|
| Just how effective is Token Authentication |
 Posted by SecExtra on April 16th, 2008
Password security is often seen as something of an oxy moron. We regularly hear of how easy they can be to crack and it’s now common for sites to ‘rank’ how secure your chosen password is. But the password is still a highly effective means of authentication. Even a lower case-only, five character password takes 65,780 guesses to guarantee finding the correct moniker. A strong password of eight characters including letters, numbers and other characters (!”£$% etc) may take upwards of 6 trillion combinations. Eager to replace your humble password are the new kids on the block: biometric, token and smartcard technologies. These technologies have been around for a while, and have all fallen foul of early-development security weaknesses and vulnerabilities. They are maturing, but they are still no substitute for a good username and password. Determined attackers, careless users, and under-informed IT staff still present a very real threat to these authentication systems.
If you're new here, you may like our tasty RSS feed. Thanks for visiting! |
|
| The next generation of secure email delivery |
Posted by SecExtra on April 01st, 2008
Email has evolved into one of the most important methods of communication in the business world today, enabling organisations to share information and interact with customers, employees, clients and partners. However, the growth of email traffic has been matched by an increasing security threat, and email has become a serious potential weak spot in corporate IT systems. As a number of high-profile cases in recent months have demonstrated, the exposure of an organisation’s most sensitive information can result in financial loss, legal ramifications, and brand damage. Securing email communication, therefore, has to be a priority for any IT department especially as email, no matter how well protected, is more easily hacked than well-secured web sites. Traditionally, the only way organisations have been able to guarantee that the content of their emails are not intercepted during transition between email servers has been to encrypt the contents using public key infrastructure (PKI). This uses a key to encrypt or "lock" a message, so that only the complementary private key can be used to "unlock" it.
|
|
| PBX systems being hit by buffer overflows |
Posted by SecExtra on March 21st, 2008
You may soon find your computerised telephone switchboard (PBX) hit by a new wave of security flaws. This comes following a report by Fortify Software.
The news follows on from reports from the MU Security Research Team about security flaws in the Asterix range of IP-PBX software applications, which a growing number of companies are using to computerise their switchboards and take advantage of low cost Internet telephony calls.
“Recent reports suggest that as many as 50 per cent of major companies are using Internet telephony services as a way of cutting their telecommunications costs, …
|
|
| Security Web 2.0: Open Season for the Attackers? |
Posted by SecExtra on March 12th, 2008
Sandy Hawke, Director of Product Marketing Blue Coat Systems (www.bluecoat.com) discusses the challenges in balancing user expectations and corporate security.
The Web is quickly becoming a participatory medium–users contributing, communing, and building. The downside of this ubiquitous user participation is a new slew of security threats many IT professionals have yet to fully grasp.
For a number of years, the Web was a relatively one-dimensional experience characterised by the delivery of static HTML pages within a one-way client-server environment –with little direct user involvement. The security threats were and are real. But …
|
|
| The Biometric bandwagon and getting hitched to it |
Posted by SecExtra on March 11th, 2008
Biometric technology offers the potential of a plethora of benefits to businesses and individuals alike – safer sales transactions, no need for a wallet full of plastic cards and easily forgettable passwords, even the eradication of identity theft. But there is a huge potential for businesses to run themselves into technology ‘blind alleys’ and future-proofing these systems will pose many challenges for the industry, says Stuart Thorn, Chief Executive of Electrone Europe.
Today there’s a range of questions that anyone considering a biometric system must give serious thought to consider. Health and safety, …
|
|
|
|
-->
