The WiKID Blog, musings on two-factor authentication, information security and some other stuff.
ftp-and-two-factor-tutorial
Posted by: admin 16 years, 3 months ago
We've published another how-to on Howtoforge: How to Secure VSFTP with SSL and Two-factor Authentication
expresspay-now-at-mcdonalds-expect-more-fraud
Posted by: admin 16 years, 3 months ago
I've always wondered why you could buy gas with a credit card without needing a PIN number. It would seem to me that adding a PIN to purchases where the user does the swiping would eliminate 90% of stolen credit card purchases.firewalls-and-immigration
Posted by: admin 16 years, 3 months ago
I've been a bit surprised by the lack of discussion amongst security bloggers about the immigration bills being batted about in Congress. I don't want to start any flame wars about the definition of 'amnesty' or anything, I just think that the community could help keep the country from spending an insane amount of (borrowed) money on a "security" fence along the Mexican border.
gonzo-bankers-predict-the-end-of-online-banking
Posted by: admin 16 years, 3 months ago
First, what a great site. Clearly, these guys agree with my philosphy that if you're not having fun, the money probably isn't worth it:
We are not the folks who borrow your watch to tell you what time it is - instead, we simply peer over at your wrist when you're not looking.
We never use silly words like "paradigm" and "mission statement" - we prefer more pragmatic terms like "revolutionary mental model" and "envisioned future state."
does-mandatory-disclosure-provide-an-incentive-to
Posted by: admin 16 years, 3 months ago
I was googling around when I came across an interesting paper Information as regulation : the effect of Community Right to Know laws on toxic emissions. I think that this paper has interesting similarities to the current state of affairs for breach notification laws. Consider the background:
In 1986, the American Congress voted the Emergency Planning and Community Right to Know Act. This law requires manufacturing companies in the United States with 10 or more employees to publicly disclose the quantity and type of toxic chemicals released into the environment. In July 1988, the Environmental Protection Agency published the first reports for toxic emissions in the calendar year 1987. Data from these reports have constituted the Toxic Release Inventory (TRI). And finally, in June 1989, the TRI was disclosed to the public for the first time. As a result, publicly traded firms whose TRI releases were first reported had to cope with negative abnormal market returns, i.e. a significant drop of their stock price. The paper examines how firms responded to this negative stock price information.I also liked the reasoning for examining stock price changes:
Actually, there are two main reasons explaining why TRI announcements reduce firm value. First, a high and unexpected TRI announcement can be considered by investors as a warning of poor management practices and increased risk of spills or accidents. Second, TRI emissions disclosures can create a form of pressure from sensitive stakeholders : “green” consumers who may decide to boycott products of high polluting companies, ecologist groups who can sue the firm and, last but not least, the government who might target these firms for wider inspections. All of these mean high pollution-related expenditures (e.g. for penalties or new abatement equipment and methods) that will reduce the firm future profits. Consequently, investors get rid of their shares and the stock price decreases. This stock price hit is a strong incentive for the company executives to improve environmental performance and strengthen firm value in following years.And I thought the conclusions were
On the average, the 130 firms mentioned in the media had a -0.299 % negative abnormal return on the day of the TRI disclosure, while it was -0.019 % the day before. The 40 firms with the largest negative stock price effects following announcement of their TRI emissions were found :These results clearly show that new and unanticipated information concerning a firm’s toxic emissions that has a significant impact on market valuation is a strong incentive for that firm to reduce subsequent emissions and to otherwise improve its environmental performance. From this point of view, providing information to the public may therefore be an effective remedy to reduce environmental externalities beyond a regulatory standard.
- to be among the top 1/3 of polluting firms (per dollar revenue) in their industries.
- not to be the largest absolute TRI emitters, which is consistent with the hypothesis that the market reacted more to unexpected TRI disclosures than to those that were already expected to be very large.
- to subsequently reduce their TRI emissions more than other firms in their industry (including those firms with the largest TRI/ $ revenue prior to the disclosure of TRI levels).
- to also make other significant attempts at improving their environmental performance by reducing the number and severity of oil and chemical spills.
- to have a lower chance of receiving higher fines from the government in subsequent years.
Recent Posts
- Blast-RADIUS attack
- The latest WiKID version includes an SBOM
- WiKID 6 is released!
- Log4j CVE-2021-44228
- Questions about 2FA for AD admins
Archive
2024
2022
- December (1)
2021
2019
2018
2017
2016
2015
2014
- December (2)
- November (3)
- October (3)
- September (5)
- August (4)
- July (5)
- June (5)
- May (2)
- April (2)
- March (2)
- February (3)
- January (1)
2013
2012
- December (1)
- November (1)
- October (5)
- September (1)
- August (1)
- June (2)
- May (2)
- April (1)
- March (2)
- February (3)
- January (1)
2011
2010
- December (2)
- November (3)
- October (3)
- September (4)
- August (1)
- July (1)
- June (3)
- May (3)
- April (1)
- March (1)
- February (6)
- January (3)
2009
- December (4)
- November (1)
- October (3)
- September (3)
- August (2)
- July (5)
- June (6)
- May (8)
- April (7)
- March (6)
- February (4)
- January (427)
2008
- December (1)
Categories
- PCI-DSS (2)
- Two-factor authentication (3)
Tags
- wireless-cellular-mobile-devices (7)
- Two-factor authentication (10)
- Wireless, cellular, mobile devices (6)
- NPS (1)
- Phishing and Fraud (111)
- Active Directory (1)
- pam-radius (3)
- privileged access (2)
- Cloud Security (10)
- Mutual Authentication (60)
- Web Application Authentication (1)
- Authentication Attacks (99)
- pci (50)
- Security and Economics (97)
- WiKID (133)
- pam (2)
- VPN (1)
- Installation (2)
- RADIUS Server (1)
- Open Source (64)
- Tutorial (2)
- Strong Authentication (35)
- Information Security (137)
- Transaction Authentication (13)
- Miscellaneous (100)
- Linux (2)
- transaction-authentication (6)
- Two Factor Authentication (254)