's willingness to accept any SSL certificate.  Kudos to Eric and Dave for showing how this type of attack combined with a strategically aimed penetration test can really wreak havoc on an enterprise.

iOS 4 struggles

The iOS 4 upgrade for the iPhone breaks the WiKID token.  We're looking into and hope to have something fixed shortly.  

Recent Posts

Archive

2018
2017
2016
2015
2014
2013
2012
2011
2010
2009
2008

Categories

Tags

Authors

Feeds

RSS / Atom