Viewing posts tagged Information Security
highly-highly-targeted-attacks-against
Posted by: admin 16 years ago
I've blogged in the past about targeted phishing attacks and Alex Eckelberry has analyzed a particularly nasty example.. According to the Register the scam is highly targeted:
the BBB scam is narrowly targeted and is aimed at those who are likely to have the most sensitive information to lose. No more than one executive of a company is targeted, and the email goes to great lengths to get the names of the exec and the exec's company correct.What's not clear is whether the attackers are trying to get corporate information from an executive's PC or just personal information from high-value targets. More than likely the answer is both
healthcare-consultant-shuts-down-due-to-insecure
Posted by: admin 16 years ago
From Dark reading via Slashdot.
While reports of the breaches have been issued in dribs and drabs, all of the data losses can now be attributed to a single incident, in which Verus employees left a firewall down following the transfer of data from one server to another, according to David Levin, vice president of marketing at MedSeek.MedSeek is picking up a lot of business from Verus Inc., which shut down after investors pulled the plug when affected hospitals terminated their contracts.
While reports of the breaches have been issued in dribs and drabs, all of the data losses can now be attributed to a single incident, in which Verus employees left a firewall down following the transfer of data from one server to another, according to David Levin, vice president of marketing at MedSeek.This seems hard to believe, since the reported breaches run from June 4th through today. Perhaps Versus didn't notify all their customers at the same time? But they shut down "eight to 10 weeks ago".
google-looks-to-protect-its-business-with
Posted by: admin 16 years ago
I think Google's purchase of GreenBorder is very intersting. It shows that they see the threat that malware has to the online commerce and that they intend to do something about it. What's not clear is whether this acquisition was done with the goal of protecting payment processing (Google CheckOut) or whether it is meant to shore up security around their office application suite and their new offline access system Google Gears. Perhaps, Google is smart enough to know that both need additional security and is organized in such a way to make it happen.
gonzo-bankers-predict-the-end-of-online-banking
Posted by: admin 16 years ago
First, what a great site. Clearly, these guys agree with my philosphy that if you're not having fun, the money probably isn't worth it:
We are not the folks who borrow your watch to tell you what time it is - instead, we simply peer over at your wrist when you're not looking.
We never use silly words like "paradigm" and "mission statement" - we prefer more pragmatic terms like "revolutionary mental model" and "envisioned future state."
trusted-computing-for-mobile-devices
Posted by: admin 16 years ago
There is a new specification for mobile phone security called the Mobile Security Specification. It is essentially trusted computing for cell phones.
The specification has been years in development, said Janne Uusilehto, head of Nokia product security and the chairman of the working group developing this technology. "It is a big deal. This is the first time that we have created such common security specifications for all handheld devices," Uusilehto said.More:
When these devices appear, they will make things more difficult for data thieves and mobile virus writers. Down the line, the technology could be used to build electronic wallets into mobile phones. In general terms, the specification calls on hardware vendors to store protected information in a secure area of the phones. Similar to the Trusted Platform Module used in PCs, this technology could be used to ensure that the phone's operating system, applications and data have not been tampered with.
All the usual trusted computing warnings apply here, but perhaps more so as cell carriers maintain a 'walled garden' and can limit the devices available. They are also essentially 'tri-opolies'. It seems likely that you will be able to buy a computer without TCP in the future. You might not be able to buy a cell phone without it (that works on a carrier).
Recent Posts
- Blast-RADIUS attack
- The latest WiKID version includes an SBOM
- WiKID 6 is released!
- Log4j CVE-2021-44228
- Questions about 2FA for AD admins
Archive
2024
2022
- December (1)
2021
2019
2018
2017
2016
2015
2014
- December (2)
- November (3)
- October (3)
- September (5)
- August (4)
- July (5)
- June (5)
- May (2)
- April (2)
- March (2)
- February (3)
- January (1)
2013
2012
- December (1)
- November (1)
- October (5)
- September (1)
- August (1)
- June (2)
- May (2)
- April (1)
- March (2)
- February (3)
- January (1)
2011
2010
- December (2)
- November (3)
- October (3)
- September (4)
- August (1)
- July (1)
- June (3)
- May (3)
- April (1)
- March (1)
- February (6)
- January (3)
2009
- December (4)
- November (1)
- October (3)
- September (3)
- August (2)
- July (5)
- June (6)
- May (8)
- April (7)
- March (6)
- February (4)
- January (427)
2008
- December (1)
Categories
- PCI-DSS (2)
- Two-factor authentication (3)
Tags
- wireless-cellular-mobile-devices (7)
- Two-factor authentication (10)
- Wireless, cellular, mobile devices (6)
- NPS (1)
- Phishing and Fraud (111)
- Active Directory (1)
- pam-radius (3)
- privileged access (2)
- Cloud Security (10)
- Mutual Authentication (60)
- Web Application Authentication (1)
- Authentication Attacks (99)
- pci (50)
- Security and Economics (97)
- WiKID (133)
- pam (2)
- VPN (1)
- Installation (2)
- RADIUS Server (1)
- Open Source (64)
- Tutorial (2)
- Strong Authentication (35)
- Information Security (137)
- Transaction Authentication (13)
- Miscellaneous (100)
- Linux (2)
- transaction-authentication (6)
- Two Factor Authentication (254)