Blog Posts Tagged with "Authentication"
February 01, 2012 Added by:Danny Lieberman
Most security breaches are attacks by insiders and most attackers are trusted people that exploit software system vulnerabilities (bugs, weak passwords, default configurations etc…). Neither security awareness nor UAC are effective...
January 31, 2012 Added by:Headlines
The group's work includes a draft specification that helps create a feedback loop between legitimate email senders and receivers to make impersonation more difficult for phishers trying to send fraudulent email...
January 30, 2012 Added by:Infosec Island Admin
Systemic weaknesses and a general lack of oversight governing the process used to issue digital certificates, key to the standards used to validate legitimate websites, prompted some security experts to wonder if the system may be hopelessly ineffective...
January 30, 2012 Added by:Headlines
The FBI has observed a trend in which cyber criminals are compromising the e-mail accounts of U.S. individuals and businesses and using variations of the legitimate e-mail addresses associated with the victim accounts to request and authorize overseas transactions...
January 28, 2012 Added by:Robert Siciliano
You may be aware of the uber techie bad boy hackers of Anonymous/LulzSec/AntiSec/WikiLeaks/ScriptKiddies and the organized web mobs of the world. Did you know they have wreaked havoc to the degree that almost a billion records have been compromised?
January 24, 2012 Added by:Scot Terban
A Pastebin dump alleged to be from Anonymous has forty-nine IP addresses with SCADA systems on them. Furthermore, those systems were claimed to not have any authentication on them whatsoever. I checked the IP’s and I have to say “meh” on this little dump by the skiddies...
January 20, 2012 Added by:Headlines
The GE D20ME PLC vulnerability is exploitable by utilizing TFTP connections to the controller. The report is based on information presented by Reid Wightman during Digital Bond’s SCADA Security Scientific Symposium without coordination with the vendor or ICS-CERT...
January 12, 2012 Added by:Spencer McIntyre
Recently, WPS has been given a lot of attention due to research by Stefan Viehböck that exposed a vulnerability that allowed the PIN of WPS enabled devices to be brute-forced in an efficient manner.This is a major concern because it can ultimately expose the WPA passphrase used to join the network...
January 10, 2012 Added by:Robert Siciliano
“The guidance is an important reinforcement of several critical ideas: Fraud losses undermine faith in our financial system. Fraud tactics evolve constantly and the tools that combat them have to evolve as well. The guidance provides a perspective..."
December 20, 2011 Added by:Dan Dieterle
This is a great tool to see patterns in password security. After years of users being warned about password security, it is disheartening to see the majority of users are still using simple passwords. More alarming is the number of password dumps available from compromised websites...
December 16, 2011 Added by:Headlines
“Changes made to the document reflect changes in the state of the art. There are new techniques and tools available to government agencies, and this provides them more flexibility in choosing the best authentication methods for their individual needs, without sacrificing security..."
December 08, 2011 Added by:Nick Owen
Carriers are not incentivized to secure their users accounts. SMS is really just an email sent to a phone over a provider that barely cares about security. 99% of SMS messages don't require security so don't expect the carriers to add any soon...
December 06, 2011 Added by:Ed Moyle
These guys built a tool called "woodpecker" that snakes around inside popular Android phone platforms looking for places where the phone is configured so as to violate the Android permission enforcement model. Go read it - you'd be surprised what they've found...
November 27, 2011 Added by:Dejan Kosutic
This most important link between ISO 27001 and ISO 27002 – identical structure of ISO 27001 Annex A and ISO 27002 controls – will most likely still be included in new revisions of both standards. However, the way it is structured and the individual controls will most probably change...
November 22, 2011 Added by:Alexander Polyakov
This month ERPScan specialists published eight vulnerabilities of different criticality found in SAP products. The vulnerabilities represented almost all risks from the OWASP Top 10, from path traversal and XSS to authorization bypass and code injection...
November 21, 2011 Added by:Headlines
Are you using the password “password” or “123456″? If so congratulations, you are using one of the top two worst and easiest to guess passwords on the internet. Splashdata creates an annual list of the worst passwords to use on the net, and here are the top 10 for 2011...
Steps Toward Weaponizing the Android Platfor... Freid Jerome on 05-17-2013