Viewing posts tagged Phishing and Fraud
with-phishers-its-a-job
Posted by: admin 16 years, 5 months ago
Great article in the WSJ - I believe it's freely available at least for today - on phishers.world-of-warcraft-gets-two-factor-authentication
Posted by: admin 16 years, 5 months ago
As we noted way back in 2006 the value in gaming credentials will bring out the fraudsters.. Now Blizzard is offering tokens for WoW. Queue the "If I can get it for WoW, why not my bank" blog posts:
I agree with the sentiment but I wanted to start a conversation regarding why you won't be seeing these tokens in the mail from your bank any time soon. The reason most banks, e-commerce sites, and even corporate VPN connections aren't protected by two-factor authentication can be broken down into a few reasons:
- cost: additional cost to customer, shipping, inventory, infrastructure, licensing, staff, overhead, etc.
- complexity: dealing with lost tokens, mistyped numbers causing locked acconts, countless help desk calls, etc. If you are locked out of your WoW account you can't play a game, when you are locked out of your bank account you can't pay bills, transfer funds, check your balance, etc. Simply put, the downside risk of customer convenience is greater than the upside risk of greater levels of security.
- motive: Blizzard is providing these tokens to help secure customers accounts, but also to further secure their future revenue stream and also to combat piracy and cheating, in short, it makes business sense. Banks don't typically suffer very much if a customer account is breached as they very rarely take the hit themselves but instead either insure against the loss (either federally or privately) or simply passing the costs onto customers.
wsj-on-rfid-smashers
Posted by: admin 16 years, 5 months ago
There is a front-page article in today's WSJ about people smashing their RFID-enabled credit cards due to security concerns. Subscription required, sorry.
sec-closes-barn-door-horses-unavailable-for
Posted by: admin 16 years, 5 months ago
Security Focus has a breif on the SEC's action to suspend trading in pump & dump stocks. The full SEC press release is here. From the press release:
On Friday, Dec. 15, 2006, shares in Apparel Manufacturing Associates, Inc. (APPM) closed at $.06, with a trading volume of 3,500 shares. After a weekend spam campaign distributed emails proclaiming, "Huge news expected out on APPM, get in before the wire, We're taking it all the way to $1.00," trading volume on Monday, Dec. 18, 2006, hit 484,568 shares with the price spiking to over 19 cents a share. Two days later the price climbed to $.45. By Dec. 27, 2006, the price was back down to $.10 on trading volume of 65,350 shares.Maybe I'm missing something here, but don't you think the pump and dumpers sold their stocks before the end of the year? I mean it's not like they were waiting to get the income into the next tax year.
visa-adds-carrot-to-stick-for-pci-goulash
Posted by: admin 16 years, 5 months ago
This will be interesting to look back on in a year: Visa is creating a $20,000,000 bonus pool to incent their members to be PCI compliant. :
Visa's new Visa PCI Compliance Acceleration Program is designed to spur entities that are covered by PCI rules to comply in a speedy fashion, said Jennifer Fischer, a director with Visa USA. "This program is part of our larger strategy for protecting card holder data and to ensure that we are doing everything we can to protect it from compromise," she said.Why is it needed? Because:
Though nearly 18 months have passed since PCI rules went into full effect, only 36% of Tier 1 merchants and 15% of Tier 2 merchants are currently compliant with the requirements, according to Visa.I think this might be the more effective bit:
At the same time, acquiring banks that fail to ensure compliance by Sept. 30, 2007 will be assessed fines starting at $5,000 a month for each non-compliant merchant. The fines increase to $25,000 per month for each non-compliant merchant after Dec. 31, 2007. Until now, fines have only been assessed in cases where actual data breaches occurred.That will get them going!
Recent Posts
- Blast-RADIUS attack
- The latest WiKID version includes an SBOM
- WiKID 6 is released!
- Log4j CVE-2021-44228
- Questions about 2FA for AD admins
Archive
2024
2022
- December (1)
2021
2019
2018
2017
2016
2015
2014
- December (2)
- November (3)
- October (3)
- September (5)
- August (4)
- July (5)
- June (5)
- May (2)
- April (2)
- March (2)
- February (3)
- January (1)
2013
2012
- December (1)
- November (1)
- October (5)
- September (1)
- August (1)
- June (2)
- May (2)
- April (1)
- March (2)
- February (3)
- January (1)
2011
2010
- December (2)
- November (3)
- October (3)
- September (4)
- August (1)
- July (1)
- June (3)
- May (3)
- April (1)
- March (1)
- February (6)
- January (3)
2009
- December (4)
- November (1)
- October (3)
- September (3)
- August (2)
- July (5)
- June (6)
- May (8)
- April (7)
- March (6)
- February (4)
- January (427)
2008
- December (1)
Categories
- PCI-DSS (2)
- Two-factor authentication (3)
Tags
- wireless-cellular-mobile-devices (7)
- Two-factor authentication (10)
- Wireless, cellular, mobile devices (6)
- NPS (1)
- Phishing and Fraud (111)
- Active Directory (1)
- pam-radius (3)
- privileged access (2)
- Cloud Security (10)
- Mutual Authentication (60)
- Web Application Authentication (1)
- Authentication Attacks (99)
- pci (50)
- Security and Economics (97)
- WiKID (133)
- pam (2)
- VPN (1)
- Installation (2)
- RADIUS Server (1)
- Open Source (64)
- Tutorial (2)
- Strong Authentication (35)
- Information Security (137)
- Transaction Authentication (13)
- Miscellaneous (100)
- Linux (2)
- transaction-authentication (6)
- Two Factor Authentication (254)