information security

Blogs, other content management sites targeted by password thieves

August 07, 2013CSO — Brute force attacks to pry login credentials from content management sites like blogs have been growing as more data robbers use a short-term gain for a bigger pay-off later on.

Such sites are attractive targets because they tend to be less secure than other environments -- such as financial services -- and since they're interactive by design, "drive-by" malware planted on them can infect a lot of users quickly, said David Britton, vice president of industry solutions at 41st Parameter.


Are non-payment NFC applications secure?

Non-payment NFC applications are not one-size-fits-all where the same level of security is required or needed. For example, you don’t need the same level of security for a coupon as you would an identity application. Application developers know this, too, and incorporate the appropriate amount of security depending on the application. Applications that use sensitive data such as you identity information will always be stored in the secure element, where it cannot be tampered with or stolen.

See also,


Are NFC mobile payments secure?

NFC mobile payments are very secure. NFC-enabled mobile devices, which are readily available today, have a chip inside of them called a “secure element.” The payment application and your payment account information is stored in this special chip, making it invulnerable to attack. The method through which your mobile device relays information wirelessly is also very secure. The communication between a mobile phone and point-of-sale terminal use a globally recognized standard called ISO 14443 – this is the same standard used today for EMV and U.S. contactless payment cards.


What is a secure element?

A secure element, sometimes called an SE, is a special chip inside of a NFC-enabled device. It is a temper-resistant platform that can securely host applications and their confidential data. When a NFC application requires very high levels of security – such as a payment applications – it is housed inside of the secure element, and you can trust that your information will not be stolen or attacked.


How does Gmail use OTPs for security?

Gmail offers its 425 million plus active users worldwide the ability to strengthen the security of their accounts through “2-step verification” with one-time passwords (OTPs). According to Gmail, “It’s an extra step, but it’s one that significantly improves the security of your Google Account because it requires the powerful combination of both something you know—your username and password—and something that only you should have—your phone.”


How can I increase my security when logging in to Facebook?

An advanced Facebook security option, “login approvals,” uses one-time password (OTP) codes to verifying your identity when logging in to your account. If you turn this feature on in your Security Settings page (> Account Settings > Security), you'll be asked to enter a special OTP login code each time you try to access your Facebook account from a new computer or mobile phone. This can help prevent a hacker from hijacking your account.


How does Facebook use OTPs for security?

Facebook is a good example of how to use mobile devices to enhance online security. If you have associated your mobile phone with your account, you can text 32665 with the message “otp” and Facebook will text back a one-time special code you can use to login to your account. You can also use the Facebook mobile app “Code Generator” to create OTP codes.


How can I prevent identity theft?

Here are some great ideas to help prevent identity theft.

1. Educate yourself about how identity theft happens. Remember you are the most important part of your identity and personal information security.

2. Protect your personal information. Shred financial documents and paperwork with personal information; don’t just throw them in the trash.

3. Don’t make your wallet a one-stop-stealing opportunity. Don’t keep social security numbers, birthdays and other personal information in your wallet.



Subscribe to information security