It’s possible to configure OpenVPN with two-factor authentication utilizing PAM and Duo Security’s phone authentication on Ubuntu 10.04 LTS.
You just need to think like a hacker… By using password concatenation with OpenVPN’s PAM plugin and Duo Security’s plugin, your password will be comma-delimited, supporting both a PAM integrated password and Duo Security’s phone authentication.
As a PCI Forensic Investigator (PFI), 403 Labs deals with chain of custody and evidence handling requirements on a regular basis. As a Wisconsin-based company, located just outside of Milwaukee, 403 Labs also happens to be host to a number of Milwaukee Brewers fans. It probably goes without saying then that the recent news involving Brewers superstar and National League MVP, Ryan Braun, has inspired some interesting discussions around the hypothetical water cooler.
Each QSA has parts of the PCI DSS that they view as particularly important. For some, it is encryption; for others, firewall rules. For me, it is Requirement 12.8, which enforces the policies for managing service providers. It is not just me who thinks that merchants need to enforce security provisions with their service providers. I now have the Federal Trade Commission as company.
Cambridge researchers have published some very interesting work on the history of four-digit PINs, as well as some evaluation of user-selected PIN choices. Their research suggests that one in every 11 to 18 user-selected PINs corresponds to the user’s birthday. The history of PIN numbers alone makes the paper worth the read.
Given that a lost or stolen wallet will usually contain not only the debit card, but some identification with a birthday on it, you may want to rethink your PIN choice.
Thanks to Schneier on Security for pointing me to the research.
While Eli Manning is prepping for his second Super Bowl appearance in five years, his brother Peyton may be prepping to join a new team. After all, it looks like Indianapolis already found a way to spend his roster bonus money.
As the Super Bowl nears game-time this weekend at Lucas Oil Stadium in Indianapolis, it is being reported that it will be the most money ever spent on security technology for the annual NFL championship game. For some of the highlights, take a look at this blog post from Public Intelligence.
Gamma-ray vehicle scanners. Night vision cameras. A $1 million mobile command center. An $18 million operations center.
Of course, when you consider that the Patriots are spending $7.4 million protecting Tom Brady, maybe the federal and local officials are getting a bargain.
While physical security technology has continually improved, thanks to deep R & D budgets (as well as the pot of gold known as Department of Homeland Security RFPs), it’s worthwhile to maintain focus on other massively important security elements: human intelligence, intuition and investigation.
Technology certainly aids our security practices, be it Security Incident & Event Management (SIEM) software or an Explosives Detection System (EDS). As a record amount of fancy gadgetry is set to be on display before football fans this weekend, it’s important to realize that technology can only do so much. As we cannot solely rely on technology, we need to continue placing great value on the human element of security.
