Blog Posts Tagged with "Authentication"

69dafe8b58066478aea48f3d0f384820

NIST: Secure Biometric Acquisition with Web Services

May 04, 2012 Added by:Headlines

Researchers at the NIST have developed a new protocol for communicating with biometric sensors over wired and wireless networks, called WS-Biometric Devices (WS-BD), allows desktops, laptops, tablets and smartphones to access sensors that capture biometric data using web services...

Comments  (0)

37d5f81e2277051bc17116221040d51c

Online Banking vs. Mobile Banking

May 03, 2012 Added by:Robert Siciliano

Mobile banking can offer additional security by enabling text-backs, as a second form of authentication. If you use your smartphone to access your bank’s website directly, it may recognize that you are using a mobile browser and automatically offer you a dedicated application...

Comments  (1)

4c22630536d3dc5e345fe1ec0ddc062b

Password Policy: Sharing Passwords

May 02, 2012 Added by:benson dana

I once worked at a place where a senior manager collected the passwords of employees. There had been resistance to giving up this policy, and the excuse was that this unit's mission was unique and that this was necessary. How often does the internal auditor hear this excuse?

Comments  (0)

A7290c5bd7bc2aaa7ea2b6c957ef639b

Duty to Authenticate Identity: Online Banking Breach Lawsuits

April 26, 2012 Added by:David Navetta

The attenuated nature of online relationships creates an opportunity for criminals to steal or spoof online identities and use them for monetary gain. The ability of one party to authenticate the identity of the other party in an online transaction is of key importance...

Comments  (0)

00fd6160b9db2d91e663a578d87cbaf3

Super Security Guy

April 25, 2012 Added by:Wayde York

While I was talking to the bank operator, I tried to login to my account and when I put in the username/password, I couldn’t get in. The bad guys had changed my login, or so I thought. Red lights were flashing and the bulk of my security expertise poured in to the rescue...

Comments  (1)

94ae16c30d35ee7345f3235dfb11113c

Social Media Security 101

April 24, 2012 Added by:Joel Harding

EVERYTHING is compromised. Every web site, every data base, every place that touches the web – I assume this at all times. There is not one among us whose network has not been compromised. The security mantra in the past was “Risk Avoidance”. That is no longer the case...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Military Evaluates SIPRNet Smart Card to Protect Networks

April 24, 2012 Added by:Headlines

"As we learned through the events of Wiki Leaks, we had a blind spot in protecting our classified networks... We have a national strategy and program to implement a Public Key Infrastructure hardware based authentication system on the classified network - hence the SIPRNet token..."

Comments  (2)

E313765e3bec84b2852c1c758f7244b6

Disagreement on Password Vault Software Findings

April 12, 2012 Added by:Brent Huston

Recently, some researchers have been working on comparing password vault software products and have found some issues. However, many of the vendors are quickly moving to remediate the identified issues, many of which were simply improper use of proprietary cryptography schemes...

Comments  (1)

Bddc4983168ae96da4b83bdd01b51548

Pump Up Your P@$$w0rd$

April 03, 2012 Added by:Kevin Doel

The idea is to choose phrase that you will be able to remember and a simple algorithm for converting it to a strong password. Even the best encryption systems are not going to protect your data if you use weak passwords and a hacker gains physical access to your mobile device...

Comments  (2)

E313765e3bec84b2852c1c758f7244b6

Malicious Exploits: Hitting the Internet Waves with CSRF Part 2

March 27, 2012 Added by:Brent Huston

Using the HTTP specified usage for GET and POST, in which GET requests never have a permanent effect, while good practice is not sufficient to prevent CSRF. Attackers can write JavaScript or ActionScript that invisibly submits a POST from to the target domain...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Howard Schmidt on Federal Cyber Security Priorities

March 27, 2012 Added by:Headlines

"Federal Departments and Agencies must defend their information systems in a resource-constrained environment, balancing system security and survivability while meeting numerous operational requirements requires robust risk management," said Schmidt...

Comments  (0)

F29746c6cb299c1755e4087e6126a816

Fifteen Unsafe Security Practices that Lead to Data Breaches

March 21, 2012 Added by:Kelly Colgan

Database security is an essential element of overall security maturity at enterprise level. Underestimating its value and not dedicating sufficient attention to developing a comprehensive data security plan can, in many instances, lead to data compromise...

Comments  (1)

0a8cae998f9c51e3b3c0ccbaddf521aa

Enterprise Security's Achilles Heel

March 16, 2012 Added by:Rafal Los

Have you ever wondered why enterprise security people are so downtrodden? Baffled by the impossible arrogance of penetration testers when they laugh at corporate security postures? The bottom line: people have always been and will always be the Achilles heel...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Malware Variant Signed with Valid Digital Certificate

March 16, 2012 Added by:Headlines

Kaspersky has discovered malware in the wild identified as Trojan.Win32.Mediyes accompanied by a VeriSign digital certificate which appears to be part of a click-fraud operation designed to generate revenues for the attackers from a legitimate marketing service...

Comments  (1)

3e35900ae6facc6c146a85c435c71d82

Implementing Least Privilege

March 15, 2012 Added by:Ben Rothke

Least privilege is the notion that in a particular abstraction layer of a computing environment every module - such as a process, a user or a program depending on the subject - must be able to access only the information that is necessary for its legitimate purpose...

Comments  (1)

7fef78c47060974e0b8392e305f0daf0

NIST Steering Group to Support Trusted Identities in Cyberspace

March 15, 2012 Added by:Infosec Island Admin

"The committee will guide creation of an ‘Identity Ecosystem’ in which businesses and individuals can have more confidence in the security and privacy of their online transactions. The committee will also be responsible for identifying resources that will support the effort..."

Comments  (0)

Page « < 2 - 3 - 4 - 5 - 6 > »
Most Liked