Viewing posts from January, 2009
the-externalities-of-dns-configuration
Posted by: admin 15 years, 9 months ago
According to a recent study by DNS appliance maker Infoblox, over 50% of the Internet's domain name servers allow recursive name services - requiring a name server to relay requests to other name servers. If an attacker "poisons" the list of name servers, users are directed to a fake site, even if they manually enter the correct web-address.
the-open-source-security-debate
Posted by: admin 15 years, 9 months ago
There's been plenty of debate over whether open source software is more or less secure than proprietary software and it now seems to have mostly died down as people realize that "it depends" is the correct answer. OSS camp points to Apache and other packages and the proprietary camp points out the vast improvement in IIS.tjx-5-takeaways
Posted by: admin 15 years, 9 months ago
Computerworld has a summary commemorating the one-year anniversary of the TJX breach. I agree with the article. The PCI Standard is a work in progress; Bad guys are hard to catch; etc.
top-9-reasons-to-embrace-two-factor-authentication
Posted by: admin 15 years, 9 months ago
Passwords have been around forever and it's starting to show. The next level of authentication security is two-factor authentication. Your ATM card is an example of two-factor authentication: you need both possession of the card and knowledge of the PIN to get cash. There are a number of factors that are pushing two-factor authentication toward a tipping point.
too-bad-he-is-not-dr-obrien
Posted by: admin 15 years, 9 months ago
From Neatorama:
Graham O’Brien thought he was just unlucky when he couldn’t access his bank account by phone. But it turned out that the call center staff thought he was a woman trying to defraud the bank because of his squeaky voice.You would think that they could tag his records with some indication that he's got a squeaky voice.
Recent Posts
- Blast-RADIUS attack
- The latest WiKID version includes an SBOM
- WiKID 6 is released!
- Log4j CVE-2021-44228
- Questions about 2FA for AD admins
Archive
2024
2022
- December (1)
2021
2019
2018
2017
2016
2015
2014
- December (2)
- November (3)
- October (3)
- September (5)
- August (4)
- July (5)
- June (5)
- May (2)
- April (2)
- March (2)
- February (3)
- January (1)
2013
2012
- December (1)
- November (1)
- October (5)
- September (1)
- August (1)
- June (2)
- May (2)
- April (1)
- March (2)
- February (3)
- January (1)
2011
2010
- December (2)
- November (3)
- October (3)
- September (4)
- August (1)
- July (1)
- June (3)
- May (3)
- April (1)
- March (1)
- February (6)
- January (3)
2009
- December (4)
- November (1)
- October (3)
- September (3)
- August (2)
- July (5)
- June (6)
- May (8)
- April (7)
- March (6)
- February (4)
- January (427)
2008
- December (1)
Categories
- PCI-DSS (2)
- Two-factor authentication (3)
Tags
- wireless-cellular-mobile-devices (7)
- Two-factor authentication (10)
- Wireless, cellular, mobile devices (6)
- NPS (1)
- Phishing and Fraud (111)
- Active Directory (1)
- pam-radius (3)
- privileged access (2)
- Cloud Security (10)
- Mutual Authentication (60)
- Web Application Authentication (1)
- Authentication Attacks (99)
- pci (50)
- Security and Economics (97)
- WiKID (133)
- pam (2)
- VPN (1)
- Installation (2)
- RADIUS Server (1)
- Open Source (64)
- Tutorial (2)
- Strong Authentication (35)
- Information Security (137)
- Transaction Authentication (13)
- Miscellaneous (100)
- Linux (2)
- transaction-authentication (6)
- Two Factor Authentication (254)