Skip to main content

The WiKID Blog

The WiKID Blog, musings on two-factor authentication, information security and some other stuff.

Non-Console Administrative Access

Now that PCI-DSS 3.2 is live, we have been pondering how hard it will be to implement the new multi-factor authentication requirements.  First some definitions from the PCI Glossary:

2016 Verizon DBIR points to two-factor authentication and software whitelisting (again)

The Verizon DBIR 2016 is out today and this is our obiligatory blog post.  The usual caveats apply: it's a small (but growing) data set, there are reporting biases, etc, etc.

More information on the upcoming PCI-DSS 3.2

The PCI Council has published another blog post on the upcoming changes for PCI-DSS 3.2 especially how they relate to multi-factor authentication.

PCI DSS 3.2 will likely require two-factor authentication for administrators

Any day now, we expect the PCI Council to release PCI DSS 3.2.  According to PCI Security Standards Council Chief Technology Officer Troy Leach:

Fingerprints spoofed with conductive ink

I am guessing that the FBI wishes this research had come out just a bit eerlier.  Researchers at Michigan State University have figured out how to use conductive ink to create fingerprint spoofs

Recent Posts

Archive

2016
2015
2014
2013
2012
2011
2010
2009
2008

Tags

Authors

Feeds

RSS / Atom