Archive for October, 2007

Passwords Aren’t Secure; Two-Factor Auth on a Credit Card

A pair of companies called Innovative Card Technologies and eMue Technologies have put out a press release for a one-time-password token embedded in a credit card. Essentially, they embed a smart chip and an LCD display inside a bank card. When you need the password to your account (such as to log into online banking), […]

authentication, hardware, passwords, products

The Inevitability of False Positives

I was reading an article about web scanner coverage and false positives by Larry Suto that RSnake linked to on ha.ckers. Though this is only tangentially related to the actual paper, it reminded me of something interesting — the inevitability of false positives when detecting something rare. When measuring the error of a detection process, […]

risk, statistics, terrorism

Password Cracking Moves to the GPU

A company called Elcomsoft has just put out a press release promoting the newest version of their Distributed Password Recovery tool, which is now capable of making use of the GPU (graphics processing unit) on modern 3D video cards for breaking password hashes. Password hashes have been weak for quite a while now — as […]

authentication, hardware, passwords, products

SCADA Hacking Renders Vital Infrastructure Vulnerable

Forbes.com recently had an article called “America’s Hackable Backbone” regarding the recent surge in SCADA hacking. SCADA, Supervisory Control And Data Acquisition, is a truly ancient protocol, in use for over 20 years, which was not remotely designed with security in mind. At the time, SCADA was used only on dedicated networks that lacked any […]

hardware, risk, SOA/XML, terrorism

Coupon Hacker Beats Bad Trusted Client Security

A man named John Stottlemire has found himself in some legal trouble for developing a piece of software that bypasses the coupon-protection DRM used by Coupons.com. Essentially, to keep users from printing dozens of copies of one of their free online coupons, Coupons.com forces you to install some client-side software which assigns a unique ID […]

dmca, legal, trusted client