Archive for the ‘Online Security’ Category
Wednesday, November 19th, 2008
So my CU just started a Facebook group. Woo hoo! Now the question is how do you make your members that are on Facebook aware of this? Buy ad space? Adopt the "if you build it, they will come" mentality? The first idea that actually crossed my mind was to ...
Posted in CU Industry, Online Security, Uncategorized | 10 Comments »
Monday, September 8th, 2008
I was just reading an article in Information Week talking more about OpenID and how it has been starting to catch on and is being implemented on mainstream sites, like MySpace. As quickly as they praise it, it rapidly turns around into how many sites enable the use of their ...
Posted in Online Security | 3 Comments »
Saturday, June 2nd, 2007
In the wake of the Priority One mistake (here and here) it looks like Jax Federal Credit Union had a little mistake as well. It seems that they had a little problem with their printing vendor and the transmission of statements on their site wasn't encrypted. Google managed to index ...
Posted in In the news, Online Security | 2 Comments »
Monday, May 28th, 2007
In my previous post, I commented on the proposed ".Bank" TLD. Since then, F-Secure has defended their proposal in their blog, addressing many of the key issues I commented about.
Here is what they had to say about users still being fooled the new addresses:
The main point of such a new ...
Posted in CU Technology, Online Banking, Online Security | 2 Comments »
Sunday, May 20th, 2007
Just wanted to say welcome to Credit Union InfoSec. They're the latest CU industry blog about information security.
Posted in Blogging, Online Security | No Comments »
Wednesday, April 18th, 2007
Phishing sucks. There's very little we can do to prevent it and once it happens it can take days before the situation can be resolved.
Everyone's heard the phrase, "the best defense is a good offense". So could we go on the offensive against phishers? And ...
Posted in CU Industry, CU Technology, Online Security, Web | 2 Comments »
Thursday, April 12th, 2007
Christopher Soghoian at Slight Paranoia has a great example of how MFA isn't the end-all-be-all some wanted it to be.
In his article, A Deceit-Augmented Man In The Middle Attack Against Bank of America's SiteKey ® Service , he demostrates how a phisher can bypass elements of image-based ...
Posted in Online Security, Web | 3 Comments »
Wednesday, February 7th, 2007
Site-authentication images are a simple anti-phishing concept for online banking. Each customer has a secret image (like a dog or wooden chair), which assures them that the web site they are logging on to is their legitimate online banking site. Since phishing sites generally consist of a fake login page ...
Posted in Online Security, Web | 1 Comment »
