Viewing posts tagged Phishing and Fraud
schwarzenegger-vetoes-pci-esque-legislation
Posted by: admin 15 years, 7 months ago
Legislation that would have made merchants responsible for card-reissuance and other identity theft costs was vetoed by Gov. Schwarzenegger.
etrade-to-offer-zero-liability-accounts
Posted by: admin 15 years, 7 months ago
Kudos to ETrade for offering a "zero liability" account. I suspect this is an attempt to foil my prediction that brokerage accounts will be increasingly targeted by phishers. (Though, to be honest, they were getting off to a good start in Q4.)
Brokerage accounts are tempting. Most people (if they have brokerage accounts) have more in their stock accounts than in their bank account or savings. It's probably harder to determine if a payment leaving the account is fraudulent. With bank accounts, phishers target a larger number of users for smaller dollars amounts. With brokerage accounts, phishers aim for bigger dollars. From the BusinessWeek article:
incent-for-the-averages-insure-against-the
Posted by: admin 15 years, 7 months ago
One the comments on Emergent Chaos about my post Incentive plan for an information security team was from Andrew Jaquith of the Yankee Group:
dns-and-mutual-authentication
Posted by: admin 15 years, 7 months ago
Once again, Amit Klein has hacked DNS. Once again, we'll say if you are doing high-value web-based transactions, you should consider using Mutual Authentication for HTTPS.
dhs-predicts-more-brokerage-attacks
Posted by: admin 15 years, 7 months ago
The DHS is joining in on one of my earlier predictions: Brokerage accounts will be increasing targeted in the coming year. According to their post they are tempting accounts because they typically have more money in them. Further, typical anti-fraud transaction analysis doesn't really work because of the infrequency of transfers.
I'm convinced that brokerage accounts and other heavy transactions accounts will need cryptographically secure transaction authentication in addition to session and host/mutual authentication.
Recent Posts
- Blast-RADIUS attack
- The latest WiKID version includes an SBOM
- WiKID 6 is released!
- Log4j CVE-2021-44228
- Questions about 2FA for AD admins
Archive
2024
2022
- December (1)
2021
2019
2018
2017
2016
2015
2014
- December (2)
- November (3)
- October (3)
- September (5)
- August (4)
- July (5)
- June (5)
- May (2)
- April (2)
- March (2)
- February (3)
- January (1)
2013
2012
- December (1)
- November (1)
- October (5)
- September (1)
- August (1)
- June (2)
- May (2)
- April (1)
- March (2)
- February (3)
- January (1)
2011
2010
- December (2)
- November (3)
- October (3)
- September (4)
- August (1)
- July (1)
- June (3)
- May (3)
- April (1)
- March (1)
- February (6)
- January (3)
2009
- December (4)
- November (1)
- October (3)
- September (3)
- August (2)
- July (5)
- June (6)
- May (8)
- April (7)
- March (6)
- February (4)
- January (427)
2008
- December (1)
Categories
- PCI-DSS (2)
- Two-factor authentication (3)
Tags
- wireless-cellular-mobile-devices (7)
- Two-factor authentication (10)
- Wireless, cellular, mobile devices (6)
- NPS (1)
- Phishing and Fraud (111)
- Active Directory (1)
- pam-radius (3)
- privileged access (2)
- Cloud Security (10)
- Mutual Authentication (60)
- Web Application Authentication (1)
- Authentication Attacks (99)
- pci (50)
- Security and Economics (97)
- WiKID (133)
- pam (2)
- VPN (1)
- Installation (2)
- RADIUS Server (1)
- Open Source (64)
- Tutorial (2)
- Strong Authentication (35)
- Information Security (137)
- Transaction Authentication (13)
- Miscellaneous (100)
- Linux (2)
- transaction-authentication (6)
- Two Factor Authentication (254)