Blog Posts Tagged with "Authentication"
Best Ways for Businesses to Prevent Data Breaches
February 01, 2012 Added by:Danny Lieberman
Most security breaches are attacks by insiders and most attackers are trusted people that exploit software system vulnerabilities (bugs, weak passwords, default configurations etc…). Neither security awareness nor UAC are effective...
Comments (0)
DMARC Email Authentication Work Group Launched
January 31, 2012 Added by:Headlines
The group's work includes a draft specification that helps create a feedback loop between legitimate email senders and receivers to make impersonation more difficult for phishers trying to send fraudulent email...
Comments (0)
Web Authentication: A Broken Trust with No Easy Fix
January 30, 2012 Added by:Infosec Island Admin
Systemic weaknesses and a general lack of oversight governing the process used to issue digital certificates, key to the standards used to validate legitimate websites, prompted some security experts to wonder if the system may be hopelessly ineffective...
Comments (0)
Email Intrusions Facilitate Wire Transfers Overseas
January 30, 2012 Added by:Headlines
The FBI has observed a trend in which cyber criminals are compromising the e-mail accounts of U.S. individuals and businesses and using variations of the legitimate e-mail addresses associated with the victim accounts to request and authorize overseas transactions...
Comments (0)
Five Tips on How to Prevent the Next Data Breach
January 28, 2012 Added by:Robert Siciliano
You may be aware of the uber techie bad boy hackers of Anonymous/LulzSec/AntiSec/WikiLeaks/ScriptKiddies and the organized web mobs of the world. Did you know they have wreaked havoc to the degree that almost a billion records have been compromised?
Comments (0)
Cyberwar Comes to a Mall in Fresno? Not so Much...
January 24, 2012 Added by:Scot Terban
A Pastebin dump alleged to be from Anonymous has forty-nine IP addresses with SCADA systems on them. Furthermore, those systems were claimed to not have any authentication on them whatsoever. I checked the IP’s and I have to say “meh” on this little dump by the skiddies...
Comments (5)
ICS-CERT: General Electric D20ME PLC Vulnerability
January 20, 2012 Added by:Headlines
The GE D20ME PLC vulnerability is exploitable by utilizing TFTP connections to the controller. The report is based on information presented by Reid Wightman during Digital Bond’s SCADA Security Scientific Symposium without coordination with the vendor or ICS-CERT...
Comments (0)
Wireless Security Tool Update: New EAPScan Features Check for WPS
January 12, 2012 Added by:Spencer McIntyre
Recently, WPS has been given a lot of attention due to research by Stefan Viehböck that exposed a vulnerability that allowed the PIN of WPS enabled devices to be brute-forced in an efficient manner.This is a major concern because it can ultimately expose the WPA passphrase used to join the network...
Comments (0)
Five FFIEC Compliance Tips For Banks
January 10, 2012 Added by:Robert Siciliano
“The guidance is an important reinforcement of several critical ideas: Fraud losses undermine faith in our financial system. Fraud tactics evolve constantly and the tools that combat them have to evolve as well. The guidance provides a perspective..."
Comments (0)
Analyzing Passwords for Patterns and Complexity
December 20, 2011 Added by:Dan Dieterle
This is a great tool to see patterns in password security. After years of users being warned about password security, it is disheartening to see the majority of users are still using simple passwords. More alarming is the number of password dumps available from compromised websites...
Comments (0)
NIST Revision Expands Government Authentication Options
December 16, 2011 Added by:Headlines
“Changes made to the document reflect changes in the state of the art. There are new techniques and tools available to government agencies, and this provides them more flexibility in choosing the best authentication methods for their individual needs, without sacrificing security..."
Comments (0)
Fraudsters Defeat Poor Risk Management - Not Two-Factor Authentication
December 08, 2011 Added by:Nick Owen
Carriers are not incentivized to secure their users accounts. SMS is really just an email sent to a phone over a provider that barely cares about security. 99% of SMS messages don't require security so don't expect the carriers to add any soon...
Comments (0)
Android Apps Violate Permissions - But Who Cares, Right?
December 06, 2011 Added by:Ed Moyle
These guys built a tool called "woodpecker" that snakes around inside popular Android phone platforms looking for places where the phone is configured so as to violate the Android permission enforcement model. Go read it - you'd be surprised what they've found...
Comments (0)
ISO 27002 – What Will the Next Revision Bring?
November 27, 2011 Added by:Dejan Kosutic
This most important link between ISO 27001 and ISO 27002 – identical structure of ISO 27001 Annex A and ISO 27002 controls – will most likely still be included in new revisions of both standards. However, the way it is structured and the individual controls will most probably change...
Comments (0)
Mass Disclosure of Vulnerabilities in SAP
November 22, 2011 Added by:Alexander Polyakov
This month ERPScan specialists published eight vulnerabilities of different criticality found in SAP products. The vulnerabilities represented almost all risks from the OWASP Top 10, from path traversal and XSS to authorization bypass and code injection...
Comments (0)
Top Ten Most Easily Guessed Passwords
November 21, 2011 Added by:Headlines
Are you using the password “password” or “123456″? If so congratulations, you are using one of the top two worst and easiest to guess passwords on the internet. Splashdata creates an annual list of the worst passwords to use on the net, and here are the top 10 for 2011...
Comments (0)
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)
- Complimentary IT Security Resources [May 13, 2013]
- Steps Toward Weaponizing the Android Platform
- Mobile Security Processes Could Be Applied to Medical Devices: Bluebox
- The Emperor Is Naked!
- Infographic: Keeping Web Applications Safe
- Do You Have a Vendor Security Check List? You Should!