Viewing posts tagged Authentication Attacks
FISMA report states two-factor authentication could have stopped 52% of incidents
Posted by: admin 8 years, 11 months ago
Read the article in NextGov.
J.P. Morgan caused by lack of two-factor authentication on one server
Posted by: admin 9 years, 3 months ago
This story is interesting because it shows that two-factor authentication would have (most likely) worked to prevent this devastating attack. However, it also shows how hard it is for large organizations to actually implement security controls, especially given the use of third parties and growing through acquisitions.
Update Bash if you are running OpenVPN
Posted by: admin 9 years, 6 months ago
You can see the details about the attack. All of the OpenVPN tutorials we have done use "auth-user-pass-verify" on the client side to get the client to prompt for a username and password. The exploit can be delivered as part of the username. And it is before authentication.
Busting the Biometric Myth - once and for all
Posted by: admin 10 years, 7 months ago
Everyone repeat after me: Biometrics are terrible authenticators.
Way too many people, even security and identity people see biometrics as "magic security dust" for two-factor authentication. It is way past time that we, the security community bust this myth. It is important because, unlike spending on firewalls which is insufficient but necessary, biometric infrastructure will need to be ripped out and thrown away. Any VC that is considering investing in a biometric company is wasting money that could be invested in a company that might make a difference.
SSH key management a potential risk
Posted by: admin 10 years, 10 months ago
We've long said that while we love SSH, SSH key management is a weak point, especially if you need to meet compliance requirements such as PCI. Now Charles Kolodgy of IDC is saying the same thing:
Recent Posts
- The latest WiKID version includes an SBOM
- WiKID 6 is released!
- Log4j CVE-2021-44228
- Questions about 2FA for AD admins
- WiKID Android tokens had their data deleted over the weekend by Google Chrome bug
Archive
2024
- January (1)
2022
- December (1)
2021
2019
2018
2017
2016
2015
2014
- December (2)
- November (3)
- October (3)
- September (5)
- August (4)
- July (5)
- June (5)
- May (2)
- April (2)
- March (2)
- February (3)
- January (1)
2013
2012
- December (1)
- November (1)
- October (5)
- September (1)
- August (1)
- June (2)
- May (2)
- April (1)
- March (2)
- February (3)
- January (1)
2011
2010
- December (2)
- November (3)
- October (3)
- September (4)
- August (1)
- July (1)
- June (3)
- May (3)
- April (1)
- March (1)
- February (6)
- January (3)
2009
- December (4)
- November (1)
- October (3)
- September (3)
- August (2)
- July (5)
- June (6)
- May (8)
- April (7)
- March (6)
- February (4)
- January (427)
2008
- December (1)
Categories
- PCI-DSS (2)
- Two-factor authentication (3)
Tags
- wireless-cellular-mobile-devices (7)
- Two-factor authentication (10)
- Wireless, cellular, mobile devices (6)
- NPS (1)
- Phishing and Fraud (111)
- Active Directory (1)
- pam-radius (3)
- privileged access (2)
- Cloud Security (10)
- Mutual Authentication (60)
- Web Application Authentication (1)
- Authentication Attacks (99)
- pci (50)
- Security and Economics (97)
- WiKID (133)
- pam (2)
- VPN (1)
- Installation (2)
- RADIUS Server (1)
- Open Source (64)
- Tutorial (2)
- Strong Authentication (35)
- Information Security (137)
- Transaction Authentication (13)
- Miscellaneous (100)
- Linux (2)
- transaction-authentication (6)
- Two Factor Authentication (254)