Skip to main content

The WiKID Blog

Viewing posts by admin

better-password-strength-just-one-factordeleteme

Posted by: admin 16 years, 3 months ago

Pete over at Spire Security points out the obvvious(which alluded me):

As far as I can tell, Bruce Schneier's current Wired column, MySpace Passwords Aren't So Dumb, is intended to be taken seriously. The article is supposed to be about how "good" passwords on MySpace are these days, and there isn't a hint of irony in his statement:
"But seriously, passwords are getting better."
I am at a loss to explain how he can come to this conclusion when every single one of the 34,000 passwords he analyzed were stolen through a phishing attack. What he should have said was: "This shows that a 1-character password (the shortest they harvested) is just as secure as a 32-character password (the longest they harvested)"
He also points out that if you're not going to do two-factor authentication, then don't worry about long passwords. If any data is important enough or vulnerable enough to require a strong and therefore annoying password policy, use two-factor authentication.

read more / 0 comments

is-visible-security-needed-for-consumer

Posted by: admin 16 years, 3 months ago

Consumer concerns about about information theft, data breaches and web-based attacks have caused a drop in online commerce activity.

From the article:

"If you look at the regulators like the banking regulators and the credit card associations, they are two years behind the curve," she said. "They finally responded with PCI and FFIEC, and it is definitely improving the security situation, but if they had done this two years ago it would have been in time to prevent this loss."

read more / 0 comments

kaspersky-labs-update-on-bank-attacks

Posted by: admin 16 years, 3 months ago

Hat tip: Securology.

read more / 0 comments

bob-blakely-and-radovan-semanek-on-the-end-of

Posted by: admin 16 years, 3 months ago
Bob Blakely and Radovan Semančík are blogging about two-factor authentication and the problems with passwords. Bob thinks we should get rid of passwords this decade. Radovan thinks that it may be harder than that.

read more / 0 comments

logins-for-ftp-sites-offered-for-sale

Posted by: admin 16 years, 3 months ago

According to Techworld, Finjan has discovered that logins for 8,700 FTP servers are for sale.

Using the Alexa.com domain ranking, Finjan found 10 of the top 100 domains in the database, 100 of the top 500 domains, and 50 of those between 500 and 1,000.
My reaction: FTP? Really? You've got to at least hope that it's SFTP.
The hacked servers could be used to distribute crimeware by injecting iframe tags into any webpage stored on the compromised FTP servers. Indeed the server accounts were themselves being traded by a web application able to rank and price them according to their Google page rank for re-sale to other criminals.
Fancy.

read more / 0 comments

Recent Posts

Archive

2024
2022
2021
2019
2018
2017
2016
2015
2014
2013
2012
2011
2010
2009
2008

Categories

Tags

Authors

Feeds

RSS / Atom