The WiKID Blog

Viewing posts by admin

computer-crime-and-security-survey-shows-increase

Posted by: admin 16 years, 3 months ago

The annual CSI survey is (almost) out and it shows a big increase in reported costs. Companies reported average annual losses of $350,424 in the past year, up sharply from the $168,000 they reported the previous year.

marginal-revolution-on-vaccinations

Posted by: admin 16 years, 3 months ago

Kiss me, I'm vaccinated:

People who have the flu spread the virus so getting a flu shot not only reduces the probability that I will get the flu it reduces the probability that you will get the flu. In the language of economics the flu shot creates an external benefit, a benefit to other people not captured by the person who paid the costs of getting the shot. The external benefits of a flu shot can be quite large. Under some conditions each person who is vaccinated reduces the expected number of other people who get the flu by 1.5.

Perhaps we have been taking the wrong tack thinking about how to punish PC users who have malware on their machines.. Maybe offering additional benefits to users with verifiable security mechanisms is a better solution. Maybe one of those benefits would be access to IRC channels often used by malware to contact their controller.

buyability-and-usability

Posted by: admin 16 years, 3 months ago

Today we turned on online purchasing for WiKID Strong Authentication licenses. It is a bit of an experiment in "buyability". A big hat tip to Dharmesh Shah's post on Usability vs. Buyability to clarify this point for me. We had focused on ease of use. We have provided ASP scripts that automate the two-factor roll-out process, for example and have an incredibly easy to use Web-interface on the WiKID server (IMHO - another hat tip to Brian Dame ;). We have attempted to take the risk out of buying WiKID by having an open-source version and by having a trial version of the commercial server available for download from the extranet. And we have set up a way to test the WiKID two-factor tokens without even providing an email address.

blogdrums

Posted by: admin 16 years, 3 months ago

I have had a bad case of the blogdrums, plus we've been busy working on our 3.0 release. We have just opened to the public our 3.0 beta release in an RPM version. So if you want to play around with two-factor authentication and help us out, please download.

better-password-strength-just-one-factordeleteme

Posted by: admin 16 years, 3 months ago

Pete over at Spire Security points out the obvvious(which alluded me):

As far as I can tell, Bruce Schneier's current Wired column, MySpace Passwords Aren't So Dumb, is intended to be taken seriously. The article is supposed to be about how "good" passwords on MySpace are these days, and there isn't a hint of irony in his statement:

"But seriously, passwords are getting better."

I am at a loss to explain how he can come to this conclusion when every single one of the 34,000 passwords he analyzed were stolen through a phishing attack. What he should have said was: "This shows that a 1-character password (the shortest they harvested) is just as secure as a 32-character password (the longest they harvested)"

He also points out that if you're not going to do two-factor authentication, then don't worry about long passwords. If any data is important enough or vulnerable enough to require a strong and therefore annoying password policy, use two-factor authentication.

• Page 79 of 122
• ←
• 72
• 73
• 74
• 75
• 76
• 77
• 78
• 79
• 80
• 81
• 82
• 83
• 84
• 85
• 86
• →