Viewing posts tagged Miscellaneous
Hackers For Charity Challenge
Posted by: admin 8 years, 11 months ago
This morning I saw a tweet from Johnny Long about them being in hole $2,700 due to unexpected baggage fees. As long time admirers we decided it was time to do something. So, we gave $100 and committed to giving $100 per evaluation certificate created between now and Thanksgiving. No one wants to go into Thanksgiving in the hole.
Accidental Rugged Devops
Posted by: admin 12 years, 7 months ago
This week at Secureworld Expo Atlanta, I had the pleasure of hearing Gene Kim talk about Rugged DevOps. When I first ran into Gene, he was with someone I worked with previously at another start-up. That sent me down memory lane.
Product improvements, prospect relations and Bsides
Posted by: admin 14 years, 1 month ago
These past few weeks, we released 3 minor updates to our PC software token client. These were all in response to a single prospect that is rolling out WiKID using the Web Start version of the WiKID PC Software token. (The Web Start version or JNLP is an easy way to distribute the software token especially if you don't have a software management system that can push software out to corporate laptops.)
Based on feedback from this prospect, we now do a better job of specifying the location of the private key storage on Windows and Linux, we allow for a single, dedicated domain to be specified in advance for ease-of-use, and you can specify a custom jw.properties file for the Web Start software token. Taken together, these changes have created an easy-to-use, highly customize-able, cost-effective solution for two-factor authentication.
More importantly, they show how vendors and prospects working together can create better solutions. WiKID and $prospect benefit, but so do future prospects. Competitors respond, improving their product, forcing us to improve in a virtuous circle. I've been concerned for a long time that the prospect-vendor relationship is strained at best, mostly broken, slowing down this process. I'm sure that most of us have given fake emails or hotmail accounts to vendors. It is also noticeable at industry conferences where vendors play a form of laser tag with the prospects as the targets.
I'm not sure how to re-build a level of trust between these two parties. I think events like SecurityBsides which a sponsored by vendors, run by volunteers and lack vendor booths or excessive sales pushiness are a good start. BSides is still clearly feeling its way. The volunteers are mostly from vendors and I don't really see a way around that. The sponsors seem to understand that it's a community engagement platform and not a lead-gen opportunity. (WiKID has sponsored the first Bsides in Las Vegas and one in San Francisco during RSA and we are co-organizing/Sponsoring the BSidesAtlanta.)
We got a long way to go though. The attack mentality of many companies is stiffling feedback and hurting product development. I believe this especially affects small companies, such as WiKID, which are taking on existing, entrenched competitors. Our best asset is our ability to convert feedback into product improvements quickly. Without feedback, we're potentially wasting our resources. That's why we love tough prospects that tell us what they need and why we support BSides.
A tale of two headlines
Posted by: admin 15 years, 8 months ago
Today's InfoWorld Security newsletter contained two headlines:
How to compensate employees to align incentives with shareholders
Posted by: admin 15 years, 8 months ago
There's been lots of discussions about bonuses recently, Merrill Lynch, AIG, on and on. So many, I won't bother linking. These bonuses are typical of what is known as an agency problem. The executives are agents for the shareholders, but their incentives are not aligned. You can imagine that the executives of a company that is about to be sold or taken over by the government are even more incented toaward legally binding bonuses before any transaction which might result in their termination. I have a simple proposal to fix this (in the future):
Recent Posts
- Blast-RADIUS attack
- The latest WiKID version includes an SBOM
- WiKID 6 is released!
- Log4j CVE-2021-44228
- Questions about 2FA for AD admins
Archive
2024
2022
- December (1)
2021
2019
2018
2017
2016
2015
2014
- December (2)
- November (3)
- October (3)
- September (5)
- August (4)
- July (5)
- June (5)
- May (2)
- April (2)
- March (2)
- February (3)
- January (1)
2013
2012
- December (1)
- November (1)
- October (5)
- September (1)
- August (1)
- June (2)
- May (2)
- April (1)
- March (2)
- February (3)
- January (1)
2011
2010
- December (2)
- November (3)
- October (3)
- September (4)
- August (1)
- July (1)
- June (3)
- May (3)
- April (1)
- March (1)
- February (6)
- January (3)
2009
- December (4)
- November (1)
- October (3)
- September (3)
- August (2)
- July (5)
- June (6)
- May (8)
- April (7)
- March (6)
- February (4)
- January (427)
2008
- December (1)
Categories
- PCI-DSS (2)
- Two-factor authentication (3)
Tags
- wireless-cellular-mobile-devices (7)
- Two-factor authentication (10)
- Wireless, cellular, mobile devices (6)
- NPS (1)
- Phishing and Fraud (111)
- Active Directory (1)
- pam-radius (3)
- privileged access (2)
- Cloud Security (10)
- Mutual Authentication (60)
- Web Application Authentication (1)
- Authentication Attacks (99)
- pci (50)
- Security and Economics (97)
- WiKID (133)
- pam (2)
- VPN (1)
- Installation (2)
- RADIUS Server (1)
- Open Source (64)
- Tutorial (2)
- Strong Authentication (35)
- Information Security (137)
- Transaction Authentication (13)
- Miscellaneous (100)
- Linux (2)
- transaction-authentication (6)
- Two Factor Authentication (254)