The WiKID Blog, musings on two-factor authentication, information security and some other stuff.
texas-considers-requiring-pci-compliance
Posted by: admin 16 years, 3 months ago
In an interesting twist in the continuing PCI story, the Texas legislature may mandate PCI compliance:
According to the language of the bill, "A business that, in the regular course of business, collects, maintains, or stores sensitive personal information in connection with an access device must comply with payment card industry data security standards." The bill would allow a financial institution in the state to request a breached entity to provide certification of its compliance with PCI specified controls. HB 3222 would require the certification to be issued by a PCI-approved auditor no earlier than 90-days before the breach.It sounds like retailers would have to be audited every 90 days! Is this bill the work of the financial institutions or the auditors?
telework-promoted-to-cut-gas-costs
Posted by: admin 16 years, 3 months ago
According to a recent study, federal workers could save $55 on monthly fuel costs.
The online-based telework promoting organization figured that current fuel prices cost typical GS-7, Step 5 federal employees $138.80 a month, nearly 7 percent of their after-tax income. The organization's study, titled "Gas Fuels Telework," is based on a survey of 3,500 federal employees registered with the Telework Exchange Web site.If you've been in DC area traffic, then you know that anything that gets cars off the roads is a good thing.
securing-webdav-with-ssl-and-two-factor
Posted by: admin 16 years, 3 months ago
One reason for the lack of posts recently has been that I have written a how-to on securing WebDAV with SSL and two-factor authentication. Dealing with WebDAV was more of a pain than I anticipated. First, there seems to be a bug in recent versions of apache that breaks mod_auth_radius and mod_auth_xradis. Second, I spent a lot of time figuring out the ways that WebDAV does not work on Windows ;).
ted-stevens-site-hacked-by-irony
Posted by: admin 16 years, 3 months ago
Hot off the tubes:
Almost as freaky as his infamously disjointed "series-of-tubes" speech last year about the Internet (which briefly earned him the Most Lampooned Politician on the Web award), Stevens's reelection site asks visitors to enter a username and password and then -- as they unsuccessfully fumble for a password -- condemns them with a warning that begins:
i-can-dig-it-he-can-dig-it-she-can-dig-it-we-can
Posted by: admin 16 years, 3 months ago
With apologies to Friends of Distinction: An article I wrote for Howtoforge has made the front page of Digg. So can you digg it. baby?
Recent Posts
- Blast-RADIUS attack
- The latest WiKID version includes an SBOM
- WiKID 6 is released!
- Log4j CVE-2021-44228
- Questions about 2FA for AD admins
Archive
2024
2022
- December (1)
2021
2019
2018
2017
2016
2015
2014
- December (2)
- November (3)
- October (3)
- September (5)
- August (4)
- July (5)
- June (5)
- May (2)
- April (2)
- March (2)
- February (3)
- January (1)
2013
2012
- December (1)
- November (1)
- October (5)
- September (1)
- August (1)
- June (2)
- May (2)
- April (1)
- March (2)
- February (3)
- January (1)
2011
2010
- December (2)
- November (3)
- October (3)
- September (4)
- August (1)
- July (1)
- June (3)
- May (3)
- April (1)
- March (1)
- February (6)
- January (3)
2009
- December (4)
- November (1)
- October (3)
- September (3)
- August (2)
- July (5)
- June (6)
- May (8)
- April (7)
- March (6)
- February (4)
- January (427)
2008
- December (1)
Categories
- PCI-DSS (2)
- Two-factor authentication (3)
Tags
- wireless-cellular-mobile-devices (7)
- Two-factor authentication (10)
- Wireless, cellular, mobile devices (6)
- NPS (1)
- Phishing and Fraud (111)
- Active Directory (1)
- pam-radius (3)
- privileged access (2)
- Cloud Security (10)
- Mutual Authentication (60)
- Web Application Authentication (1)
- Authentication Attacks (99)
- pci (50)
- Security and Economics (97)
- WiKID (133)
- pam (2)
- VPN (1)
- Installation (2)
- RADIUS Server (1)
- Open Source (64)
- Tutorial (2)
- Strong Authentication (35)
- Information Security (137)
- Transaction Authentication (13)
- Miscellaneous (100)
- Linux (2)
- transaction-authentication (6)
- Two Factor Authentication (254)