information security

Blogs, other content management sites targeted by password thieves

August 07, 2013CSO — Brute force attacks to pry login credentials from content management sites like blogs have been growing as more data robbers use a short-term gain for a bigger pay-off later on.

Such sites are attractive targets because they tend to be less secure than other environments -- such as financial services -- and since they're interactive by design, "drive-by" malware planted on them can infect a lot of users quickly, said David Britton, vice president of industry solutions at 41st Parameter.

U.S.

Are non-payment NFC applications secure?

Non-payment NFC applications are not one-size-fits-all where the same level of security is required or needed. For example, you don’t need the same level of security for a coupon as you would an identity application. Application developers know this, too, and incorporate the appropriate amount of security depending on the application. Applications that use sensitive data such as you identity information will always be stored in the secure element, where it cannot be tampered with or stolen.

See also,

U.S.

Are NFC mobile payments secure?

NFC mobile payments are very secure. NFC-enabled mobile devices, which are readily available today, have a chip inside of them called a “secure element.” The payment application and your payment account information is stored in this special chip, making it invulnerable to attack. The method through which your mobile device relays information wirelessly is also very secure. The communication between a mobile phone and point-of-sale terminal use a globally recognized standard called ISO 14443 – this is the same standard used today for EMV and U.S. contactless payment cards.

U.S.

How can I increase my security when logging in to Facebook?

An advanced Facebook security option, “login approvals,” uses one-time password (OTP) codes to verifying your identity when logging in to your account. If you turn this feature on in your Security Settings page (> Account Settings > Security), you'll be asked to enter a special OTP login code each time you try to access your Facebook account from a new computer or mobile phone. This can help prevent a hacker from hijacking your account.

U.S.

How does Facebook use OTPs for security?

Facebook is a good example of how to use mobile devices to enhance online security. If you have associated your mobile phone with your account, you can text 32665 with the message “otp” and Facebook will text back a one-time special code you can use to login to your account. You can also use the Facebook mobile app “Code Generator” to create OTP codes.

U.S.

How can I prevent identity theft?

Here are some great ideas to help prevent identity theft.

1. Educate yourself about how identity theft happens. Remember you are the most important part of your identity and personal information security.

2. Protect your personal information. Shred financial documents and paperwork with personal information; don’t just throw them in the trash.

3. Don’t make your wallet a one-stop-stealing opportunity. Don’t keep social security numbers, birthdays and other personal information in your wallet.

U.S.

How do I use a smart card to protect me online?

You lock your house. You lock your car. You should lock your online identity too, and not just with something as easily compromised as a password. Smart cards are a very effective way to protect you online with what security experts call two-factor authentication. To use it, insert your smart card in a reader and enter a PIN code to prove it is you. The card then uses very secure digital certificates and cryptographic methods to verify you are at the correct website and prove it is you.

U.S.

How do I get a personal digital security device to protect my online identity?

Personal digital security devices must be obtained from your online service provider or their partner. If you want one, look for options in the security section of their support pages. One example is Amazon Web Services, who partners with Gemalto to offer one-time password (OTP) tokens to help protect information stored in the cloud. Another example is Bank of America, who offers PassCard, an OTP card used to protect online bank logins. Google, PayPal and many other Internet security leaders also offer similar options.

See also,

U.S.

Pages

Subscribe to information security