Blog Posts Tagged with "Smart Cards"
How EMV Impacts International Travel
August 25, 2012 Added by:Robert Siciliano
If you have plans to travel internationally this summer, you may have problems using your U.S. magnetic stripe card abroad, as many other countries, particularly in Europe, have made the EMV card the new standard. The Smartcard Alliance explains...
Comments (0)
NIST Releases Federal ID Security Standard Draft for Comment
July 12, 2012 Added by:Headlines
The document is the next step toward updating Federal Information Processing Standard (FIPS) 201. Among its requirements are that all PIV cards contain an integrated circuit chip, a personal identification number and protected biometric data—a printed photograph and two electronically stored fingerprints...
Comments (0)
Does Two-Factor Authentication Need Fixing?
July 03, 2012 Added by:Nick Owen
Assuming that the anti-malware companies cannot keep malware off PCs, what can be done? Well, actually stronger authentication can be applied at certain points in the online banking process to reduce exposure. When people think of two-factor authentication, they typically mean session authentication...
Comments (1)
Researchers Crack RSA SecurID Tokens, Extract Keys
June 25, 2012 Added by:Headlines
"[These products are] designed specifically to deal with the case where somebody gets physical access to it or takes control of a computer that has access to it... Here, if the malware is very smart, it can actually extract the keys out of the token.That's why it's dangerous"...
Comments (0)
Military Evaluates SIPRNet Smart Card to Protect Networks
April 24, 2012 Added by:Headlines
"As we learned through the events of Wiki Leaks, we had a blind spot in protecting our classified networks... We have a national strategy and program to implement a Public Key Infrastructure hardware based authentication system on the classified network - hence the SIPRNet token..."
Comments (2)
The Benefits of Multifactor Authentication
August 02, 2011 Added by:Robert Siciliano
Specifically the FFIEC states: “Since virtually every authentication technique can be compromised, financial institutions should not rely solely on any single control for authorizing high risk transactions, but rather institute a system of layered security, as described herein...."
Comments (0)
SecurID: No Need for the Seed!
May 30, 2011 Added by:Pascal Longpre
An attacker who has installed the target's VPN client and configuration patiently waits for the user to authenticate. When the user begins to enter its 6 digit SecurID password, the Trojan captures the characters entered and immediately sends them through SSL to the attacker's machine...
Comments (1)
Improved DoD Data Security Measures Slated for 2013
March 11, 2011 Added by:Headlines
At issue is how best to control access to sensitive data in an effort to prevent further breaches while also maintaining post-9/11 efforts to increase information sharing between multiple government agencies responsible for defending the nation...
Comments (0)
Britain Scrapping National Identification Card
February 02, 2011 Added by:Robert Siciliano
In the US, the government has attempted to standardize the identification process once and for all with the REAL ID Act, which will likely be squashed under Homeland Security Secretary Janet Napolitano, who has proposed a repeal of the act...
Comments (0)
Smart Card Authentication Cracked by Hackers
January 29, 2011 Added by:Headlines
When the smart card is inserted into a compromised PC, the hackers use the opportunity to attempt to access the server. When the system requests a digital token, the attackers redirect the request to the compromised PC, which provides the token and password stolen with the keylogger...
Comments (0)
Securing Java Apps with Smart Cards and Single-Sign-On
December 08, 2010 Added by:Daniel Doubrovkine
The advantages of this method are clear. There aren’t any usernames or passwords exchanged and the modern versions of the security protocols are not vulnerable to brute-force or man-in-the-middle attacks. The enterprise can roll out stronger authentication without changing the applications...
Comments (0)
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)
- Complimentary IT Security Resources [May 13, 2013]
- Steps Toward Weaponizing the Android Platform
- Mobile Security Processes Could Be Applied to Medical Devices: Bluebox
- The Emperor Is Naked!
- Infographic: Keeping Web Applications Safe
- Do You Have a Vendor Security Check List? You Should!