Skip to main content

The WiKID Blog

The WiKID Blog, musings on two-factor authentication, information security and some other stuff.

spies-in-the-phishing-underground

Posted by: admin 16 years, 3 months ago

There is a great article on the current state of phishing on net-secrurity.org. The article discusses phishing kits with backdoors (phishers phishing phishers), the market for identity information, the lack of sophistication of phishers and some recommendations:

We aren’t going to solve the problem of online PII (Personally Identifiable Information) and identify theft just by writing even more secure code (although it certainly helps), or by continuing to play whack-a-mole with phishers. The system of relying on static identifiers to commit financial transactions needs to be rethought.
And:
Commercial financial institutions such as credit card companies and banks realize that the cost of implementing a new system that does not merely rely on static identifiers is higher than the fraud committed, so they decide to accept the cost. This is the reason why the system has not changed. Unfortunately, financial institutions only take into account their cost when making this decision, but it also ends up affecting the lives of millions of people who have to pay with their identities when such fraud is committed (this cost is also shared by other companies that want to have the capacity to process transactions. The PCI standard is a good example of this situation).
The expectation is that the band-aid approach will continue to be applied until the costs exceed the expense of two-factor authentication.

read more / 0 comments

targeting-with-the-tools-you-have

Posted by: admin 16 years, 3 months ago

I have (just last post :) suggested before that the first systems to get true two-factor authentication will be the high-value brokerage and commercial accounts, pointing to Online Banking Solutions as being ahead of the curve in protecting their customers' customers.

read more / 0 comments

sec-creates-extortion-scheme-opportunity

Posted by: admin 16 years, 3 months ago

Following up on my recent post about the bizarre action of the SEC of punishing companies that are victims of pump-and-dump spam. Paul Moriarty, director of product development for Internet Content Security at Trend Micro has pointed out that suspending the stocks created a denial of service/extortion opportunity:

"Pretty soon, you'll start seeing extortion schemes. The spammers will simply call up a company and demand money on the threat of a pump-and-dump spam run. Think about it, a spammer now has the power to control which stocks are suspended by the SEC," Moriarty warned.
Of course, one hopes, that if the company can show it is been extorted, the SEC will realize the errors of its ways.

read more / 0 comments

of-lexus-lanes-and-safety-spikes-tm

Posted by: admin 16 years, 3 months ago

and information security.

I just finished reading the Undercover Economist by Tim Hartford. Great Read. He has a chapter on externality charges. While he doesn't use the term, he's talking about Lexus Lanes - toll lanes that charge a fee for access - think a paid HOV lane.

read more / 0 comments

the-choicepoint-of-johns

Posted by: admin 16 years, 3 months ago

Of course, it makes complete sense. From the Freakonomics blog, an interview with an "escort":

Q. Do you typically know the true identity of your clients, and if so, how?

read more / 0 comments

Recent Posts

Archive

2024
2022
2021
2019
2018
2017
2016
2015
2014
2013
2012
2011
2010
2009
2008

Categories

Tags

Authors

Feeds

RSS / Atom