The WiKID Blog, musings on two-factor authentication, information security and some other stuff.
etrade-to-offer-zero-liability-accounts
Posted by: admin 16 years, 3 months ago
Kudos to ETrade for offering a "zero liability" account. I suspect this is an attempt to foil my prediction that brokerage accounts will be increasingly targeted by phishers. (Though, to be honest, they were getting off to a good start in Q4.)
Brokerage accounts are tempting. Most people (if they have brokerage accounts) have more in their stock accounts than in their bank account or savings. It's probably harder to determine if a payment leaving the account is fraudulent. With bank accounts, phishers target a larger number of users for smaller dollars amounts. With brokerage accounts, phishers aim for bigger dollars. From the BusinessWeek article:
determining-an-appropriate-cost-of-capital-for-an
Posted by: admin 16 years, 3 months ago
In my first post, I discussed the short-comings of ROI as an analysis tool for information security projects because it doesn't include a cost of capital. Using a cap rate will increase the accuracy of your analysis, but how do you come up with a good cap rate?
FTC-alledges-fraud-at-payment-processor-Interbillpay.com
Posted by: admin 16 years, 3 months ago
Courtesy InfoWorld
on-the-short-tenure-of-cisos-and-low-frequency
Posted by: admin 16 years, 3 months ago
I came across this post which pointed to this article on how to hedge funds can write a series of naked puts on low-probability events and look like geniuses. I have equated this to the information security market before and I have pointed out other posts about low-frequency, high-impact events.
repurcussions-of-data-loss-at-ohio-university
Posted by: admin 16 years, 3 months ago
It's a long standing joke that no matter where you move, your alumni association can find you. That may change after OU's experience with their data breaches as chronicled here. Of course, they use your Social Security Number to track you down.
Recent Posts
- Blast-RADIUS attack
- The latest WiKID version includes an SBOM
- WiKID 6 is released!
- Log4j CVE-2021-44228
- Questions about 2FA for AD admins
Archive
2024
2022
- December (1)
2021
2019
2018
2017
2016
2015
2014
- December (2)
- November (3)
- October (3)
- September (5)
- August (4)
- July (5)
- June (5)
- May (2)
- April (2)
- March (2)
- February (3)
- January (1)
2013
2012
- December (1)
- November (1)
- October (5)
- September (1)
- August (1)
- June (2)
- May (2)
- April (1)
- March (2)
- February (3)
- January (1)
2011
2010
- December (2)
- November (3)
- October (3)
- September (4)
- August (1)
- July (1)
- June (3)
- May (3)
- April (1)
- March (1)
- February (6)
- January (3)
2009
- December (4)
- November (1)
- October (3)
- September (3)
- August (2)
- July (5)
- June (6)
- May (8)
- April (7)
- March (6)
- February (4)
- January (427)
2008
- December (1)
Categories
- PCI-DSS (2)
- Two-factor authentication (3)
Tags
- wireless-cellular-mobile-devices (7)
- Two-factor authentication (10)
- Wireless, cellular, mobile devices (6)
- NPS (1)
- Phishing and Fraud (111)
- Active Directory (1)
- pam-radius (3)
- privileged access (2)
- Cloud Security (10)
- Mutual Authentication (60)
- Web Application Authentication (1)
- Authentication Attacks (99)
- pci (50)
- Security and Economics (97)
- WiKID (133)
- pam (2)
- VPN (1)
- Installation (2)
- RADIUS Server (1)
- Open Source (64)
- Tutorial (2)
- Strong Authentication (35)
- Information Security (137)
- Transaction Authentication (13)
- Miscellaneous (100)
- Linux (2)
- transaction-authentication (6)
- Two Factor Authentication (254)