Authentication

iOS device default hotspot passwords easy to crack

iOS device default hotspot passwords easy to crack

By

A white paper from German researchers concludes that, with the right planning and tools, the passcodes could be cracked in under a minute.

LinkedIn rolls out two-factor authentication

By

The business social networking site joins Twitter as recent adopters of the additional mode of account verification.

Microsoft buys authentication maker PhoneFactor

By

Microsoft on Thursday announced that it has acquired PhoneFactor, provider of multifactor authentication technology delivered via a mobile device.

Debate: In light of recent breaches, passwords remain a useful

Debate: In light of recent breaches, passwords remain a useful method for authentication.

Apple, Amazon respond to reporter's hacking nightmare

By

Both companies strengthened identity verification policies for customers after a tech writer's online accounts were hacked.

Password security can improve, but the hackers will still get in

Password security can improve, but the hackers will still get in

Considering the endless march of breaches, it may be time to scrap the belief that adequate passwords -- or even passphrases -- can prevent hackers from breaking into corporate environments. Instead, security pros should focus their efforts on gaining visibility into their networks.

Hospital workers access patient data with fraud in mind

By

Thousands of patients of Memorial Healthcare System in Hollywood, Fla. may be at risk for identity theft after two former employees improperly accessed their records.

Are security basics getting lost under the cover of cloud and mobile?

Are security basics getting lost under the cover of cloud and mobile?

Be wary of vendor messaging in light of today's threats, as it may be misguided. Organizations can cope with the latest concerns by applying tried-and-true security best practices.

Secure access, authorization among areas still lacking at IRS

By

A favorite whipping boy of the Government Accountability Office, the Internal Revenue Service has yet to clean up its security act, though improvements continue, according to a new audit.

Opinion: The password is dead

Opinion: The password is dead

The massive fallout from the breaches of Gawker, Sony and others involving weak password authentication schemes show that the current password system is dead.

On creating an IAM governance body

On creating an IAM governance body

Identity and access management programs are quite tricky to scale across an organization, but implementing a governance team can go a long way to effectively using the technology to meet compliance and manage user permissions.

German researchers disclose Amazon cloud vulnerability

Researchers have uncovered a now-fixed authentication flaw in the Amazon Web Services cloud computing platform that could permit customer account compromise.

Another PlayStation Network breach stings Sony customers

By

Sony's PlayStation Network again has been hit by hackers, but the limited damage that resulted could point to strides being made by the electronics giant.

FTC to examine implications of facial biometrics

By

The Federal Trade Commission in December plans to hold a workshop to investigate the privacy and security implications of facial recognition technology. The agency announced this week that the workshop, which is free and open to the public, seeks to bring together consumer protection groups, privacy experts, and industry and academic leaders. The meeting is expected to address such topics as whether consumers should consent to the collection and use of their images. Facial recognition products can provide an added security layer at places like airports or automate photo tagging on sites such as Facebook, but critics worry they also could be used for intrusive surveillance. As a result, offerings have emerged that can help people hide their faces from the technology.

Mac OS X Lion flaw allows illicit password changes

By

An Apple operating system flaw could allow any user to obtain stored password hash data through an openly readable directory.

Breaking down the updated FFIEC guidance

Breaking down the updated FFIEC guidance

As attackers have found a way to break traditional online banking security controls, recently issued guidelines offer some new advice for financial institutions.

Personnel check-up: Identity management

Personnel check-up: Identity management

By

A sound approach to identification and authentication is an elementary building block to security policy within most any organization, but management of these disciplines face fresh challenges.

SCADA system safeguards

SCADA system safeguards

Stuxnet demonstrated that even isolated physical networks could be hacked.

FFIEC guidance addresses corporate account takeover

By

The long-awaited update to the Federal Financial Institutions Examination Council (FFIEC) guidelines around authentication has been released.

Moving authentication to the infrastructure

Moving authentication to the infrastructure

By

ActivIdentity 4TRESS Authentication Appliance for Banking v 7.0

Facebook introduces secure browsing feature

By

Facebook on Wednesday announced a new security feature designed to deter attackers from snooping on users who browse the social networking site via public wireless networks.

2011: A security manager's wish list

2011: A security manager's wish list

This year, thanks to a renewed focus on the insider threat, the longings of the security professional may come to fruition.

Facebook, Twitter fail latest security assessment

By

A nonprofit security think tank's "report card" has failed Facebook and Twitter for neglecting to implement safeguards that are available on other popular online services.

HID Global to acquire ActivIdentity

By

HID Global, which provides identity assurance solutions, announced that its parent company, ASSA ABLOY, has has acquired Silicon Valley-based ActivIdentity, a provider of authentication and credential management with clients in commercial and government organizations. The acquisition will help Irvine, Calif.-based HID Global expand its physical and logical access control options. The deal is expected to close in December and is subject to regulatory clearances and shareholder approvals. - GM

Cisco releases 12 bug fixes

As part of its twice yearly cycle of advisories, Cisco on Wednesday issued six advisories covering various components of its switches and routers. The fixes include vulnerabilities in Cisco voice products, as well as denial-of-service holes in Cisco IOS and IOS XE software, which can be exploited remotely without authentication and without end-user interaction. Cisco said that an attacker could possibly leverage some of these vulnerabilities to crash its router. The company's next update is scheduled for March 23. - GM

Opinions mixed about White House's online identity plan

By

Critics of the White House's proposed national internet identity authentication plan, intended to improve online privacy and security, say the strategy may do just the opposite. Proponents, meanwhile, believe it represents a major step toward establishing online trust.

Symantec inks $1.28 billion deal to buy part of VeriSign

By

Hours after rumors began circulating about an impending mega-deal, Symantec on Thursday afternoon announced it has acquired the identity and authentication business of VeriSign for $1.28 billion.

Reports say Symantec may buy VeriSign security units

By

Symantec is closing in on a deal to acquire the remaining information security business units of VeriSign, according to reports.

Microsoft acknowledges Windows Live ID breach

By

Microsoft confirmed Monday that the credentials of thousands of Microsoft Windows Live ID accounts were posted online late last week.

eBay mandates developer password change

eBay mandates developer password change

By

The giant web marketplace site eBay has warned developers of a security vulnerability, and is requiring that they change their credentials immediately.

Sign up to our newsletters

POLL