Blog Posts Tagged with "Authentication"
Follow Up to the Out of Band Authentication Post
May 16, 2012 Added by:Brent Huston
Sadly, there are more than a few who are struggling to get OOBA right or done at all. As with most things, it helps to do a little research. Organizations should perform due diligence on their vendors and factor vendor risks into the equation of purchases and project planning...
Comments (0)
Treat Passwords Like Cash
May 15, 2012 Added by:Danny Lieberman
Every Web site and business application has a different algorithm and password policy. For users, who need to maintain strong passwords using 25 different policies on 25 different systems sites, it’s impossible to maintain a strong password policy without making some compromises...
Comments (0)
Growing Mistrust of India’s Biometric ID Scheme
May 14, 2012 Added by:Electronic Frontier Foundation
In India, a massive effort is underway to collect biometric identity information for each of the country’s 1.2 billion people. The incredible plan has stirred controversy in India and beyond, raising serious concerns about the security of individuals’ personal data...
Comments (0)
Twitter Hack! Five Ways to Avoid Being a Victim of Phishing
May 13, 2012 Added by:Brent Huston
Twitter is downplaying a security breach that exposed tens of thousands of user emails and passwords. The compromised Twitter accounts could have been the result of phishing attacks. Whenever you read about such breaches, it is always a good idea to change your password...
Comments (0)
Financial Organizations Struggle with Out of Band Authentication
May 09, 2012 Added by:Brent Huston
Financial organizations have been working on implementing out of band authentication (OOBA) mechanisms for specific kinds of money transfers such as ACH and wires. While this authentication method does add some security to the process, it does not come without its challenges...
Comments (1)
Understanding Trust
May 07, 2012 Added by:Kevin W. Wall
In computer security, we should strive to make all trust relationships explicit and leave nothing to chance or misinterpretation. That's one key step in defining a trust model. At its core, information security is largely about the two goals of “ensuring trust” and “managing risk”...
Comments (0)
NIST: Secure Biometric Acquisition with Web Services
May 04, 2012 Added by:Headlines
Researchers at the NIST have developed a new protocol for communicating with biometric sensors over wired and wireless networks, called WS-Biometric Devices (WS-BD), allows desktops, laptops, tablets and smartphones to access sensors that capture biometric data using web services...
Comments (0)
Online Banking vs. Mobile Banking
May 03, 2012 Added by:Robert Siciliano
Mobile banking can offer additional security by enabling text-backs, as a second form of authentication. If you use your smartphone to access your bank’s website directly, it may recognize that you are using a mobile browser and automatically offer you a dedicated application...
Comments (1)
Password Policy: Sharing Passwords
May 03, 2012 Added by:benson dana
I once worked at a place where a senior manager collected the passwords of employees. There had been resistance to giving up this policy, and the excuse was that this unit's mission was unique and that this was necessary. How often does the internal auditor hear this excuse?
Comments (0)
Duty to Authenticate Identity: Online Banking Breach Lawsuits
April 27, 2012 Added by:David Navetta
The attenuated nature of online relationships creates an opportunity for criminals to steal or spoof online identities and use them for monetary gain. The ability of one party to authenticate the identity of the other party in an online transaction is of key importance...
Comments (0)
Super Security Guy
April 26, 2012 Added by:Wayde York
While I was talking to the bank operator, I tried to login to my account and when I put in the username/password, I couldn’t get in. The bad guys had changed my login, or so I thought. Red lights were flashing and the bulk of my security expertise poured in to the rescue...
Comments (1)
Social Media Security 101
April 24, 2012 Added by:Joel Harding
EVERYTHING is compromised. Every web site, every data base, every place that touches the web – I assume this at all times. There is not one among us whose network has not been compromised. The security mantra in the past was “Risk Avoidance”. That is no longer the case...
Comments (0)
Military Evaluates SIPRNet Smart Card to Protect Networks
April 24, 2012 Added by:Headlines
"As we learned through the events of Wiki Leaks, we had a blind spot in protecting our classified networks... We have a national strategy and program to implement a Public Key Infrastructure hardware based authentication system on the classified network - hence the SIPRNet token..."
Comments (2)
Disagreement on Password Vault Software Findings
April 12, 2012 Added by:Brent Huston
Recently, some researchers have been working on comparing password vault software products and have found some issues. However, many of the vendors are quickly moving to remediate the identified issues, many of which were simply improper use of proprietary cryptography schemes...
Comments (0)
Pump Up Your P@$$w0rd$
April 04, 2012 Added by:Kevin Doel
The idea is to choose phrase that you will be able to remember and a simple algorithm for converting it to a strong password. Even the best encryption systems are not going to protect your data if you use weak passwords and a hacker gains physical access to your mobile device...
Comments (2)
Malicious Exploits: Hitting the Internet Waves with CSRF Part 2
March 28, 2012 Added by:Brent Huston
Using the HTTP specified usage for GET and POST, in which GET requests never have a permanent effect, while good practice is not sufficient to prevent CSRF. Attackers can write JavaScript or ActionScript that invisibly submits a POST from to the target domain...
Comments (0)
- Not Totally Sure What Just Happened...
- Has Anonymous Infiltrated the US Government?
- Big Opportunities in the Cloud
- Zeus Malware Targeting Facebook, Gmail and Yahoo Users
- Follow Up to the Out of Band Authentication Post
- Skype Malware Campaign Spreading Poison Ivy Trojan
- I Hope Edo is Worth the Privacy Risk
- Dutch MoD Innovation Competition 2012: CYBER Operations 2.0
- NIST Workshop: The Technical Aspects of Botnets
- Security Automation by Hand - Batch/Bash/FOR