Viewing posts tagged Phishing and Fraud
Sector
Posted by: admin 15 years ago
I will be speaking at the Sector security conference in Toronto this week. The title of my presentation is "Moving Toward a More Secure Online Banking Experience". It is indeed mostly about authentication for online banking (session, host/mutual/, transaction authentication), but also about the structure of the industry.
Couple Allowed to Sue Bank for Failing to Implement Two-factor Authentication
Posted by: admin 15 years, 1 month ago
A judge has ruled that a couple can sue Citizens Financial Bank after they lost $26.500 to an online attacker:
The lessons from Guy Kawaski's twitter attack
Posted by: admin 15 years, 3 months ago
The lessons are sadly the same. Static passwords are weak and DNS is weak. The answer is two-factor authentication and either mutual https authentication or better DNS. Since DNS is unlikely to be fixed any time soon...
Another nail for SMS authentication
Posted by: admin 15 years, 5 months ago
Now that European banks are using SMS messaging for authentication, criminals are paying top dollar for used Nokia phones that can be reprogrammed due to a bug to work with any phone number. We've discussed why SMS authentication is a bad idea before. Here's more evidence.
incent-for-the-averages-insure-against-the
Posted by: admin 15 years, 8 months ago
One the comments on Emergent Chaos about my post Incentive plan for an information security team was from Andrew Jaquith of the Yankee Group:
Recent Posts
- Blast-RADIUS attack
- The latest WiKID version includes an SBOM
- WiKID 6 is released!
- Log4j CVE-2021-44228
- Questions about 2FA for AD admins
Archive
2024
2022
- December (1)
2021
2019
2018
2017
2016
2015
2014
- December (2)
- November (3)
- October (3)
- September (5)
- August (4)
- July (5)
- June (5)
- May (2)
- April (2)
- March (2)
- February (3)
- January (1)
2013
2012
- December (1)
- November (1)
- October (5)
- September (1)
- August (1)
- June (2)
- May (2)
- April (1)
- March (2)
- February (3)
- January (1)
2011
2010
- December (2)
- November (3)
- October (3)
- September (4)
- August (1)
- July (1)
- June (3)
- May (3)
- April (1)
- March (1)
- February (6)
- January (3)
2009
- December (4)
- November (1)
- October (3)
- September (3)
- August (2)
- July (5)
- June (6)
- May (8)
- April (7)
- March (6)
- February (4)
- January (427)
2008
- December (1)
Categories
- PCI-DSS (2)
- Two-factor authentication (3)
Tags
- wireless-cellular-mobile-devices (7)
- Two-factor authentication (10)
- Wireless, cellular, mobile devices (6)
- NPS (1)
- Phishing and Fraud (111)
- Active Directory (1)
- pam-radius (3)
- privileged access (2)
- Cloud Security (10)
- Mutual Authentication (60)
- Web Application Authentication (1)
- Authentication Attacks (99)
- pci (50)
- Security and Economics (97)
- WiKID (133)
- pam (2)
- VPN (1)
- Installation (2)
- RADIUS Server (1)
- Open Source (64)
- Tutorial (2)
- Strong Authentication (35)
- Information Security (137)
- Transaction Authentication (13)
- Miscellaneous (100)
- Linux (2)
- transaction-authentication (6)
- Two Factor Authentication (254)