Items Tagged with "Authentication"
ICS-CERT: Advantech Webaccess Multiple Vulnerabilities
February 17, 2012 Added by:Headlines
ICS-CERT received reports of eighteen vulnerabilities in BroadWin WebAccess. These vulnerabilities include Cross-site scripting (XSS), SQL injection, Cross-site report forgery (CSRF)and Authentication issues. Public exploits are known to target these vulnerabilities...
Comments (0)
Smart Meter Security Testing
February 16, 2012 Added by:Spencer McIntyre
While reviewing the communication used by a couple of smart meters, it was found that the user did not have to properly authenticate himself to read certain pieces of data and that some data could be written to the device without the use of a proper C12.18 Security Request...
Comments (0)
ICS-CERT: Koyo Ecom100 Brute Force Cracking Tool
February 15, 2012 Added by:Headlines
A brute force password cracking tool has been released that targets the weak authentication vulnerability in the Koyo ECOM100 Ethernet Module. This tool may greatly reduce the time and skill level required to attack a vulnerable system...
Comments (0)
Subordinate Digital Certificates Pits Trustwave vs Mozilla
February 14, 2012 Added by:Pierluigi Paganini
Trustwave declared that the issuing of subordinate root certificates to private companies was done to allow inspection of the SSL encrypted traffic that passes through their networks. Trustwave decided to stop issuing these in the future, and revoked the existing ones...
Comments (0)
Security Flaw in eBanking Affects Over 100 Million Users
February 14, 2012 Added by:Alan Woodward
CAPTCHAs. You've all had to use them at some point - those funny, distorted versions of a piece of text that only a human can decipher. I was shocked to learn that CAPTCHAs were being used in eBanking and could successfully be attacked nearly 100% of the time....
Comments (1)
Twitter Finally Enables HTTPS as a Default Setting
February 14, 2012 Added by:Headlines
Among other security benefits, the HTTPS feature will prevent users from having their login credentials stolen by attackers who may attempt to harvest passwords when users access their accounts over unencrypted Wi-Fi networks...
Comments (0)
FBI Bitten by Operational Security
February 14, 2012 Added by:Fergal Glynn
Employees forward confidential calendar events and messages to personal calendars and personal email accounts. This may make their jobs easier but it can put their companies at risk. A recent security incident involving the FBI can teach us something about corporate security...
Comments (0)
NIST Seeks Proposals to Improve Trust in Cyberspace
February 10, 2012 Added by:Headlines
The National Institute of Standards and Technology (NIST) launched a competition for pilot projects to accelerate progress toward improved systems for interoperable, trusted online credentials that go beyond simple user IDs and passwords...
Comments (0)
How to Encrypt Your Email with PGP
February 06, 2012 Added by:Robert Siciliano
Pretty Good Privacy (PGP) “is a data encryption and decryption computer program that provides cryptographic privacy and authentication for data communication. PGP is often used for signing, encrypting and decrypting texts, E-mails, files, directories and whole disk partitions..."
Comments (0)
ICS-CERT: Brute Force and SSH Scanning Attacks
February 06, 2012 Added by:Headlines
ICS-CERT is aware that systems that provide SSH command line access are common targets for “brute force” attacks. As recently as this week, ICS-CERT received a report from an electric utility experiencing unsuccessful brute force activity against their networks...
Comments (0)
VeriSign Hacked - But Why?
February 03, 2012 Added by:Pierluigi Paganini
The impairment of these mechanisms could lead to the redirection of traffic to bogus sites with serious consequences - and not just that - the compromise of the Digital Certificate model itself raises the risk for the interception of emails and confidential documents...
Comments (0)
On Forgotten Passwords and Security
February 03, 2012
What do you do when a user forgets their password? There are a number of different approaches that can be taken. The challenge when allowing a user to self-service is that you could potentially open up a number of avenues for attack...
Comments (0)
OTA Endorses Domain-Based Message Authentication (DMARC)
February 02, 2012 Added by:Headlines
"Since 2004, OTA has been on the forefront of advancing best practices to restore trust in email and to protect consumers from harm. We are excited about the promise of DMARC and how it builds on these efforts enhancing brand, business and consumer protection..."
Comments (0)
Best Ways for Businesses to Prevent Data Breaches
February 01, 2012 Added by:Danny Lieberman
Most security breaches are attacks by insiders and most attackers are trusted people that exploit software system vulnerabilities (bugs, weak passwords, default configurations etc…). Neither security awareness nor UAC are effective...
Comments (0)
DMARC Email Authentication Work Group Launched
January 31, 2012 Added by:Headlines
The group's work includes a draft specification that helps create a feedback loop between legitimate email senders and receivers to make impersonation more difficult for phishers trying to send fraudulent email...
Comments (0)
Web Authentication: A Broken Trust with No Easy Fix
January 30, 2012 Added by:Infosec Island Admin
Systemic weaknesses and a general lack of oversight governing the process used to issue digital certificates, key to the standards used to validate legitimate websites, prompted some security experts to wonder if the system may be hopelessly ineffective...
Comments (0)
Your Own Private Island
December 24, 2011Coming Soon! Build your own Island right here!
Make your home Infosec Island with your own private vanity URL, design options and private network of followers.
Infosec Island v2
December 24, 2011The latest version of Infosec Island is now available. There are more content options and more ways to connect and interact with your peers.
Thanks to everyone for a great year, and we're looking forward to an excellent 2012!