-
Learn More
Cybersecurity basics: passwords, MFA, phishing & software updates
Blog Post from Sectigo
Blog Post Oct 04, 2024Despite years of awareness, basic cybersecurity practices like strong passwords, MFA, and phishing alerts are still essential in our fast-paced world.
-
Listen Now
EPISODE 421
Broadcast Date:
September 16, 20248 minutes
Podcast Sep 16, 2024Root Causes 421: FIDO 2 Implementation Problems
White hat researchers have raised concerns about FIDO 2 (AKA WebAuthn). We explain.
-
Listen Now
EPISODE 382
Broadcast Date:
April 29, 202412 minutes
Podcast Apr 29, 2024Root Causes 382: Mobile Phone Malware Steals Faces for Access
New malware photographs users' faces to defeat authentication mechanisms. Biometrics are not "secrets."
-
Listen Now
EPISODE 335
Broadcast Date:
September 29, 202310 minutes
Podcast Sep 29, 2023Root Causes 335: When MFA Is Not MFA
A social engineering attack to steal a one-time password (OTP) to enable unauthorized access is further exploited by a cloud backup feature.
-
Listen Now
EPISODE 249
Broadcast Date:
October 21, 202210 minutes
Podcast Oct 21, 2022Root Causes 249: What Is MFA Exhaustion?
Recent high profile attacks that were enabled by defeating MFA. We explain the concept of MFA fatigue and why it is an enabler for these attacks.
-
Listen Now
EPISODE 245
Broadcast Date:
September 29, 202210 minutes
Podcast Sep 29, 2022Root Causes 245: One Time Passcode as a Liability
A recent article from Brian Krebs advances the idea that using OTP MFA may actually be a liability to security. We explain that reasoning.
-
Listen Now
EPISODE 220
Broadcast Date:
May 2, 202214 minutes
Podcast May 02, 2022Root Causes 220: The Difference Between OTP and Passwordless
In this episode we clarify the difference between OTP services and passwordless authentication.
-
Listen Now
EPISODE 214
Broadcast Date:
April 5, 202211 minutes
Podcast Apr 05, 2022Root Causes 214: New DUO MFA Flaw Explained
A recent FBI warning cautions organizations about exploits based on misconfigured DUO MFA. We explain this exploit and why it is noteworthy.
-
Listen Now
EPISODE 164
Broadcast Date:
May 20, 202111 minutes
Podcast May 20, 2021Root Causes 164: Examining MFA Through out-of-Band Phone Calling
We explore out-of-band phone calling as a MFA method, including, what attacks it defends against successfully, and what attacks can circumvent it.
-
Listen Now
EPISODE 147
Broadcast Date:
February 5, 202112 minutes
Podcast Feb 05, 2021Root Causes 147: Google Titan Secure Key Attack
A new attack allows cloning of the Google Titan secure key. we describe this attack and its implications for Titan and other secure keys.
-
Listen Now
EPISODE 137
Broadcast Date:
December 21, 202031 minutes
Podcast Dec 21, 2020Root Causes 137: SolarWinds Supply Chain Attack and Digital Identity
The SolarWinds supply chain attack i includes unusual manipulations of digital identity and certificates. We explore these aspects of the attack.
-
Listen Now
EPISODE 132
Broadcast Date:
December 4, 202017 minutes
Podcast Dec 04, 2020Root Causes 132: Examining MFA Through Soft Tokens
In our ongoing examination of MFA, we examine authentication through soft-token OTP (one-time passcode) and compare it to SMS tokens and hard tokens.