Viewing posts from January, 2009
pingid-releases-signon-com-but-it-is-not-strong
Posted by: admin 16 years ago
PingID released Signon.com today, which looks like a great addition to the consumer-oriented SSO services available. I take some exception to this quote from PingID CEO Andre Durand about InfoCards
After a user creates an information card on their desktop, they can access SignOn.com and link the card to their account on the site. On subsequent visits, the card is needed for the user to authentication to SignOn.com.Now, I don't know as much about InfoCards as I should, but I know it's not strong authentication. What these services need is strong mutual authentication, so that the user is assured that they are going to the correct SSO service. Then, the SSO service needs to get the user to the correct targeted site.
“It’s a form of strong authentication,” says Andre Durand, CEO of Ping Identity.
picking-open-source-winners-according-to-zdnet
Posted by: admin 16 years ago
Dana Blankenhorn has written about picking winners in open source that starts with a reference to Secretariat. I love horse racing. I spent two summers in my youth as a hot-walker in southern California for a trainer named Willard Proctor. A hot walker walks horses around in a circle, either just to get them out of the stall or to cool them down after they come off the track. It's the lowest position in the backside of any track. The best trainers still use people though and not machines. Our barn was next to Charlie Whittingham's.potential-xss-in-php-sample-page
Posted by: admin 16 years ago
It has been brought to our attention by the team at ush.it that the sample.php page in our PHP Network Client has code that could have been exploited via an XSS attack. The sample page is not part of the network client itself, it is just provided as an example of how to add two-factor authentication to PHP applications.
problems-with-the-pci-security-standard
Posted by: admin 16 years ago
Mark Curphey has some thoughts about the problems with the PCI security standard and it looks like he is just getting started. I would like to also point out a comment left by an anonymous poster (probably because he or she makes a living doing PCI audits) in a previous post on PCI:
The problem with the Visa PCI standard is that Visa/MC have a vested interested in keeping the business flowing. The entity that is responsible for answering Visa is the issuing bank. The retailer is responisible to the issuing bank. The reports are filed with the issuing banks and shared with Visa. The problem with this structure is that all parties have a financial interest in keeping the business flowing. It takes a serious public violation, like card systems, for Visa/Issuing Banks to drop a vendor.
reason-for-drop-in-cost-of-e-crime-now-clear
Posted by: admin 16 years ago
I have always been puzzled as to why the total cost of e-crime dropped in the most recent CSI/FBI crime survey. Now the reason is clear: online crime is no longer predominately the purvue of lonely teens seeking self-esteem, it is increasingly being propogated by organized crime gangs selling access to 'owned' machines. Since they only need 5,000-10,000 machines per sale, that is all they get. If they got more than that it increases the possibility of exposure, reducing the value of those machines.Recent Posts
- Blast-RADIUS attack
- The latest WiKID version includes an SBOM
- WiKID 6 is released!
- Log4j CVE-2021-44228
- Questions about 2FA for AD admins
Archive
2024
2022
- December (1)
2021
2019
2018
2017
2016
2015
2014
- December (2)
- November (3)
- October (3)
- September (5)
- August (4)
- July (5)
- June (5)
- May (2)
- April (2)
- March (2)
- February (3)
- January (1)
2013
2012
- December (1)
- November (1)
- October (5)
- September (1)
- August (1)
- June (2)
- May (2)
- April (1)
- March (2)
- February (3)
- January (1)
2011
2010
- December (2)
- November (3)
- October (3)
- September (4)
- August (1)
- July (1)
- June (3)
- May (3)
- April (1)
- March (1)
- February (6)
- January (3)
2009
- December (4)
- November (1)
- October (3)
- September (3)
- August (2)
- July (5)
- June (6)
- May (8)
- April (7)
- March (6)
- February (4)
- January (427)
2008
- December (1)
Categories
- PCI-DSS (2)
- Two-factor authentication (3)
Tags
- wireless-cellular-mobile-devices (7)
- Two-factor authentication (10)
- Wireless, cellular, mobile devices (6)
- NPS (1)
- Phishing and Fraud (111)
- Active Directory (1)
- pam-radius (3)
- privileged access (2)
- Cloud Security (10)
- Mutual Authentication (60)
- Web Application Authentication (1)
- Authentication Attacks (99)
- pci (50)
- Security and Economics (97)
- WiKID (133)
- pam (2)
- VPN (1)
- Installation (2)
- RADIUS Server (1)
- Open Source (64)
- Tutorial (2)
- Strong Authentication (35)
- Information Security (137)
- Transaction Authentication (13)
- Miscellaneous (100)
- Linux (2)
- transaction-authentication (6)
- Two Factor Authentication (254)