NIST

July 14, 2016

The Value of a Hacked Company

This post was originally published on this siteMost organizations only grow in security maturity the hard way — that is, from the intense learning that takes place in the wake of a costly data breach. That may be because so few company leaders really grasp the centrality of computer and network security to the organization’s overall goals and productivity, and fewer still have taken an honest inventory of what may be at stake in the event that these assets are compromised. If you’re unsure how much of your organization’s strategic assets may be intimately tied up with all this technology stuff, ask yourself what would […]
March 22, 2017

eBay Asks Users to Downgrade Security

This post was originally published on this siteLast week, KrebsOnSecurity received an email from eBay. The company wanted me to switch from using a hardware key fob when logging into eBay to receiving a one-time code sent via text message. I found it remarkable that eBay, which at one time was well ahead of most e-commerce companies in providing more robust online authentication options, is now essentially trying to downgrade my login experience to a less-secure option. In early 2007, PayPal (then part of the same company as eBay) began offering its hardware token for a one-time $5 fee, and […]