Security Corner:

Security


March 30, 2014  4:12 PM

Who supports 2FA (two-factor authentication)?



Posted by: Ken Harthun
Password, Secure Computing, Security, Security best practice, Security management, Two-factor authentication

In light of the plethora of data breaches in the news, it behooves us to use two-factor authentication (2FA) where it is available. I use it for important accounts like LastPass, eBay and PayPal. Where it is offered on other financial accounts, I use it. You should, too. But how do you know who...

March 29, 2014  9:58 PM

Turn off email preview in your email client



Posted by: Ken Harthun
Secure Computing, Security, Security best practice

In light of Microsoft Security Advisory 2953095, I am restating advice I first published in 2008. While this particular vulnerability may not be directly related to previewing email messages, it is still a viable attack vector. Here is what I originally called "Security Maxim...


March 29, 2014  9:36 PM

Oh no! Not another password post!



Posted by: Ken Harthun
Password, Secure Computing, Security, Security best practice, Security management

bad-passwords

Bookmark and Share     0 Comments     RSS Feed     Email a friend


March 26, 2014  1:55 AM

Thwart predators and social engineers with a passphrase



Posted by: Ken Harthun
Cybercrime, Password, Secure Computing, Security, Security best practice, Security management

I don't remember exactly where I saw it or heard it, but I recall a story about an incident where a child was approached by a (potential) sexual predator.  The child was told his mother wanted him home right away and -- we'll call him Mr. Friendly -- Mr. Friendly was there to pick the child up....


March 17, 2014  2:49 AM

KrebsOnSecurity hit with massive WordPress pingback attack



Posted by: Ken Harthun
DDoS, Denial of Service, Pingback XML-RPC, Security, WordPress

In a March 14, 2014 blog post, Brian Krebs revealed that his site, KrebsOnSecurity, which runs on WordPress, was hit by a DDoS attack:

On Wednesday, KrebsOnSecurity was hit with a fairly large attack...


March 15, 2014  4:21 PM

Is your site an unwitting participant in a DDoS attack?



Posted by: Ken Harthun
Denial of Service, Pingback XML-RPC, Security, Security best practice, Vulnerabilities

In a normal DDoS attack, a botnet of hundreds or thousands of computers performs a coordinated attack against a particular website. But what if you don't have access to a botnet? You trick WordPress sites into sending unwanted traffic to the site. Here's how, according to a


March 15, 2014  2:37 PM

PWN2OWN cracks Reader, IE, Flash, Firefox and Chrome, but not Java



Posted by: Ken Harthun
Microsoft, PWN2OWN, Security, Vulnerabilities

laptopthief

Bookmark and Share     0 Comments     RSS Feed     Email a friend


March 13, 2014  12:56 AM

iOS 7.1 released to patch bugs and fix the White Screen of Death



Posted by: Ken Harthun
iPad, iPhone, Security, Vulnerabilities

On Monday, Apple released iOS 7.1 for iPad and iPhone and recommended that users update as soon as possible. The update comes just a few weeks after Apple released an emergency update for iOS that fixed a critical security hole that could have allowed hackers to intercept secure communications...


February 28, 2014  10:28 PM

MasterCard uses geo-location to reduce card fraud



Posted by: Ken Harthun
Security, Two-factor authentication

This is a great idea and one that may turn out to be the simplest way to implement two-factor authentication for credit card companies. In fact, this is similar to what Only Coin plans to implement as part of its security suite. From...


February 28, 2014  10:21 PM

Two factor authentication becoming a necessity



Posted by: Ken Harthun
Secure Computing, Security, Security best practice, Security management, Two-factor authentication

With the password's fading usefulness, we have to seriously consider two-factor authentication as the minimum level of security for any site dealing with sensitive information. I have been using the PayPal "football" for years as a second factor on both PayPal and eBay. I've implemented Yubikey...


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: