Viewing posts tagged Authentication Attacks
kim-cameron-on-fingerprint-readers
Posted by: admin 14 years ago
Read the post: Fingerprint charade.
lexis-nexis-breach
Posted by: admin 14 years ago
As Adam had pointed out the Lexis Nexis breach was due to " misappropriation by third parties of IDs and passwords from legitimate customers".logins-for-ftp-sites-offered-for-sale
Posted by: admin 14 years ago
According to Techworld, Finjan has discovered that logins for 8,700 FTP servers are for sale.
Using the Alexa.com domain ranking, Finjan found 10 of the top 100 domains in the database, 100 of the top 500 domains, and 50 of those between 500 and 1,000.My reaction: FTP? Really? You've got to at least hope that it's SFTP.
The hacked servers could be used to distribute crimeware by injecting iframe tags into any webpage stored on the compromised FTP servers. Indeed the server accounts were themselves being traded by a web application able to rank and price them according to their Google page rank for re-sale to other criminals.Fancy.
majority-of-lexisnexis-breaches-the-result-of
Posted by: admin 14 years ago
As pointed out by Adam at Emergent Chaos:
The company said that the 59 identified incidents -- 57 at Seisint and two in other LexisNexis units -- largely related to the misappropriation by third parties of IDs and passwords of legitimate customers and stressed that neither LexisNexis nor the Seisint technology infrastructure was breached by hackers.
So, essentially, if LexisNexis had been using strong authentication for their customers, none of this would have happened.
micro-targeted-attacks-on-the-rise
Posted by: admin 14 years ago
According to MessageLabs via ZDNet:
During March, MessageLabs intercepted 716 e-mail messages that were part of 249 targeted attacks aimed at 216 of its customers, the Gloucester, England-based provider of hosted e-mail filtering services said in a research report. Of the attacks, almost 200 consisted of a single malicious e-mail designed to infiltrate an organization, MessageLabs said.Emphasis added.
Recent Posts
- WiKID 6 is released!
- Log4j CVE-2021-44228
- Questions about 2FA for AD admins
- WiKID Android tokens had their data deleted over the weekend by Google Chrome bug
- Scalability improvements in version 5.0 of the WiKID Strong Authentication server
Archive
2022
- December (1)
2021
2019
2018
2017
2016
2015
2014
- December (2)
- November (3)
- October (3)
- September (5)
- August (4)
- July (5)
- June (5)
- May (2)
- April (2)
- March (2)
- February (3)
- January (1)
2013
2012
- December (1)
- November (1)
- October (5)
- September (1)
- August (1)
- June (2)
- May (2)
- April (1)
- March (2)
- February (3)
- January (1)
2011
2010
- December (2)
- November (3)
- October (3)
- September (4)
- August (1)
- July (1)
- June (3)
- May (3)
- April (1)
- March (1)
- February (6)
- January (3)
2009
- December (4)
- November (1)
- October (3)
- September (3)
- August (2)
- July (5)
- June (6)
- May (8)
- April (7)
- March (6)
- February (4)
- January (427)
2008
- December (1)
Categories
- PCI-DSS (2)
- Two-factor authentication (3)
Tags
- wireless-cellular-mobile-devices (7)
- Two-factor authentication (10)
- Wireless, cellular, mobile devices (6)
- NPS (1)
- Phishing and Fraud (111)
- Active Directory (1)
- pam-radius (3)
- privileged access (2)
- Cloud Security (10)
- Mutual Authentication (60)
- Web Application Authentication (1)
- Authentication Attacks (99)
- pci (50)
- Security and Economics (97)
- WiKID (133)
- pam (2)
- VPN (1)
- Installation (2)
- RADIUS Server (1)
- Open Source (64)
- Tutorial (2)
- Strong Authentication (35)
- Information Security (137)
- Transaction Authentication (13)
- Miscellaneous (100)
- Linux (2)
- transaction-authentication (6)
- Two Factor Authentication (254)