January 2012

The firm’s annual Banking Identity Safety Scorecard looked at the consumer-security practices of 25 large banks and credit unions. It found that far too many still rely on customers’ Social Security numbers for authentication purposes — for instance, to verify a customer’s identity when he or she wants to speak to a bank representative over…

Read More Shocking News of the Day: Social Security Numbers Suck

RT @RegoftheDay Happy new year! 40,000 new laws take effect starting today. http://t.co/EOVyRya9 # RT @StevenLevy Always suspected those xray "backscatter" machines will kill more of us than terrorists will. Now this. http://t.co/ag2lFWWc # New podcast with @dgwbirch: http://t.co/HKeKOVyW # New short blog: "The irony overfloweth" http://t.co/6VsrF9JO # Wow. The Wikipedia article on Infosec certifications…

Read More Twitter Weekly Updates for 2012-01-08

The security of modern password expiration: an algorithmic framework and empirical analysis, by Yingian Zhang, Fabian Monrose and Michael Reiter. (ACM DOI link) This paper presents the first large-scale study of the success of password expiration in meeting its intended purpose, namely revoking access to an account by an attacker who has captured the account’s…

Read More Paper: The Security of Password Expiration

@RobArnold tweeted: “Someone thinks targeted Facebook ads are an effective way to ask for Firefox features. Any other Mozillians see this?” The irony of using a targeted ad, on Facebook, to ask for more privacy protection…

Read More The Irony Overfloweth