The WiKID Blog

Viewing posts from January, 2009

the-open-source-security-debate

Posted by: admin 15 years, 3 months ago

There's been plenty of debate over whether open source software is more or less secure than proprietary software and it now seems to have mostly died down as people realize that "it depends" is the correct answer. OSS camp points to Apache and other packages and the proprietary camp points out the vast improvement in IIS.

tjx-5-takeaways

Posted by: admin 15 years, 3 months ago

Computerworld has a summary commemorating the one-year anniversary of the TJX breach. I agree with the article. The PCI Standard is a work in progress; Bad guys are hard to catch; etc.

top-9-reasons-to-embrace-two-factor-authentication

Posted by: admin 15 years, 3 months ago

Passwords have been around forever and it's starting to show. The next level of authentication security is two-factor authentication. Your ATM card is an example of two-factor authentication: you need both possession of the card and knowledge of the PIN to get cash. There are a number of factors that are pushing two-factor authentication toward a tipping point.

too-bad-he-is-not-dr-obrien

Posted by: admin 15 years, 3 months ago

From Neatorama:

Graham O’Brien thought he was just unlucky when he couldn’t access his bank account by phone. But it turned out that the call center staff thought he was a woman trying to defraud the bank because of his squeaky voice.

You would think that they could tag his records with some indication that he's got a squeaky voice.

trusted-computing-for-mobile-devices

Posted by: admin 15 years, 3 months ago

There is a new specification for mobile phone security called the Mobile Security Specification. It is essentially trusted computing for cell phones.

The specification has been years in development, said Janne Uusilehto, head of Nokia product security and the chairman of the working group developing this technology. "It is a big deal. This is the first time that we have created such common security specifications for all handheld devices," Uusilehto said.

More:

When these devices appear, they will make things more difficult for data thieves and mobile virus writers. Down the line, the technology could be used to build electronic wallets into mobile phones. In general terms, the specification calls on hardware vendors to store protected information in a secure area of the phones. Similar to the Trusted Platform Module used in PCs, this technology could be used to ensure that the phone's operating system, applications and data have not been tampered with.

All the usual trusted computing warnings apply here, but perhaps more so as cell carriers maintain a 'walled garden' and can limit the devices available. They are also essentially 'tri-opolies'. It seems likely that you will be able to buy a computer without TCP in the future. You might not be able to buy a cell phone without it (that works on a carrier).

• Page 72 of 86
• ←
• 65
• 66
• 67
• 68
• 69
• 70
• 71
• 72
• 73
• 74
• 75
• 76
• 77
• 78
• 79
• →