maging not having to remember long complicated passwords anymore. Mastercard is challenging the password concept by introducing authenticating people using “selfies” aka taking pictures of your face to be used for facial recognition. Authentication can be something you know (password, etc.), something you have (special token, etc.) and something you are (finger print, face recognition, etc) so its interesting to see a commercialized use of something you are since most people are using to passwords. The original post from the telegraph.co.uk can be found HERE.
Mastercard has started rolling out a new technology that could allow customers to make purchases online by taking a selfie rather than entering a password. Continue reading →
NSS Labs just released their latest Threat Capabilities Report found HERE. Its a short yet interesting report covering widely used applications that were exploited after September of 2014. They list the top applications, operating systems and countries hosting command and control call homes. This one is free to download. Below is a summary from the report.
The people at 27001 Academy created a interesting infographic on Data Breaches seen in 2014. The original posting can be found HERE. This post will cover statics found during their research and the infographic.
Here are some stats:
2014 has seen an increase of over 27.5% in data breaches in the U.S.
Cisco released Anyconnect 4.0 this past November (more on the announcement HERE). Here is a really good video summarizing Anyconnect HERE.
Anyconnect is Cisco’s flagship VPN solution providing users access to internal sources from anywhere, on any device regardless of physical location. Anyconnect has many bells and whistles such as “always on” meaning auto-connecting when off network yet turning off when on a trusted network, throttling apps that eat up bandwidth, checking the posture of devices prior to permitting connectivity (anti virus, system updates, etc), security for selective apps and many more. Cisco’s old VPN client IPsec is end of life (more HERE) so hopefully those using IPsec have migrated. Continue reading →
The Computer Science department at Florida State University is offering free computer security class lectures. You can find the entire CIS4930 and CIS5930 courses online HERE. These are the Spring 2014 classes so the content is pretty current. There are 26 lessons ranging from lock picking to launching attacks with Metasploit. Videos include lecture slides to download. Continue reading →
Cisco announced yesterday that they intend to acquire Neohapsis. Neohapsis is a security, risk and compliance company, which is a very interesting move by Cisco. Many people not only want data from security reports, but also desire how that data will impact their business. This means how changes or risk can impact compliance to mandatory regulations as well as how much impact could a vulnerability have to a system. Neohapsis is a services based company so this seems to be a security services play yet could also trickle in Cisco products.It would be really cool to see more compliancy based reporting in future Cisco products as an outcome of this acquisition.
The Internet Security Research Group (ISRT) along with Mozilla Corporation, Cisco Systems, Akamai Tech, Electronic Frontier Foundation and IdenTrust will be offering a new free certificate authority service this up coming 2015 summer (learn more HERE). The concept is the Internet is a dangerous place and enabling protection is a hassle for many businesses. The reason behind this is enabling basic server certificates can be painful involving multiple steps and a cost. Lets Encrypt is offering the following principles to simplify the process. Continue reading →
The people at Information Is Beautiful created a very interesting visual representation of the worlds biggest data breaches found HERE. The criterial to make this list is being a company that experienced losses greater than 30,000 records during a data breach. Each bubble represents a company and can be clicked to bring up data about the breached as well as a link to the original report covering the incident. The next examples show clicking the recent Home Depot breach to pull up the quick info and detailed article. There is a filter on the right used to tune into what you want to view. Pretty cool little tool. Continue reading →