Skip to main content

The WiKID Blog

Viewing posts tagged Authentication Attacks

why-the-world-needs-two-factor-authentication

Posted by: admin 16 years, 5 months ago

Here is a great article about why passwords just don't cut it. mention of WiKID's two-factor authentication system. Too bad.
They do mention SecurID by RSASecurity as "Unfortunately the most well-known two factor authentication solution. Unreasonably expensive, not well supported on non-Windows platforms and generally not very flexible."

read more / 0 comments

why-using-sms-for-authentication-is-a-bad-idea

Posted by: admin 16 years, 5 months ago

The core problem is that you are relying on the security of the carriers for the security of your system. Once you cede that control, you are at their mercy. And their idea of security might not be the same as yours. Consider this recent post at Consumerist about how easy it is to hijack a Sprint Account:

Remember, all I knew about this guy was his cellphone number, that he was in his 20's, and that he lived in DC. That's it. That's all it took to completely hijack his entire Sprint account.
There are implications beyond Sprint. Any system that uses credit bureau information is potentially susceptible. Security people knew this because, after all, credit bureaus sell this information, but the implementation makes it much, much worse:
In the comments on this post, a former Sprint rep says it's even worse than we thought. They say that every question about cars has three luxury models and one typical one. He says that "none of the above" for "which properties have you owned" was correct 99% of the time. And worst of all, you only need to answer two of the questions correctly to gain access to an account. I was shocked at the number of times I was able to access an account by simply guessing the answers," he writes. "Fortunately I am an ethical person, but if I wasn't I could've done a LOT of damage very easily."

read more / 0 comments

zone-h-attack-really-a-dns-hijacking

Posted by: admin 16 years, 5 months ago

According to the Register the recent 'defacement' of Zone-H was really a DNS hijacking. While it is not clear how the attackers took control of the domain, it points out the DNS system is not a reliable security mechanism. It is less likely that an attacker would get contorl of a major financial institution's DNS registration (or is it?), but DNS-cache poisoning is very likely.

read more / 0 comments

with-phishers-its-a-job

Posted by: admin 16 years, 5 months ago
Great article in the WSJ - I believe it's freely available at least for today - on phishers.

read more / 0 comments

one-time-passwords-and-credit-cards

Posted by: admin 16 years, 5 months ago

I am so confused about this piece of advice from Garner's Avivah Litan:

read more / 0 comments

Recent Posts

Archive

2024
2022
2021
2019
2018
2017
2016
2015
2014
2013
2012
2011
2010
2009
2008

Categories

Tags

Authors

Feeds

RSS / Atom