Viewing posts tagged Authentication Attacks
zone-h-attack-really-a-dns-hijacking
Posted by: admin 14 years, 8 months ago
According to the Register the recent 'defacement' of Zone-H was really a DNS hijacking. While it is not clear how the attackers took control of the domain, it points out the DNS system is not a reliable security mechanism. It is less likely that an attacker would get contorl of a major financial institution's DNS registration (or is it?), but DNS-cache poisoning is very likely.
vint-cerf-et-al-on-internet-security
Posted by: admin 14 years, 8 months ago
I had the pleasure to attend the recent security summit at the Georgia Tech Information Security Center (webcast is available, but only if you have quicktime and IE7 apparently, which ain't me) and getting to hear Vint Cerf and a very strong group of panelists. Here are my take-aways:
- When you sell your company for big bucks, you get to be on panels at colleges. Maybe this is because the event was held in the Chris Klaus building.
- The internet needs better, stronger authentication - and not just the user, but better Damballa a local Atlanta start-up spun out of Georgia Tech to help ISPs address the bot problem. Good luck to those guys. Seems like cool technology.
flaw-in-mail-list-compromises-password-file
Posted by: admin 14 years, 8 months ago
There are a number of things that make passwords increasingly unusable. One of the biggest problems with passwords is that you're supposed to use different ones for different systems. It's a no-no to use the same password in multiple places because if one gets compromised, then the other systems are compromised.
follow-up-on-t-mobile-security
Posted by: admin 14 years, 8 months ago
So this weekend, the blog started getting a ton of hits from google searches for "Paris Hitlon T-moble hacked SideKick" etc. I couldn't figure out why the big rush all the sudden until I read the Register this a.m..
one-time-passwords-and-credit-cards
Posted by: admin 14 years, 8 months ago
I am so confused about this piece of advice from Garner's Avivah Litan:
Recent Posts
- WiKID 6 is released!
- Log4j CVE-2021-44228
- Questions about 2FA for AD admins
- WiKID Android tokens had their data deleted over the weekend by Google Chrome bug
- Scalability improvements in version 5.0 of the WiKID Strong Authentication server
Archive
2022
- December (1)
2021
2019
2018
2017
2016
2015
2014
- December (2)
- November (3)
- October (3)
- September (5)
- August (4)
- July (5)
- June (5)
- May (2)
- April (2)
- March (2)
- February (3)
- January (1)
2013
2012
- December (1)
- November (1)
- October (5)
- September (1)
- August (1)
- June (2)
- May (2)
- April (1)
- March (2)
- February (3)
- January (1)
2011
2010
- December (2)
- November (3)
- October (3)
- September (4)
- August (1)
- July (1)
- June (3)
- May (3)
- April (1)
- March (1)
- February (6)
- January (3)
2009
- December (4)
- November (1)
- October (3)
- September (3)
- August (2)
- July (5)
- June (6)
- May (8)
- April (7)
- March (6)
- February (4)
- January (427)
2008
- December (1)
Categories
- PCI-DSS (2)
- Two-factor authentication (3)
Tags
- wireless-cellular-mobile-devices (7)
- Two-factor authentication (10)
- Wireless, cellular, mobile devices (6)
- NPS (1)
- Phishing and Fraud (111)
- Active Directory (1)
- pam-radius (3)
- privileged access (2)
- Cloud Security (10)
- Mutual Authentication (60)
- Web Application Authentication (1)
- Authentication Attacks (99)
- pci (50)
- Security and Economics (97)
- WiKID (133)
- pam (2)
- VPN (1)
- Installation (2)
- RADIUS Server (1)
- Open Source (64)
- Tutorial (2)
- Strong Authentication (35)
- Information Security (137)
- Transaction Authentication (13)
- Miscellaneous (100)
- Linux (2)
- transaction-authentication (6)
- Two Factor Authentication (254)