A white paper from German researchers concludes that, with the right planning and tools, the passcodes could be cracked in under a minute.
The business social networking site joins Twitter as recent adopters of the additional mode of account verification.
Microsoft on Thursday announced that it has acquired PhoneFactor, provider of multifactor authentication technology delivered via a mobile device.
Debate: In light of recent breaches, passwords remain a useful method for authentication.
Both companies strengthened identity verification policies for customers after a tech writer's online accounts were hacked.
Considering the endless march of breaches, it may be time to scrap the belief that adequate passwords -- or even passphrases -- can prevent hackers from breaking into corporate environments. Instead, security pros should focus their efforts on gaining visibility into their networks.
Thousands of patients of Memorial Healthcare System in Hollywood, Fla. may be at risk for identity theft after two former employees improperly accessed their records.
Be wary of vendor messaging in light of today's threats, as it may be misguided. Organizations can cope with the latest concerns by applying tried-and-true security best practices.
A favorite whipping boy of the Government Accountability Office, the Internal Revenue Service has yet to clean up its security act, though improvements continue, according to a new audit.
The massive fallout from the breaches of Gawker, Sony and others involving weak password authentication schemes show that the current password system is dead.
Identity and access management programs are quite tricky to scale across an organization, but implementing a governance team can go a long way to effectively using the technology to meet compliance and manage user permissions.
Researchers have uncovered a now-fixed authentication flaw in the Amazon Web Services cloud computing platform that could permit customer account compromise.
Sony's PlayStation Network again has been hit by hackers, but the limited damage that resulted could point to strides being made by the electronics giant.
The Federal Trade Commission in December plans to hold a workshop to investigate the privacy and security implications of facial recognition technology. The agency announced this week that the workshop, which is free and open to the public, seeks to bring together consumer protection groups, privacy experts, and industry and academic leaders. The meeting is expected to address such topics as whether consumers should consent to the collection and use of their images. Facial recognition products can provide an added security layer at places like airports or automate photo tagging on sites such as Facebook, but critics worry they also could be used for intrusive surveillance. As a result, offerings have emerged that can help people hide their faces from the technology.
An Apple operating system flaw could allow any user to obtain stored password hash data through an openly readable directory.
As attackers have found a way to break traditional online banking security controls, recently issued guidelines offer some new advice for financial institutions.
The long-awaited update to the Federal Financial Institutions Examination Council (FFIEC) guidelines around authentication has been released.
ActivIdentity 4TRESS Authentication Appliance for Banking v 7.0
Facebook on Wednesday announced a new security feature designed to deter attackers from snooping on users who browse the social networking site via public wireless networks.
This year, thanks to a renewed focus on the insider threat, the longings of the security professional may come to fruition.
A nonprofit security think tank's "report card" has failed Facebook and Twitter for neglecting to implement safeguards that are available on other popular online services.
HID Global, which provides identity assurance solutions, announced that its parent company, ASSA ABLOY, has has acquired Silicon Valley-based ActivIdentity, a provider of authentication and credential management with clients in commercial and government organizations. The acquisition will help Irvine, Calif.-based HID Global expand its physical and logical access control options. The deal is expected to close in December and is subject to regulatory clearances and shareholder approvals. - GM
As part of its twice yearly cycle of advisories, Cisco on Wednesday issued six advisories covering various components of its switches and routers. The fixes include vulnerabilities in Cisco voice products, as well as denial-of-service holes in Cisco IOS and IOS XE software, which can be exploited remotely without authentication and without end-user interaction. Cisco said that an attacker could possibly leverage some of these vulnerabilities to crash its router. The company's next update is scheduled for March 23. - GM
Critics of the White House's proposed national internet identity authentication plan, intended to improve online privacy and security, say the strategy may do just the opposite. Proponents, meanwhile, believe it represents a major step toward establishing online trust.
Hours after rumors began circulating about an impending mega-deal, Symantec on Thursday afternoon announced it has acquired the identity and authentication business of VeriSign for $1.28 billion.
Symantec is closing in on a deal to acquire the remaining information security business units of VeriSign, according to reports.
Microsoft confirmed Monday that the credentials of thousands of Microsoft Windows Live ID accounts were posted online late last week.
The giant web marketplace site eBay has warned developers of a security vulnerability, and is requiring that they change their credentials immediately.
Mozilla has patched two vulnerabilities relating to the way browsers interact with SSL certificates. The flaws, which potentially could permit man-in-the-middle attacks, were disclosed by two researchers, Dan Kaminsky and Moxie Marlinspike, in separate presentations at last week's Black Hat conference in Las Vegas. Marlinspike showed how a heap overflow bug could be exploited to present a specially crafted SSL certificate to the user, while Kaminsky revealed a way to obtain a certificate that would work on a victim site. Users are encouraged to download the latest version of Firefox 3.5. — DK
A financial services technology group is developing standards for making secure mobile payment transactions.
Sign up to our newsletters
SC Magazine Articles
- Cyber attacks to rise, but competent security talent scarce, study says
- APT group detects threat monitoring and backs away in documented first
- Researchers identify attack technique, all Windows versions at risk
- FighterPOS malware strikes over 100 terminals in Brazil, captures info for 22K cards
- Microsoft addresses 26 vulnerabilities, some critical, on Patch Tuesday
- Human error cited as leading contributor to breaches, study shows
- Data possibly exposed for more than 364K Auburn University students
- IBM will invest $3 billion in new IoT unit
- Banking industry security protocol falters in third-party vendor contracts
- Cyber attacks to rise, but competent security talent scarce, study says
- Cybersecurity bills move forward on Capitol Hill
- Flash EK leveraged in potentially widespread malvertising attack
- Study: Average organization has 4,000 instances of exposed credentials stored in the cloud
- Member of group that hacked Farmers Insurance, DirecTV, sentenced to 3 years
- HSBC mortgage customer info was publicly accessible on the internet