The WiKID Blog

The WiKID Blog, musings on two-factor authentication, information security and some other stuff.

student-interest-in-wikid

Posted by: admin 16 years, 3 months ago

We get a good number of hits from .edu domains and I was recently asked by a student about using WiKID for a class project on two-factor authentication. This is great and highly encouraged. Feel free to download the commercial server and test it for educational purposes. Obviously, you can really look under the hood of the open source version

risk-and-effectiveness-for-project-evaluation

Posted by: admin 16 years, 3 months ago

Gunnar Peterson has a post from Metricon about Bryan Ware's presentation about combining the effectiveness of a solution and the risk involved. I couldn't find the link to the actualy presentation. (I didn't have the time to go through them all.)

I think I would tie the effectiveness of the proposed security solution to the cost of capital of the overall project. It would be interesting to tie Bryan's work with my "work" on estimating the cost of capital for an information security project.

wikid-strong-authentication-firefox-extension

Posted by: admin 16 years, 3 months ago

Loyal blog readers, both of you, will you test the new WiKID Strong Authentication Firefox Extension? It's an aplha quality, but we are getting closer to beta.

visa-adds-carrot-to-stick-for-pci-goulash

Posted by: admin 16 years, 3 months ago

This will be interesting to look back on in a year: Visa is creating a $20,000,000 bonus pool to incent their members to be PCI compliant. :

Visa's new Visa PCI Compliance Acceleration Program is designed to spur entities that are covered by PCI rules to comply in a speedy fashion, said Jennifer Fischer, a director with Visa USA. "This program is part of our larger strategy for protecting card holder data and to ensure that we are doing everything we can to protect it from compromise," she said.

Why is it needed? Because:

Though nearly 18 months have passed since PCI rules went into full effect, only 36% of Tier 1 merchants and 15% of Tier 2 merchants are currently compliant with the requirements, according to Visa.

I think this might be the more effective bit:

At the same time, acquiring banks that fail to ensure compliance by Sept. 30, 2007 will be assessed fines starting at $5,000 a month for each non-compliant merchant. The fines increase to $25,000 per month for each non-compliant merchant after Dec. 31, 2007. Until now, fines have only been assessed in cases where actual data breaches occurred.

That will get them going!

two-factor-authentication-for-gamers

Posted by: admin 16 years, 3 months ago

Now that you can sell virtual items for real cash, attackers are targeting online gamers. According to Information Week, there is now a trojan targeting World of Warcracft passwords, PWS.Win32.WOW.x .

"Win32.WOW is a clear indication that malware writers are targeting anything that involves money," said MicroWorld chief executive Govind Rammurthy in a statement. "Bucks may be smaller compared to a Trojan that steals bank accounts or credit card numbers...[but] cyber criminals are not complaining as long as the target is soft and numbers are high."

• Page 121 of 135
• ←
• 114
• 115
• 116
• 117
• 118
• 119
• 120
• 121
• 122
• 123
• 124
• 125
• 126
• 127
• 128
• →