The WiKID Blog, musings on two-factor authentication, information security and some other stuff.
strong-authentication-for-the-masses
Posted by: admin 16 years, 3 months ago
WiKID got a nice review over at the Coffee Corner. I hope they do test the WiKID server on your home network. That is exactly the scenario we envisioned when we released the open source version. No reason why home users shouldn't be able to have strong authentication. I do want tot try to clarify some of the issues, if I understand them correctly:quoted-in-bloomberg-and-some-wireless-ranting
Posted by: admin 16 years, 3 months ago
I have a rather meaningless quote in a nice summation on Bloomberg about the RIM/NTP fracas.reason-for-drop-in-cost-of-e-crime-now-clear
Posted by: admin 16 years, 3 months ago
I have always been puzzled as to why the total cost of e-crime dropped in the most recent CSI/FBI crime survey. Now the reason is clear: online crime is no longer predominately the purvue of lonely teens seeking self-esteem, it is increasingly being propogated by organized crime gangs selling access to 'owned' machines. Since they only need 5,000-10,000 machines per sale, that is all they get. If they got more than that it increases the possibility of exposure, reducing the value of those machines.schneier-questions-need-for-himself
Posted by: admin 16 years, 3 months ago
I read with delight this quote from omnipresent security pundit Bruce Schneier questioning the reasons for the existance of the security industry:
"We shouldn't have to come and find a company to secure our e-mail. E-mail should already be secure. We shouldn't have to buy from somebody to secure our network or servers. Our networks and servers should already be secure."
problems-with-the-pci-security-standard
Posted by: admin 16 years, 3 months ago
Mark Curphey has some thoughts about the problems with the PCI security standard and it looks like he is just getting started. I would like to also point out a comment left by an anonymous poster (probably because he or she makes a living doing PCI audits) in a previous post on PCI:
The problem with the Visa PCI standard is that Visa/MC have a vested interested in keeping the business flowing. The entity that is responsible for answering Visa is the issuing bank. The retailer is responisible to the issuing bank. The reports are filed with the issuing banks and shared with Visa. The problem with this structure is that all parties have a financial interest in keeping the business flowing. It takes a serious public violation, like card systems, for Visa/Issuing Banks to drop a vendor.
Recent Posts
- Blast-RADIUS attack
- The latest WiKID version includes an SBOM
- WiKID 6 is released!
- Log4j CVE-2021-44228
- Questions about 2FA for AD admins
Archive
2024
2022
- December (1)
2021
2019
2018
2017
2016
2015
2014
- December (2)
- November (3)
- October (3)
- September (5)
- August (4)
- July (5)
- June (5)
- May (2)
- April (2)
- March (2)
- February (3)
- January (1)
2013
2012
- December (1)
- November (1)
- October (5)
- September (1)
- August (1)
- June (2)
- May (2)
- April (1)
- March (2)
- February (3)
- January (1)
2011
2010
- December (2)
- November (3)
- October (3)
- September (4)
- August (1)
- July (1)
- June (3)
- May (3)
- April (1)
- March (1)
- February (6)
- January (3)
2009
- December (4)
- November (1)
- October (3)
- September (3)
- August (2)
- July (5)
- June (6)
- May (8)
- April (7)
- March (6)
- February (4)
- January (427)
2008
- December (1)
Categories
- PCI-DSS (2)
- Two-factor authentication (3)
Tags
- wireless-cellular-mobile-devices (7)
- Two-factor authentication (10)
- Wireless, cellular, mobile devices (6)
- NPS (1)
- Phishing and Fraud (111)
- Active Directory (1)
- pam-radius (3)
- privileged access (2)
- Cloud Security (10)
- Mutual Authentication (60)
- Web Application Authentication (1)
- Authentication Attacks (99)
- pci (50)
- Security and Economics (97)
- WiKID (133)
- pam (2)
- VPN (1)
- Installation (2)
- RADIUS Server (1)
- Open Source (64)
- Tutorial (2)
- Strong Authentication (35)
- Information Security (137)
- Transaction Authentication (13)
- Miscellaneous (100)
- Linux (2)
- transaction-authentication (6)
- Two Factor Authentication (254)