Viewing posts tagged Open Source
Traditional two-factor authentication is dead.
Posted by: admin 14 years, 5 months ago
At Bsides Atlanta last week, Eric Smith (@infosecmafia) and Dave Kennedy (@dave_rel1k) demonstrated a real-time attack against a Juniper SSL-VPN that by-passes the authentication method used including time-bound one-time passcodes. (Dave's post on "Traditional Penetration Testing is DEAD" on their BSidesAtlanta talk inspired my title. ;)
This type of attack against SSL and DNS has been predicted for some time, taking advantage of user's willingness to accept any SSL certificate. Kudos to Eric and Dave for showing how this type of attack combined with a strategically aimed penetration test can really wreak havoc on an enterprise.
Southeast Linux Fest review
Posted by: admin 14 years, 9 months ago
The Southeast Linux Fest was a great show. The organizers did a fantastic job. They were quite adept at hacking some fixes together to cover shortfalls such as writing up schedule signs for each room.
Analyzing the Costs of Open Source Software in the Enterprise
Posted by: admin 14 years, 10 months ago
Branden William recently did a guest post on Anton Chuvakin's blog about properly analyzing the potential costs of utilizing open source software in an enterprise. Branden states he's a big fan of open source, but wants to make sure that all the costs are included when deciding whether to go with an open source package vs a commercial package. Here's the list of costs:
Sourceforge interview
Posted by: admin 15 years, 1 month ago
The fine folks at Sourceforge have a nice blog post about us. It's nice to get some support from the open source community!
Security Justice podcast interview
Posted by: admin 15 years, 5 months ago
I was interviewed for the Security Justice podcast about WiKID, two-factor authentication, open source stuff and online banking security.
Recent Posts
- Blast-RADIUS attack
- The latest WiKID version includes an SBOM
- WiKID 6 is released!
- Log4j CVE-2021-44228
- Questions about 2FA for AD admins
Archive
2024
2022
- December (1)
2021
2019
2018
2017
2016
2015
2014
- December (2)
- November (3)
- October (3)
- September (5)
- August (4)
- July (5)
- June (5)
- May (2)
- April (2)
- March (2)
- February (3)
- January (1)
2013
2012
- December (1)
- November (1)
- October (5)
- September (1)
- August (1)
- June (2)
- May (2)
- April (1)
- March (2)
- February (3)
- January (1)
2011
2010
- December (2)
- November (3)
- October (3)
- September (4)
- August (1)
- July (1)
- June (3)
- May (3)
- April (1)
- March (1)
- February (6)
- January (3)
2009
- December (4)
- November (1)
- October (3)
- September (3)
- August (2)
- July (5)
- June (6)
- May (8)
- April (7)
- March (6)
- February (4)
- January (427)
2008
- December (1)
Categories
- PCI-DSS (2)
- Two-factor authentication (3)
Tags
- wireless-cellular-mobile-devices (7)
- Two-factor authentication (10)
- Wireless, cellular, mobile devices (6)
- NPS (1)
- Phishing and Fraud (111)
- Active Directory (1)
- pam-radius (3)
- privileged access (2)
- Cloud Security (10)
- Mutual Authentication (60)
- Web Application Authentication (1)
- Authentication Attacks (99)
- pci (50)
- Security and Economics (97)
- WiKID (133)
- pam (2)
- VPN (1)
- Installation (2)
- RADIUS Server (1)
- Open Source (64)
- Tutorial (2)
- Strong Authentication (35)
- Information Security (137)
- Transaction Authentication (13)
- Miscellaneous (100)
- Linux (2)
- transaction-authentication (6)
- Two Factor Authentication (254)