Viewing posts tagged Authentication Attacks
Securing Google Apps for Your Domain
Posted by: admin 14 years, 9 months ago
I think there are two markets for Google Apps for your domain. One is in education where you want to get the management of student accounts off your shoulders. The other is real companies that like the web, use the web and want to cloud-source their infrastructure. Twitter is clearly one of the latter and they recently realized the risks they were taking in doing so.
A cautionary tale
Posted by: admin 14 years, 9 months ago
Recently, A Small Orange, a web-hosting company was attacked and their server taken down. I hadn't heard of them, despite the fact that they are based in Atlanta. Here are the details of the attack: http://forums.asmallorange.com/index.php?showtopic=12908.
The lessons from Guy Kawaski's twitter attack
Posted by: admin 14 years, 10 months ago
The lessons are sadly the same. Static passwords are weak and DNS is weak. The answer is two-factor authentication and either mutual https authentication or better DNS. Since DNS is unlikely to be fixed any time soon...
The ultimate target may not be you
Posted by: admin 14 years, 11 months ago
Small-to-medium sized businesses often assume that they are not important enough to attract attackers. Yet, here's an example of corporate espionage where the attacker stole username and passwords for webmail accounts at a small marketing firm doing work for a large electronics manufacturer:
Torpig data shows that even SSL logins are vulnerable
Posted by: admin 14 years, 11 months ago
Recent Posts
- The latest WiKID version includes an SBOM
- WiKID 6 is released!
- Log4j CVE-2021-44228
- Questions about 2FA for AD admins
- WiKID Android tokens had their data deleted over the weekend by Google Chrome bug
Archive
2024
- January (1)
2022
- December (1)
2021
2019
2018
2017
2016
2015
2014
- December (2)
- November (3)
- October (3)
- September (5)
- August (4)
- July (5)
- June (5)
- May (2)
- April (2)
- March (2)
- February (3)
- January (1)
2013
2012
- December (1)
- November (1)
- October (5)
- September (1)
- August (1)
- June (2)
- May (2)
- April (1)
- March (2)
- February (3)
- January (1)
2011
2010
- December (2)
- November (3)
- October (3)
- September (4)
- August (1)
- July (1)
- June (3)
- May (3)
- April (1)
- March (1)
- February (6)
- January (3)
2009
- December (4)
- November (1)
- October (3)
- September (3)
- August (2)
- July (5)
- June (6)
- May (8)
- April (7)
- March (6)
- February (4)
- January (427)
2008
- December (1)
Categories
- PCI-DSS (2)
- Two-factor authentication (3)
Tags
- wireless-cellular-mobile-devices (7)
- Two-factor authentication (10)
- Wireless, cellular, mobile devices (6)
- NPS (1)
- Phishing and Fraud (111)
- Active Directory (1)
- pam-radius (3)
- privileged access (2)
- Cloud Security (10)
- Mutual Authentication (60)
- Web Application Authentication (1)
- Authentication Attacks (99)
- pci (50)
- Security and Economics (97)
- WiKID (133)
- pam (2)
- VPN (1)
- Installation (2)
- RADIUS Server (1)
- Open Source (64)
- Tutorial (2)
- Strong Authentication (35)
- Information Security (137)
- Transaction Authentication (13)
- Miscellaneous (100)
- Linux (2)
- transaction-authentication (6)
- Two Factor Authentication (254)