Krebs – Would You Use This ATM?

I had to share this article by Mr. Krebs for a variety of reasons, not the least of which is I have seen ATM’s like this in the wild.  It happens far too often and admins and users alike ignore the pitfalls for the sake of convenience.  Beware!

NIST Recommends SMS Two-Factor Authentication Deprecation

This is an intriguing draft document by NIST concerning SMS and two-factor authentication.  This is a commonly used technique for many two-factor providers so conversion to more secure methods may take time.  This is certainly not a finalized recommendation and adoption will take time if it moves forward.

LastPass password manager “zero-day” bug hits the news

This is a very good, common sense explanation of the “zero-day” vulnerability that has been discussed in the press for the popular password manager LastPass.  I agree that caution is warranted, but I do not believe it is time to wholesale abandon the product or the use of password managers in general.  Watch for the patch and apply as soon as possible.