dcsimg

When can we get rid of passwords for good?

Or perhaps I should have asked, “Can we ever get rid of passwords for good?” The security world knows passwords are a problem. Products ship with default passwords that are never changed. People reuse old passwords or adopt easy-to-guess passwords that hackers easily defeat via brute force. Or users simply can’t keep up with having to remember 27 different passwords for … [Read more...]

Why Your Encryption is Only as Good as Your (Multi-Factor) Authentication

Username and password may be the de-facto means of authentication for many organizations, but they can easily be the weakest link in security controls. In this article, we’ll detail why Multi-Factor Authentication (MFA) should be paired with encryption for top-level security. … [Read more...]

Business email compromise scam costs Pathé $21.5 million

Recently released court documents show that European-based cinema chain Pathé lost a small fortune to a business email compromise (BEC) scam in March 2018. How much? An astonishing US$21.5 million (roughly 19 million euros). The attack, which ran for about a month, cost the company 10 percent of its total earnings. What is business email compromise? Business email compromise is a type of phishing … [Read more...]

Is FIDO the future instrument to prove our identity?

FIDO, short for Fast IDentity Online, is an industry consortium started in 2013 to address the lack of interoperability among strong authentication devices and the problems users face creating and remembering multiple usernames and passwords. Among the founders were those who work in the financial sector, device manufacturers, and providers of authentication solutions. What is FIDO? According to … [Read more...]

Simple Authentication and Security Layer (SASL) vulnerabilities

Simple Authentication and Security Layer (SASL) is an authentication layer used in Internet protocols. SASL is not a protocol, but rather a framework that provides developers of applications and shared libraries with mechanisms for authentication, data integrity–checking, and encryption. Within the framework and a few of its plugins, there are a couple of known vulnerabilities that we want to make … [Read more...]