Keep Watch On Accounts For Stolen Passwords

Network Computing Dark Reading

Advertise

About Us

Threaded | Newest First | Oldest First

[close this box]

skswave,
User Rank: Apprentice
6/10/2012 | 1:36:24 AM

re: Keep Watch On Accounts For Stolen Passwords

The issue is it is time to move away from PW for most access control. the right choice is to use the TPM in your PC. Does SSL IPSEC, 802.1x, windows domain, Smart card emulation today.
You already have one in your business PC
It's industry standard
and it's very inexpensive to use 1/2 to 1/3 the cost of tokens

Only Known devices on the network is what makes it so cheap to run a carrier or a cable company compared to an enterprise thin 50 per year not 1000 per year for known devices with whitelisted software.

Reply | Post Message | Messages List | Start a Board

Eric_Brown,
User Rank: Apprentice
6/11/2012 | 12:28:21 PM

re: Keep Watch On Accounts For Stolen Passwords

I have been a
strong supporter of 2FA for some time now, and I wish these sites and ones like
them would be more security conscious, not just say they are. They need to
prove it by actions, not words. -áIt would
be great to see them, just as so many other leading companies in their
respective verticals are doing by giving us the perfect balance between security
and user experience and moving to the use of 2FA (two-factor authentication) whether
mobile or other, as a form of a token where the user is asked to telesign into
their account by entering a one-time PIN code which is delivered to your phone
via SMS or voice. I enjoyed your article. These organizations need to start
being held responsible for their actions, and only way that will happen is if
we as user voice our opinion.

Reply | Post Message | Messages List | Start a Board

Bprince,
User Rank: Ninja
6/21/2012 | 4:29:04 AM

re: Keep Watch On Accounts For Stolen Passwords

I agree that two-factor authentication bolsters security. Even that though has its flaws. For example the recent situation where the Google Apps' account recovery feature was exploited to hijack the account of the CEO of CloudFlare. That attack succeeded because -áthe attackers were able to fool AT&T into forwarding his voicemail to another account.
Brian Prince, InformationWeek/Dark Reading Comment Moderator-á

Reply | Post Message | Messages List | Start a Board

Editors' Choice

I Smell a RAT! New Cybersecurity Threats for the Crypto Industry

David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP, 7/9/2021

Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours

Robert Lemos, Contributing Writer, 7/7/2021

It's in the Game (but It Shouldn't Be)

Tal Memran, Cybersecurity Expert, CYE, 7/9/2021

Live Events

Webinars

Understanding Cyber Attackers - A Dark Reading Nov 17 Event

Black Hat Europe - December 5-8 - Learn More

Black Hat Middle East & Africa - November 15-17 - Learn More

More Informa Tech Live Events

White Papers

5 Takeaways from Major Cybersecurity Headlines

State of Encrypted Attacks

The Ultimate Buyer's Guide: SASE Security

IDC: The Critical Nature of Cloud Incident Readiness and Response

IoT and OT: Evolving Cyberthreats and Strategies for Risk Mitigation

More White Papers

Cartoon

Latest Comment: I've heard of people walking right out the front door with entire servers...

Cartoon Archive

Current Issue

How Machine Learning, AI & Deep Learning Improve Cybersecurity

Machine intelligence is influencing all aspects of cybersecurity. Organizations are implementing AI-based security to analyze event data using ML models that identify attack patterns and increase automation. Before security teams can take advantage of AI and ML tools, they need to know what is possible. This report covers: -How to assess the vendor's AI/ML claims -Defining success criteria for AI/ML implementations -Challenges when implementing AI

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

Incident Readiness and Building Response Playbook

In this special report, learn the Xs and Os of any good security incident readiness and response playbook.

Download Now!

Battle for the Endpoint

0 comments

How Enterprises are Developing Secure Applications

0 comments

Assessing Cybersecurity Risk in Today's Enterprises

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2022-41525
PUBLISHED: 2022-10-06

TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain a command injection vulnerability via the OpModeCfg function at /cgi-bin/cstecgi.cgi.

CVE-2022-41526
PUBLISHED: 2022-10-06

TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the ip parameter in the setDiagnosisCfg function.

CVE-2022-41527
PUBLISHED: 2022-10-06

TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the pppoeUser parameter in the setOpModeCfg function.

CVE-2022-41528
PUBLISHED: 2022-10-06

TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the text parameter in the setSmsCfg function.

CVE-2022-41522
PUBLISHED: 2022-10-06

TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an unauthenticated stack overflow via the "main" function.

To save this item to your list of favorite Dark Reading content so you can find it later in your Profile page, click the "Save It" button next to the item.

If you found this interesting or useful, please use the links to the services below to share it with other readers. You will need a free account with each service to share an item via that service.
Tweet This
[close this box]