Viewing posts from January, 2009
how-information-security-creates-value
Posted by: admin 16 years, 1 month ago
Today I read a blog at NCircle (found via the prolific Adam Shostack) about security as a business enabler. It's an interesting post, but to me it shows that information security people often fail to understand how value it created.
healthcare-consultant-shuts-down-due-to-insecure
Posted by: admin 16 years, 1 month ago
From Dark reading via Slashdot.
While reports of the breaches have been issued in dribs and drabs, all of the data losses can now be attributed to a single incident, in which Verus employees left a firewall down following the transfer of data from one server to another, according to David Levin, vice president of marketing at MedSeek.MedSeek is picking up a lot of business from Verus Inc., which shut down after investors pulled the plug when affected hospitals terminated their contracts.
While reports of the breaches have been issued in dribs and drabs, all of the data losses can now be attributed to a single incident, in which Verus employees left a firewall down following the transfer of data from one server to another, according to David Levin, vice president of marketing at MedSeek.This seems hard to believe, since the reported breaches run from June 4th through today. Perhaps Versus didn't notify all their customers at the same time? But they shut down "eight to 10 weeks ago".
how-about-stop-using-social-security-numbers-as
Posted by: admin 16 years, 1 month ago
Today I read on Martin McKay's blog that you should change your default passwords and Adam Shostack has pointed out that colleges should usen't use SSNs to track students.higher-quality-info-will-cost-you-black-market
Posted by: admin 16 years, 1 month ago
Check out the McAfee Avert blog for look at the black market for banking information. Accounts with high balances cost more, but have guarantees:
For such prices, the seller offers some guaranties. For example, the purchase is covered by replacement, if you are unable - within the 24 hours - to log into the account using the provided details.So now the banks know how long they have to spot a compromised account to drive the profits out of the black market.
highly-highly-targeted-attacks-against
Posted by: admin 16 years, 1 month ago
I've blogged in the past about targeted phishing attacks and Alex Eckelberry has analyzed a particularly nasty example.. According to the Register the scam is highly targeted:
the BBB scam is narrowly targeted and is aimed at those who are likely to have the most sensitive information to lose. No more than one executive of a company is targeted, and the email goes to great lengths to get the names of the exec and the exec's company correct.What's not clear is whether the attackers are trying to get corporate information from an executive's PC or just personal information from high-value targets. More than likely the answer is both
Recent Posts
- Blast-RADIUS attack
- The latest WiKID version includes an SBOM
- WiKID 6 is released!
- Log4j CVE-2021-44228
- Questions about 2FA for AD admins
Archive
2024
2022
- December (1)
2021
2019
2018
2017
2016
2015
2014
- December (2)
- November (3)
- October (3)
- September (5)
- August (4)
- July (5)
- June (5)
- May (2)
- April (2)
- March (2)
- February (3)
- January (1)
2013
2012
- December (1)
- November (1)
- October (5)
- September (1)
- August (1)
- June (2)
- May (2)
- April (1)
- March (2)
- February (3)
- January (1)
2011
2010
- December (2)
- November (3)
- October (3)
- September (4)
- August (1)
- July (1)
- June (3)
- May (3)
- April (1)
- March (1)
- February (6)
- January (3)
2009
- December (4)
- November (1)
- October (3)
- September (3)
- August (2)
- July (5)
- June (6)
- May (8)
- April (7)
- March (6)
- February (4)
- January (427)
2008
- December (1)
Categories
- PCI-DSS (2)
- Two-factor authentication (3)
Tags
- wireless-cellular-mobile-devices (7)
- Two-factor authentication (10)
- Wireless, cellular, mobile devices (6)
- NPS (1)
- Phishing and Fraud (111)
- Active Directory (1)
- pam-radius (3)
- privileged access (2)
- Cloud Security (10)
- Mutual Authentication (60)
- Web Application Authentication (1)
- Authentication Attacks (99)
- pci (50)
- Security and Economics (97)
- WiKID (133)
- pam (2)
- VPN (1)
- Installation (2)
- RADIUS Server (1)
- Open Source (64)
- Tutorial (2)
- Strong Authentication (35)
- Information Security (137)
- Transaction Authentication (13)
- Miscellaneous (100)
- Linux (2)
- transaction-authentication (6)
- Two Factor Authentication (254)