Threat Level: green Handler on Duty: Brad Duncan

SANS ISC Internet Storm Center

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Latest Diaries

ISC Two Factor Authentication Update

Published: 2015-10-09
Last Updated: 2015-10-09 20:51:24 UTC
by Johannes Ullrich (Version: 1)
2 comment(s)

For quite a while now, we provide the option to use a time-based one-time password as a second factor to authenticate to your ISC account. The implementation we picked was RFC 6238 as it is also implemented by Google's popular "Authenticator" app. But so far, we haven't had a good solution for the "lost authenticator" problem. It required an administrator to manually reset the particular account.

To help with password and authenticator resets in the future, we are now also supporting SMS and Voice Call based authentication. To enable this feature, you will need to provide one or more phone numbers that can be used to authenticate you. If you lost your authenticator app (e.g. if you get a new phone), or if you need to reset your password, this number is used to authenticate you.

This *should* work with phone numbers globally, not just US numbers. But of course, we can only test a couple of countries. Please let us know if you run into any problems.

At this point, I don't think it makes sense to make two-factor authentication mandatory for our site. Many users do not have any personal information stored with us. But I think it does make sense to provide the option and allow users to decide if they feel it is necessary or not.

To configure your phone number, see (you will have to log in first of course)

Johannes B. Ullrich, Ph.D.

2 comment(s)
ISC StormCast for Friday, October 9th 2015

Adobe Acrobat and Reader Pre-Announcement

Published: 2015-10-09
Last Updated: 2015-10-09 00:39:57 UTC
by Guy Bruneau (Version: 1)
3 comment(s)

Adobe is going to release eight security updates for Adobe Acrobat and Reader for Windows and Macintosh next Tuesday, October 13, 2015. A list of the updates is available here.


Guy Bruneau IPSS Inc.
Twitter: GuyBruneau
gbruneau at isc dot sans dot edu

3 comment(s)

If you have more information or corrections regarding our diary, please share.

Recent Diaries

Malicious spam with Word document
2 days ago by Brad Duncan (5 comments)

Do Extortionists Get Paid?
2 days ago by Johannes (0 comments)

Cyber Security Awareness Month... Through Proverbs
4 days ago by Xme (3 comments)

Cyber Security Awareness Month: Protecting Your Network From "Dave"
4 days ago by Johannes (1 comment)

View All Diaries →

Latest Discussions

Google, Hola VPN, and "Unusual traffic from your computer network"
created 1 day ago by Anonymous (0 replies)

Software to scan Cisco Network Devices
created 1 week ago by Anonymous (2 replies)

Good network security platform?
created 1 week ago by Anonymous (2 replies)

Cybersecurity Canon: a list of must-read books
created 2 weeks ago by Xme (1 reply)

Scammer Emails and Instant Domain Whois record Disappearance
created 3 weeks ago by Anonymous (1 reply)

View All Forums →

Latest News

View All News →

Top Diaries

Malicious spam with Word document
2 days ago by Brad Duncan (5 comments)

Adobe Acrobat and Reader Pre-Announcement
1 day ago by Guy (2 comments)

Detecting XCodeGhost Activity
2 weeks ago by Xme (2 comments)

A day in the life of a pentester, or is my job is too sexy for me?
3 weeks ago by Adrien de Beaupre (3 comments)

Malicious spam with zip attachments containing .js files
3 weeks ago by Brad Duncan (10 comments)