Get up-to-the-minute news and opinions, plus access to a wide assortment of IT security resources that will keep you current and informed.

Keep me logged in Forgot your password?

Please wait...

Please wait...

 Authentication

Hospital workers access patient data with fraud in mind

April 18, 2012

Thousands of patients of Memorial Healthcare System in Hollywood, Fla. may be at risk for identity theft after two former employees improperly accessed their records.
 

Are security basics getting lost under the cover of cloud and mobile?

Sean Martin, founder, Imsmartin Consulting April 12, 2012

Be wary of vendor messaging in light of today's threats, as it may be misguided. Organizations can cope with the latest concerns by applying tried-and-true security best practices.
 

Secure access, authorization among areas still lacking at IRS

March 19, 2012

A favorite whipping boy of the Government Accountability Office, the Internal Revenue Service has yet to clean up its security act, though improvements continue, according to a new audit.
 

Opinion: The password is dead

Curtis Staker, president and CEO, Confident Technologies • March 01, 2012

The massive fallout from the breaches of Gawker, Sony and others involving weak password authentication schemes show that the current password system is dead.
 

On creating an IAM governance body

Ash Motiwala, CTO, Identropy December 13, 2011

Identity and access management programs are quite tricky to scale across an organization, but implementing a governance team can go a long way to effectively using the technology to meet compliance and manage user permissions.
 

German researchers disclose Amazon cloud vulnerability

Darren Pauli, editor, SC Magazine, Australia/New Zealand October 28, 2011

Researchers have uncovered a now-fixed authentication flaw in the Amazon Web Services cloud computing platform that could permit customer account compromise.
 

Another PlayStation Network breach stings Sony customers

October 12, 2011

Sony's PlayStation Network again has been hit by hackers, but the limited damage that resulted could point to strides being made by the electronics giant.
 

FTC to examine implications of facial biometrics

September 21, 2011

The Federal Trade Commission in December plans to hold a workshop to investigate the privacy and security implications of facial recognition technology. The agency announced this week that the workshop, which is free and open to the public, seeks to bring together consumer protection groups, privacy experts, and industry and academic leaders. The meeting is expected to address such topics as whether consumers should consent to the collection and use of their images. Facial recognition products can provide an added security layer at places like airports or automate photo tagging on sites such as Facebook, but critics worry they also could be used for intrusive surveillance. As a result, offerings have emerged that can help people hide their faces from the technology.
 

Mac OS X Lion flaw allows illicit password changes

September 20, 2011

An Apple operating system flaw could allow any user to obtain stored password hash data through an openly readable directory.
 

Breaking down the updated FFIEC guidance

Sarah Fender, vice president, PhoneFactor September 15, 2011

As attackers have found a way to break traditional online banking security controls, recently issued guidelines offer some new advice for financial institutions.
 

Personnel check-up: Identity management

September 01, 2011

A sound approach to identification and authentication is an elementary building block to security policy within most any organization, but management of these disciplines face fresh challenges.
 

SCADA system safeguards

September 01, 2011

Stuxnet demonstrated that even isolated physical networks could be hacked.
 

FFIEC guidance addresses corporate account takeover

June 29, 2011

The long-awaited update to the Federal Financial Institutions Examination Council (FFIEC) guidelines around authentication has been released.
 

Moving authentication to the infrastructure

February 01, 2011

ActivIdentity 4TRESS Authentication Appliance for Banking v 7.0
 

Facebook introduces secure browsing feature

January 26, 2011

Facebook on Wednesday announced a new security feature designed to deter attackers from snooping on users who browse the social networking site via public wireless networks.
 

2011: A security manager's wish list

A. N. Ananth, CEO, Prism Microsystems January 18, 2011

This year, thanks to a renewed focus on the insider threat, the longings of the security professional may come to fruition.
 

Facebook, Twitter fail latest security assessment

November 05, 2010

A nonprofit security think tank's "report card" has failed Facebook and Twitter for neglecting to implement safeguards that are available on other popular online services.
 

HID Global to acquire ActivIdentity

October 12, 2010

HID Global, which provides identity assurance solutions, announced that its parent company, ASSA ABLOY, has has acquired Silicon Valley-based ActivIdentity, a provider of authentication and credential management with clients in commercial and government organizations. The acquisition will help Irvine, Calif.-based HID Global expand its physical and logical access control options. The deal is expected to close in December and is subject to regulatory clearances and shareholder approvals. - GM
 

Cisco releases 12 bug fixes

September 22, 2010

As part of its twice yearly cycle of advisories, Cisco on Wednesday issued six advisories covering various components of its switches and routers. The fixes include vulnerabilities in Cisco voice products, as well as denial-of-service holes in Cisco IOS and IOS XE software, which can be exploited remotely without authentication and without end-user interaction. Cisco said that an attacker could possibly leverage some of these vulnerabilities to crash its router. The company's next update is scheduled for March 23. - GM
 

Opinions mixed about White House's online identity plan

June 29, 2010

Critics of the White House's proposed national internet identity authentication plan, intended to improve online privacy and security, say the strategy may do just the opposite. Proponents, meanwhile, believe it represents a major step toward establishing online trust.
 

Symantec inks $1.28 billion deal to buy part of VeriSign

May 19, 2010

Hours after rumors began circulating about an impending mega-deal, Symantec on Thursday afternoon announced it has acquired the identity and authentication business of VeriSign for $1.28 billion.
 

Reports say Symantec may buy VeriSign security units

May 19, 2010

Symantec is closing in on a deal to acquire the remaining information security business units of VeriSign, according to reports.
 

Microsoft acknowledges Windows Live ID breach

October 05, 2009

Microsoft confirmed Monday that the credentials of thousands of Microsoft Windows Live ID accounts were posted online late last week.
 

eBay mandates developer password change

August 11, 2009

The giant web marketplace site eBay has warned developers of a security vulnerability, and is requiring that they change their credentials immediately.
 

Firefox plugs SSL bugs

August 03, 2009

Mozilla has patched two vulnerabilities relating to the way browsers interact with SSL certificates. The flaws, which potentially could permit man-in-the-middle attacks, were disclosed by two researchers, Dan Kaminsky and Moxie Marlinspike, in separate presentations at last week's Black Hat conference in Las Vegas. Marlinspike showed how a heap overflow bug could be exploited to present a specially crafted SSL certificate to the user, while Kaminsky revealed a way to obtain a certificate that would work on a victim site. Users are encouraged to download the latest version of Firefox 3.5. — DK
 

New security standards for mobile payments coming

June 18, 2009

A financial services technology group is developing standards for making secure mobile payment transactions.
 

Three charged with hijacking corporate phone systems

June 15, 2009

Three Filipino residents have been charged with hacking into the telephone systems of U.S. companies, enabling callers to run up some $55 million in charges.
 

GAO report finds security lagging at federal agencies

May 21, 2009

Federal agencies continue to be lax in their implementation of information security programs, according to a new report from the Government Accountability Office.
 

Private equity firm disputes Entrust's alternate takeover offers

May 18, 2009

The acquisition of Entrust by Thoma Bravo is expected to be finalized next month, but some holdups are keeping the deal from becoming a certainty.
 

Skimmers scam $500,000

May 11, 2009

A gang of criminals hauled in a half million dollars from ATMs at banks in New York City by attaching a hardware card reader, or skimmer, and video camera to ATMs. According to a report Monday in the N.Y. Daily News, as unsuspecting Sovereign Bank patrons withdrew money from the ATMs, the skimmer recorded their bank information and the camera filmed their PINs. The thieves then counterfeited the cards and hit other ATMs for daily withdrawal maximums. No arrests were reported as of Monday morning. — CAM
 
Popular Topics
4G-war Account Information Advanced Persistent Threat Adware Anonymous Apple Threats Botnets Data Breach Data Breaches Data Leakage Encryption Government Hackers Hacktivism Health Care IT Security Java Malware Mobile Devices Risk Management Social Security Numbers Stolen Information Survey Trojans Vulnerabilities & Flaws