Defense in Depth: It’s for Programmers, Too!
“But, we took care of that before, didn’t we?” asked a participant in a web application security course I taught recently. It was a good, logical question. We were discussing “SQL injection” a process where an attacker enters database commands into a website field – in, say a forum or comment section – that could […]
Vishing: Another Way to go Phishing
If you thought there was only one kind of phishing attack, you’d be wrong. There are a handful of types and “vishing” is becoming increasingly common. To understand vishing, a definition of phishing itself is in order. Phishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords, and credit card details (and […]
When Two-factor Authentication Goes Wrong
I am a strong advocate of two-factor authentication, but when it goes wrong, you can lose access to critical systems. I have written about the benefits of two-factor authentication (2FA) here and I discuss it every time I teach Learning Tree’s System and Network Security Introduction. A recent account lockout hasn’t diminished my support for […]
No More Signatures! Am I Still Safe?
If you have used a credit card in North America in the last month, you may have noticed that you were not asked for a signature. That may have come as a surprise. It turns out to be a good thing! In a March 2018 Infographic, Visa says that that the dollar amount of counterfeit […]
How Password Spraying Could be an Attack Vector Into Your Organization
There are two common ways the bad guys might try to break into a building: spend lots of effort on one door or window, or try each door and window to see if one is easier to enter than the others. The same is true for attackers trying to compromise systems and networks (and penetration […]