Blog Posts Tagged with "Tokens"


RSA: Claims of SecurID 800 Token Crack are Whack

June 27, 2012 Added by:Headlines

"RSA has received many inquiries, press pickups, blog entries, and tweets regarding an alleged crack by researchers of the RSA SecurID 800 authenticator... an alarming claim and should rightly concern customers who have deployed the RSA SecurID 800 authenticator. The only problem is that it’s not true..."

Comments  (0)


Researchers Crack RSA SecurID Tokens, Extract Keys

June 25, 2012 Added by:Headlines

"[These products are] designed specifically to deal with the case where somebody gets physical access to it or takes control of a computer that has access to it... Here, if the malware is very smart, it can actually extract the keys out of the token.That's why it's dangerous"...

Comments  (0)


LinkedIn: Vulnerability in the Authentication Process

May 22, 2012 Added by:Plagiarist Paganini

This attack is possible due to an error in validating of the security token (CSRF token) that allows an unlimited number of requests using the same token for different users. The only mechanism against the attack is a CAPTCHA challenge-response test after dozens of attempts...

Comments  (1)


Consumers Still Prefer Convenience Over Security

August 24, 2011 Added by:Headlines

"Any change to the way a customer accesses their account is going to take a while to get used to. But this small extra step delivers such an increase in security to our internet banking users, that we are confident we have got the balance right," an HSBC official said...

Comments  (4)


How Secure is RSA’s SecurID?

June 08, 2011 Added by:Headlines

Once installed on the authentication server, most of the cryptographic protection of the seed values could be removed by anyone with sufficient time and effort, and in fact the previous secret 64-bit algorithm was revealed about 10 years ago through such reverse engineering...

Comments  (0)


RSA's SecurID Hack Leads to Lockheed Network Disruption

May 27, 2011 Added by:Headlines

"Whoever hacked the RSA network got the algorithm for the current tokens and then managed to get a key-logger installed on one or more computers used to access the intranet at this company. With those two pieces of information they were then able to get access to the internal network..."

Comments  (1)


Android Privacy Flaw Exposes 99.7% of Users

May 19, 2011 Added by:Headlines

"Today we're starting to roll out a fix which addresses a potential security flaw that could, under certain circumstances, allow a third party access to data available in calendar and contacts. This fix requires no action from users and will roll out globally over the next few days..."

Comments  (0)


Authentication: The Holy Grail of Information Security

May 02, 2011 Added by:Brent Huston

Adding something you are to something you have and something you know makes it much more difficult to spoof identity, but still doesn’t render it impossible. And imagine the inconvenience. Seems like way too much just to protect some financial data or health information, huh?

Comments  (5)


Authentication: Balancing Security, Usability and Cost

February 22, 2011 Added by:Roman Yudkin

The burden of so many complex passwords is too high, especially if the user believes the odds of their credentials being stolen are small. Advice on choosing strong passwords and never re-using them is rejected as a poor cost/benefit tradeoff. No wonder users have bad password practices...

Comments  (0)


Emerging Technologies that can Reduce PCI Scope

November 17, 2009 Added by:Sean Inman

In recent months, the PCI Security Standards Council has continued to weigh the merits of what they have deemed as “emerging technologies”. The first is end to end encryption and the other is tokenization. These two solutions have quickly become the favorites among all other emerging technologies.

Comments  (0)