Skip to main content

The WiKID Blog

Viewing posts from January, 2009

How-to-get-an-unlimited-information-security

In the past, I have blogged about how much to budget for info sec, how information security creates value for a company, and other posts designed to help info sec personnel make their case. Well, now I have decided that that is all bunk compared to the advice I am about to give. The new tactic: Bribery.

Website updates

As you have seen no doubt, we've updated the website.   While it has a new look and feel, most of the effort has gone on behind the scenes.  We've upgraded plone and added some new features.  We've added forums for both the Community and Enterprise versions.  We will close the sourceforge.net forums soon. 

embedding-wikid-two-factor-authentication-in-your

One of our customers, Online Banking Solutions offers banks and financial institution software for commercial account management. They have embedded WiKID for two-factor session authentication and mutual https authentication in both the server side and on their optional client. The combined client facilitates the initial validation process, performs session authentication using the one-time passcode and performs mutual https authentication to prevent MITM attacks.

on-the-short-tenure-of-cisos-and-low-frequency

I came across this post which pointed to this article on how to hedge funds can write a series of naked puts on low-probability events and look like geniuses. I have equated this to the information security market before and I have pointed out other posts about low-frequency, high-impact events.

7-easy-steps-to-maximizing-your-fraudulent-stock

The SEC has noticed a dramatic rise in fraud against online brokerage accounts. This is a very interesting article in that it shows how an attacker can take over accounts and make money without necessarily removing money from those accounts. All they need is a couple of "legitimate" account that the fraudsters open, a thinly traded small-cap stock and to control a couple of pwned accounts with enough money to manipulate the targeted stock. The article describes "pumping" as using pwned accounts to drive up the price of stocks that you hold. However, you can also make money on the way down:

Recent Posts

Archive

2024
2022
2021
2019
2018
2017
2016
2015
2014
2013
2012
2011
2010
2009
2008

Categories

Tags

Authors

Feeds

RSS / Atom