Blizzard has admitted that there is an active and successful attack against their Blizzard Authenticators.
Man in the middle attacks circumventing authenticators
This makes perfect sense as:

OTP tokens such as the Authenticator are obviously susceptible to a live man-in-the-middle (MITM) attack as has been demonstrated as something well beyond “theoritical” a decade ago.  The issue isn’t with [...]

>>Permalink

FBI Investigating Web SpycamAs a federal investigation begins, a security researcher has uncovered evidence related to the case and provided a way to identify the surveillance software
via FBI Investigating Web Spycam — InformationWeek.
This is a case and investigation to keep an eye on.

>>Permalink

Social Engineering Scammers Offer Live Support — InformationWeek.
Can’t be too careful out there.

>>Permalink

Tarnovsky figured out a way to break chips that carry a “Trusted Platform Module,” or TPM, designation by essentially spying on them like a phone conversation. Such chips are billed as the industrys most secure and are estimated to be in as many as 100 million personal computers and servers, according to market research firm [...]

>>Permalink

Texas Bank Sues Customer After $800,000 Scam.
So either the bank’s supposed “two-factor” solution flat out failed (seriously arguable that an IP address is a legitimate “what you have” factor, IMHO) or they processed it anyway?  It will be interesting to see how this plays out.
Looks like another case of sacrificing security at a real world [...]

>>Permalink

From the Department of Duh, really?
Passwords remain weakest link in Web security | Service-Oriented Architecture | ZDNet.com.
Frustrating that with all the focus on SSO without security (I’m talking to you OpenID folks) and all the security technologies available to grant both security and SSO (or Reduced Sign-On for you “SSO is impossible” folks) this [...]

>>Permalink

Testing now…
AdBlock – Google Chrome extension gallery.
Bummer.  AdBlock only works with plain Chrome and not with the Chromium version I NEED for true RoboForm support.  The plain Chrome RoboForm extension requires me to use RoboForm Online and I don’t trust those folks to properly secure my authentication credentials.  Will stick with Chromium without AdBlock for [...]

>>Permalink

If this works on the iPad, it would remove one of the things preventing me from considering the iPad… and I really want to consider the iPad.  It is typically “Apple Beautiful”, but if I can’t use it as a more “single platform for everything” to replace my laptop, iPod and phone, then not jumping [...]

>>Permalink

SandHill.com | Opinion : Week in the Cloud: Jan. 8, 2010.
Lists Secure Authentication SaaS players.

>>Permalink

VistaPE: manual for a Windows Vista based PE.

>>Permalink