Items Tagged with "Authentication"
State Sponsored IE Vulnerability and a Four Line MySQL Exploit
June 21, 2012 Added by:Headlines
Of the two latest Microsoft IE vulnerabilities, the first seems the most interesting. Rumored to be “State-Sponsored”, the vulnerability focuses on Gmail, MS Office and Internet Explorer. And as yet is still an active Zero Day exploit. Security software company Rapid 7 explains the vulnerability as follows...
Comments (0)
Elementary Information Security
June 21, 2012 Added by:Ben Rothke
For anyone looking for a comprehensive information security reference guide - Elementary Information Security is it. While the title may say elementary, for the reader who spends the time and effort to complete the book, they will come out with a complete overview of every significant information security topic...
Comments (0)
Better Passwords Don't Make Us Secure: Best Practices Advice
June 14, 2012 Added by:Marc Quibell
On today's Internet, it's not about better passwords, because passwords are another weak, vulnerable form of authentication. You can make it longer, more complex... whatever, but it doesn't change the fact that it's still weak and vulnerable. Practice safe computing and at least you will lower your risk...
Comments (0)
LulzSec Reborn vs Twitter and OAuth Security Issues
June 13, 2012 Added by:Pierluigi Paganini
The third-party authentication process implements the open standard for authorization, or OAuth, that allows users to share private resources stored on one site with another. The hack raises a serious question regarding the security level ensured by third-party authentication processes...
Comments (0)
Password Protection Pointers
June 12, 2012 Added by:Jayson Wylie
The best password is the one that only you know. Even better one is one that nobody else can find out. Crackers are getting away from massive rainbow tables and moving on to graphics processors for quick password compromise. It is possible to categorize your passwords to define the sensitivity of their purpose....
Comments (0)
If I Told You, I'd Have to Kill You
June 11, 2012 Added by:Ed Bellis
All of these breaches present a great opportunity to learn what does and doesn’t work in information security. But when we get responses like the one posted by Last.FM not only do we not learn anything, we don’t have any reason to believe they have either...
Comments (0)
It’s Time to Convert from Passwords to Passphrases
June 08, 2012 Added by:Stacey Holleran
The traditional password must die. The whole concept is fatally flawed. The sheer volume of attacks should be a wake-up call to anyone utilizing a password (pretty much everyone). Now is the time to practice vigilance and to secure systems, accounts and security applications such as firewalls with Passphrases...
Comments (0)
On the Recent Blizzard and Diablo 3 Account Compromises
May 29, 2012 Added by:Beau Woods
Gamers have gotten more savvy about giving away information which would allow someone else to access their account. But the attackers have adapted as well and use other ways of getting that information than by sending fake emails. Here are some of the more creative and sophisticated ways the thieves operate...
Comments (2)
LinkedIn: Vulnerability in the Authentication Process
May 22, 2012 Added by:Pierluigi Paganini
This attack is possible due to an error in validating of the security token (CSRF token) that allows an unlimited number of requests using the same token for different users. The only mechanism against the attack is a CAPTCHA challenge-response test after dozens of attempts...
Comments (0)
Follow Up to the Out of Band Authentication Post
May 16, 2012 Added by:Brent Huston
Sadly, there are more than a few who are struggling to get OOBA right or done at all. As with most things, it helps to do a little research. Organizations should perform due diligence on their vendors and factor vendor risks into the equation of purchases and project planning...
Comments (0)
Treat Passwords Like Cash
May 14, 2012 Added by:Danny Lieberman
Every Web site and business application has a different algorithm and password policy. For users, who need to maintain strong passwords using 25 different policies on 25 different systems sites, it’s impossible to maintain a strong password policy without making some compromises...
Comments (0)
Growing Mistrust of India’s Biometric ID Scheme
May 14, 2012 Added by:Electronic Frontier Foundation
In India, a massive effort is underway to collect biometric identity information for each of the country’s 1.2 billion people. The incredible plan has stirred controversy in India and beyond, raising serious concerns about the security of individuals’ personal data...
Comments (0)
Twitter Hack! Five Ways to Avoid Being a Victim of Phishing
May 12, 2012 Added by:Brent Huston
Twitter is downplaying a security breach that exposed tens of thousands of user emails and passwords. The compromised Twitter accounts could have been the result of phishing attacks. Whenever you read about such breaches, it is always a good idea to change your password...
Comments (0)
Financial Organizations Struggle with Out of Band Authentication
May 09, 2012 Added by:Brent Huston
Financial organizations have been working on implementing out of band authentication (OOBA) mechanisms for specific kinds of money transfers such as ACH and wires. While this authentication method does add some security to the process, it does not come without its challenges...
Comments (1)
Understanding Trust
May 06, 2012 Added by:Kevin W. Wall
In computer security, we should strive to make all trust relationships explicit and leave nothing to chance or misinterpretation. That's one key step in defining a trust model. At its core, information security is largely about the two goals of “ensuring trust” and “managing risk”...
Comments (0)
NIST: Secure Biometric Acquisition with Web Services
May 04, 2012 Added by:Headlines
Researchers at the NIST have developed a new protocol for communicating with biometric sensors over wired and wireless networks, called WS-Biometric Devices (WS-BD), allows desktops, laptops, tablets and smartphones to access sensors that capture biometric data using web services...