Skip to main content

The WiKID Blog

Viewing posts from January, 2009

mitm-attacks-tokens-vs-phishing-and-mutual

Kurt at anti-virus rants has a pair of posts, one on what is man-in-the-middle attack and a follow up on why tokens won't stop phishing, which lead me to an earlier post on why safe site indicators fail.

more-proof-that-mutual-authentication-is-needed

The number of phishing sites soared in October. Phishers are using bot-nets to create fake domains faster than anti-phishing toolbar vendors can blacklist them. It explains why phishers haven't tried to DDOS the blacklists and it shows that getting users to the correct site via strong mutual authentication is the way to go.

more-on-de-perimeterization

Having just posted on de-perimeterization, I thought that this quote from Scott Borg of the U.S. Cyber Consequences Unit on the consequences of breaches:

"We started seeing huge vulnerabilities," Borg said Wednesday at the GovSec conference in Washington, where the draft document was released. Most of the systems were compliant with current security checklists and best practices. "And portions of those systems were extraordinarily secure. But they were Maginot Lines," susceptible to being outflanked.

more-on-effectiveness-of-strong-authentication

Network World has given Bruce Schneier a chance to clarify his position that strong authentication is "Too Little Too Late" and has given RSA's CTO, Joe Uniejewski, a chance to rebut.

more-on-layered-authentication

Ok, I slagged the concept of 'layered' authentication as a marketing neologism in my response to Eric Nolan's identity predictions for 2006. I was overcome by prediction hysteria. I've got to calm down...

Recent Posts

Archive

2021
2019
2018
2017
2016
2015
2014
2013
2012
2011
2010
2009
2008

Categories

Tags

Authors

Feeds

RSS / Atom