Mitigating Credential-Stealing Malware with Two-Factor Authentication
Learn how you can mitigate credential-stealing malware and protect yourself from all kinds of information security threats.
Password Palpitations — The Ongoing Threat of LM Hashing
How do we protect sensitive information from prying eyes on our computers and networks? The simple answer is to deploy controls to monitor and restrict the transfer or viewing of sensitive data on those shared resources.
Why 2 Factor Authentication Hinges on the User Experience
With Twitter’s recent move to “push” and public-key cryptography, we and many others were glad to see them move away from SMS-only 2 factor authentication. Not only did they add better security, but they are also providing their users with a much more appealing experience.
Beyond the Vulnerabilities of the Application Specific Password: Exploiting Google Chrome’s OAuth2 Tokens
Earlier this year, we wrote about how any Google Application Specific Password (ASP) could be used to bypass 2-Step Verification. Although Google issued a fix to prevent account compromise, your ASPs can still be used to do almost anything else with your Google account.
Penetration Testing and Two Factor Authentication
> In the world of security assessments, penetration testing often stands out as "the service I need to have done" when businesses are desiring to seek out a third-party evaluation of their security posture. However, there can be a large gap between the reality of penetration testing versus what a company actually needs to have done.
Spear Phishing: How Attackers Use Email to Steal Privileged Information, Install Malware & Make Your Life Miserable
Just like real fishing, criminals engaged in phishing dangle tempting bait in front of users in the hope that they can lure them into revealing their login credentials. If you have an email account, you’ve received at least one real looking email, seemingly from a financial institution like a bank or Paypal, asking you to provide your user name, password, or social security number.
7 Ways Cybercriminals Steal or Defeat Login Credentials
To understand how to protect your data and accounts, it's helpful to know common ways in which your passwords and credentials could be stolen and used against you.
How We Bypassed Google’s Two-Step Verification
Learn how attackers bypass Google's 2-step verification, reset users' master passwords & gain full account control by capturing users' app-specific passwords.
CSOs: Are You Prepared for the Next Security Breach?
While it’s easy to understand how such major organizations might be specifically targeted, today, every organization on the Internet is as much a target of chance, as a target of choice.
Top 7 Reasons Companies Don’t Use Two-Factor Authentication
In the spirit of year-end reviewing and wrapping up, we've been conferring with the ghosts of security trends past, present, and future. One of the most notable trends we've seen is that 2012 was the year in which two-factor authentication really broke out of the security community. Learn more