Viewing posts tagged Authentication Attacks
same-old-song-and-dance
Posted by: admin 15 years, 7 months ago
Here's the summary:sec-creates-extortion-scheme-opportunity
Posted by: admin 15 years, 7 months ago
Following up on my recent post about the bizarre action of the SEC of punishing companies that are victims of pump-and-dump spam. Paul Moriarty, director of product development for Internet Content Security at Trend Micro has pointed out that suspending the stocks created a denial of service/extortion opportunity:
"Pretty soon, you'll start seeing extortion schemes. The spammers will simply call up a company and demand money on the threat of a pump-and-dump spam run. Think about it, a spammer now has the power to control which stocks are suspended by the SEC," Moriarty warned.Of course, one hopes, that if the company can show it is been extorted, the SEC will realize the errors of its ways.
sha1-broken
Posted by: admin 15 years, 7 months ago
According to a number of places, but primarily Bruce Schneier, SHA-1 has been broken by a team of researchers in China. It's not time to panic if you're using it, but it is time to start thinking about a replacement.anatomy-of-a-phishing-attack-response
Posted by: admin 15 years, 7 months ago
There is a great article with superb detail over on the Gonzo Banker site about how a bank responded to a phishing attack:sitekey-study-released
Posted by: admin 15 years, 7 months ago
“The premise is that site-authentication images increase security because customers will not enter their passwords if they do not see the correct image,” said Stuart Schechter, a computer scientist at the M.I.T. Lincoln Laboratory. “From the study we learned that the premise is right less than 10 percent of the time.”The article also points out that perceived user convenience is more important than security:
Banks immediately knew what they did not want to do: ask customers to download new security software, or carry around hardware devices that feed them PIN codes they can use to authenticate their identities. Both solutions would add an extra layer of security but, the banks believed, detract from the convenience of online banking.This is a problem, though, because their opponent is more than willing to install software on the user's computers. Moreover, they are willing to attack an ISP's computers in the middle. This asymmetry will cause problems for financial institutions.
Recent Posts
- Blast-RADIUS attack
- The latest WiKID version includes an SBOM
- WiKID 6 is released!
- Log4j CVE-2021-44228
- Questions about 2FA for AD admins
Archive
2024
2022
- December (1)
2021
2019
2018
2017
2016
2015
2014
- December (2)
- November (3)
- October (3)
- September (5)
- August (4)
- July (5)
- June (5)
- May (2)
- April (2)
- March (2)
- February (3)
- January (1)
2013
2012
- December (1)
- November (1)
- October (5)
- September (1)
- August (1)
- June (2)
- May (2)
- April (1)
- March (2)
- February (3)
- January (1)
2011
2010
- December (2)
- November (3)
- October (3)
- September (4)
- August (1)
- July (1)
- June (3)
- May (3)
- April (1)
- March (1)
- February (6)
- January (3)
2009
- December (4)
- November (1)
- October (3)
- September (3)
- August (2)
- July (5)
- June (6)
- May (8)
- April (7)
- March (6)
- February (4)
- January (427)
2008
- December (1)
Categories
- PCI-DSS (2)
- Two-factor authentication (3)
Tags
- wireless-cellular-mobile-devices (7)
- Two-factor authentication (10)
- Wireless, cellular, mobile devices (6)
- NPS (1)
- Phishing and Fraud (111)
- Active Directory (1)
- pam-radius (3)
- privileged access (2)
- Cloud Security (10)
- Mutual Authentication (60)
- Web Application Authentication (1)
- Authentication Attacks (99)
- pci (50)
- Security and Economics (97)
- WiKID (133)
- pam (2)
- VPN (1)
- Installation (2)
- RADIUS Server (1)
- Open Source (64)
- Tutorial (2)
- Strong Authentication (35)
- Information Security (137)
- Transaction Authentication (13)
- Miscellaneous (100)
- Linux (2)
- transaction-authentication (6)
- Two Factor Authentication (254)