Skip to main content

The WiKID Blog

Viewing posts tagged Authentication Attacks

same-old-song-and-dance

Here's the summary:

sec-creates-extortion-scheme-opportunity

Following up on my recent post about the bizarre action of the SEC of punishing companies that are victims of pump-and-dump spam. Paul Moriarty, director of product development for Internet Content Security at Trend Micro has pointed out that suspending the stocks created a denial of service/extortion opportunity:

"Pretty soon, you'll start seeing extortion schemes. The spammers will simply call up a company and demand money on the threat of a pump-and-dump spam run. Think about it, a spammer now has the power to control which stocks are suspended by the SEC," Moriarty warned.
Of course, one hopes, that if the company can show it is been extorted, the SEC will realize the errors of its ways.

sha1-broken

According to a number of places, but primarily Bruce Schneier, SHA-1 has been broken by a team of researchers in China. It's not time to panic if you're using it, but it is time to start thinking about a replacement.

anatomy-of-a-phishing-attack-response

There is a great article with superb detail over on the Gonzo Banker site about how a bank responded to a phishing attack:

sitekey-study-released

And the results are not good.

“The premise is that site-authentication images increase security because customers will not enter their passwords if they do not see the correct image,” said Stuart Schechter, a computer scientist at the M.I.T. Lincoln Laboratory. “From the study we learned that the premise is right less than 10 percent of the time.”
The article also points out that perceived user convenience is more important than security:
Banks immediately knew what they did not want to do: ask customers to download new security software, or carry around hardware devices that feed them PIN codes they can use to authenticate their identities. Both solutions would add an extra layer of security but, the banks believed, detract from the convenience of online banking.
This is a problem, though, because their opponent is more than willing to install software on the user's computers. Moreover, they are willing to attack an ISP's computers in the middle. This asymmetry will cause problems for financial institutions.

Recent Posts

Archive

2024
2022
2021
2019
2018
2017
2016
2015
2014
2013
2012
2011
2010
2009
2008

Categories

Tags

Authors

Feeds

RSS / Atom