Authentication

On creating an IAM governance body

Ash Motiwala, CTO, Identropy December 13, 2011

Identity and access management programs are quite tricky to scale across an organization, but implementing a governance team can go a long way to effectively using the technology to meet compliance and manage user permissions.
 

German researchers disclose Amazon cloud vulnerability

Darren Pauli, editor, SC Magazine, Australia/New Zealand October 28, 2011

Researchers have uncovered a now-fixed authentication flaw in the Amazon Web Services cloud computing platform that could permit customer account compromise.
 

Another PlayStation Network breach stings Sony customers

October 12, 2011

Sony's PlayStation Network again has been hit by hackers, but the limited damage that resulted could point to strides being made by the electronics giant.
 

FTC to examine implications of facial biometrics

September 21, 2011

The Federal Trade Commission in December plans to hold a workshop to investigate the privacy and security implications of facial recognition technology. The agency announced this week that the workshop, which is free and open to the public, seeks to bring together consumer protection groups, privacy experts, and industry and academic leaders. The meeting is expected to address such topics as whether consumers should consent to the collection and use of their images. Facial recognition products can provide an added security layer at places like airports or automate photo tagging on sites such as Facebook, but critics worry they also could be used for intrusive surveillance. As a result, offerings have emerged that can help people hide their faces from the technology.
 

Mac OS X Lion flaw allows illicit password changes

September 20, 2011

An Apple operating system flaw could allow any user to obtain stored password hash data through an openly readable directory.
 

Breaking down the updated FFIEC guidance

Sarah Fender, vice president, PhoneFactor September 15, 2011

As attackers have found a way to break traditional online banking security controls, recently issued guidelines offer some new advice for financial institutions.
 

Personnel check-up: Identity management

September 01, 2011

A sound approach to identification and authentication is an elementary building block to security policy within most any organization, but management of these disciplines face fresh challenges.
 

SCADA system safeguards

September 01, 2011

Stuxnet demonstrated that even isolated physical networks could be hacked.
 

FFIEC guidance addresses corporate account takeover

June 29, 2011

The long-awaited update to the Federal Financial Institutions Examination Council (FFIEC) guidelines around authentication has been released.
 

Moving authentication to the infrastructure

February 01, 2011

ActivIdentity 4TRESS Authentication Appliance for Banking v 7.0
 

Facebook introduces secure browsing feature

January 26, 2011

Facebook on Wednesday announced a new security feature designed to deter attackers from snooping on users who browse the social networking site via public wireless networks.
 

2011: A security manager's wish list

A. N. Ananth, CEO, Prism Microsystems January 18, 2011

This year, thanks to a renewed focus on the insider threat, the longings of the security professional may come to fruition.
 

Facebook, Twitter fail latest security assessment

November 05, 2010

A nonprofit security think tank's "report card" has failed Facebook and Twitter for neglecting to implement safeguards that are available on other popular online services.
 

HID Global to acquire ActivIdentity

October 12, 2010

HID Global, which provides identity assurance solutions, announced that its parent company, ASSA ABLOY, has has acquired Silicon Valley-based ActivIdentity, a provider of authentication and credential management with clients in commercial and government organizations. The acquisition will help Irvine, Calif.-based HID Global expand its physical and logical access control options. The deal is expected to close in December and is subject to regulatory clearances and shareholder approvals. - GM
 

Cisco releases 12 bug fixes

September 22, 2010

As part of its twice yearly cycle of advisories, Cisco on Wednesday issued six advisories covering various components of its switches and routers. The fixes include vulnerabilities in Cisco voice products, as well as denial-of-service holes in Cisco IOS and IOS XE software, which can be exploited remotely without authentication and without end-user interaction. Cisco said that an attacker could possibly leverage some of these vulnerabilities to crash its router. The company's next update is scheduled for March 23. - GM
 

Opinions mixed about White House's online identity plan

June 29, 2010

Critics of the White House's proposed national internet identity authentication plan, intended to improve online privacy and security, say the strategy may do just the opposite. Proponents, meanwhile, believe it represents a major step toward establishing online trust.
 

Symantec inks $1.28 billion deal to buy part of VeriSign

May 19, 2010

Hours after rumors began circulating about an impending mega-deal, Symantec on Thursday afternoon announced it has acquired the identity and authentication business of VeriSign for $1.28 billion.
 

Reports say Symantec may buy VeriSign security units

May 19, 2010

Symantec is closing in on a deal to acquire the remaining information security business units of VeriSign, according to reports.
 

Microsoft acknowledges Windows Live ID breach

October 05, 2009

Microsoft confirmed Monday that the credentials of thousands of Microsoft Windows Live ID accounts were posted online late last week.
 

eBay mandates developer password change

August 11, 2009

The giant web marketplace site eBay has warned developers of a security vulnerability, and is requiring that they change their credentials immediately.
 

Firefox plugs SSL bugs

August 03, 2009

Mozilla has patched two vulnerabilities relating to the way browsers interact with SSL certificates. The flaws, which potentially could permit man-in-the-middle attacks, were disclosed by two researchers, Dan Kaminsky and Moxie Marlinspike, in separate presentations at last week's Black Hat conference in Las Vegas. Marlinspike showed how a heap overflow bug could be exploited to present a specially crafted SSL certificate to the user, while Kaminsky revealed a way to obtain a certificate that would work on a victim site. Users are encouraged to download the latest version of Firefox 3.5. — DK
 

New security standards for mobile payments coming

June 18, 2009

A financial services technology group is developing standards for making secure mobile payment transactions.
 

Three charged with hijacking corporate phone systems

June 15, 2009

Three Filipino residents have been charged with hacking into the telephone systems of U.S. companies, enabling callers to run up some $55 million in charges.
 

GAO report finds security lagging at federal agencies

May 21, 2009

Federal agencies continue to be lax in their implementation of information security programs, according to a new report from the Government Accountability Office.
 

Private equity firm disputes Entrust's alternate takeover offers

May 18, 2009

The acquisition of Entrust by Thoma Bravo is expected to be finalized next month, but some holdups are keeping the deal from becoming a certainty.
 

Skimmers scam $500,000

May 11, 2009

A gang of criminals hauled in a half million dollars from ATMs at banks in New York City by attaching a hardware card reader, or skimmer, and video camera to ATMs. According to a report Monday in the N.Y. Daily News, as unsuspecting Sovereign Bank patrons withdrew money from the ATMs, the skimmer recorded their bank information and the camera filmed their PINs. The thieves then counterfeited the cards and hit other ATMs for daily withdrawal maximums. No arrests were reported as of Monday morning. — CAM
 

Private equity firm to acquire Entrust

April 13, 2009

Battling lagging sales, authentication provider Entrust has been bought out by a private equity firm.
 

Conficker detection tool released as D-Day nears

March 30, 2009

Whether the Conficker worm will disrupt internet operations on Wednesday remains guesswork, but a nonprofit research group has unveiled a tool that can enable administrators to positively identify infected nodes.
 

Passport perp punished

March 23, 2009

A former U.S. State Department administrative assistant was sentenced on Monday to one year probation and 100 hours of community service for illegally accessing the passport application files of more than 150 people, including celebrities, politicians and friends, authorities said. Dwayne Cross, 41, of Maryland admitted he accessed the documents out of curiosity. The files contained the applicant's name, birth date and telephone number, among other data. Another former worker previously was sentenced in connection with the investigation. — DK
 

Visa risk chief: Reports of PCI's death exaggerated

March 19, 2009

Criticisms of the PCI DSS will hurt the security of payment systems, Visa's chief risk officer said Thursday at the card brand's Security Summit in Washington, D.C.
 
Powered by Disqus
Popular Topics
Analyst Reports & Industry Surveys Android Anonymous Breaches & Exposures Canada Data Breaches DNS Education Finance Government Hackers Hacktivism Health Care Lawbreakers & Cybercrime Lawsuit Legislation LulzSec Malware Mobile Applications Mobile Devices Patch Management PCI Compliance SC Awards 2012 Trojans Vulnerabilities & Flaws