-
Listen Now
EPISODE 335
Broadcast Date:
September 29, 202310 minutes
Podcast Sep 29, 2023Root Causes 335: When MFA Is Not MFA
A social engineering attack to steal a one-time password (OTP) to enable unauthorized access is further exploited by a cloud backup feature.
-
Listen Now
EPISODE 249
Broadcast Date:
October 21, 202210 minutes
Podcast Oct 21, 2022Root Causes 249: What Is MFA Exhaustion?
Recent high profile attacks that were enabled by defeating MFA. We explain the concept of MFA fatigue and why it is an enabler for these attacks.
-
Listen Now
EPISODE 245
Broadcast Date:
September 29, 202210 minutes
Podcast Sep 29, 2022Root Causes 245: One Time Passcode as a Liability
A recent article from Brian Krebs advances the idea that using OTP MFA may actually be a liability to security. We explain that reasoning.
-
Listen Now
EPISODE 220
Broadcast Date:
May 2, 202214 minutes
Podcast May 02, 2022Root Causes 220: The Difference Between OTP and Passwordless
In this episode we clarify the difference between OTP services and passwordless authentication.
-
Listen Now
EPISODE 214
Broadcast Date:
April 5, 202211 minutes
Podcast Apr 05, 2022Root Causes 214: New DUO MFA Flaw Explained
A recent FBI warning cautions organizations about exploits based on misconfigured DUO MFA. We explain this exploit and why it is noteworthy.
-
Listen Now
EPISODE 164
Broadcast Date:
May 20, 202111 minutes
Podcast May 20, 2021Root Causes 164: Examining MFA Through out-of-Band Phone Calling
We explore out-of-band phone calling as a MFA method, including, what attacks it defends against successfully, and what attacks can circumvent it.
-
Listen Now
EPISODE 147
Broadcast Date:
February 5, 202112 minutes
Podcast Feb 05, 2021Root Causes 147: Google Titan Secure Key Attack
A new attack allows cloning of the Google Titan secure key. we describe this attack and its implications for Titan and other secure keys.
-
Listen Now
EPISODE 137
Broadcast Date:
December 21, 202031 minutes
Podcast Dec 21, 2020Root Causes 137: SolarWinds Supply Chain Attack and Digital Identity
The SolarWinds supply chain attack i includes unusual manipulations of digital identity and certificates. We explore these aspects of the attack.
-
Listen Now
EPISODE 132
Broadcast Date:
December 4, 202017 minutes
Podcast Dec 04, 2020Root Causes 132: Examining MFA Through Soft Tokens
In our ongoing examination of MFA, we examine authentication through soft-token OTP (one-time passcode) and compare it to SMS tokens and hard tokens.
-
Listen Now
EPISODE 129
Broadcast Date:
November 19, 202015 minutes
Podcast Nov 19, 2020Root Causes 129: Examining MFA Through Hard Tokens
Hard tokens are an old multi-factor authentication (MFA) form factor, still in use today. We examine the strengths and weaknesses of hard tokens.
-
Listen Now
EPISODE 124
Broadcast Date:
October 5, 202010 minutes
Podcast Oct 05, 2020Root Causes 124: Biometric MFA
We explore biometric MFA, including strengths and weaknesses and the idea that biometrics are more about proof of possession than identity authentication.
-
Download Now
Revisiting PKI to Support a Zero-Trust Security Strategy Whitepaper
A Whitepaper from Sectigo
Whitepaper Aug 03, 2020This white paper by Enterprise Security Group examines how PKI fits into and enables your zero-trust strategy.
