Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

A vulnerability in Microsoft's Active Directory service can be exploited by an attacker to change a targeted user's password.
The developers of the popular password manager LastPass informed users on Friday of security vulnerabilities reported to the company last year.
Microsoft has released new guidance to help customers defend against credential theft stemming from Pass-the-Hash (PtH) attacks.
Telstra, Australia's largest telecommunications and media company, has made a strategic investment in phone-based authentication and fraud detection solutions provider TeleSign.
Managing privileged users remains a challenge for many organizations, a new survey has found
Centrify, a Santa Clara, California-based provider of Identity Management solutions, today announced it has raised a massive $42 million round of funding.
Bitly, the popular URL shortening service used to share links through social media and other means, warned on Thursday that user account credentials may have been compromised.
The Kerberos authentication protocol enables a disabled user account to remain valid for up to 10 hours after having been revoked, researchers say.
The "Covert Redirect" security issue uncovered in login tools OAuth and OpenID, places the responsibility for user security in the wrong place, experts say.
NetSupport, a remote management tool used in some enterprises can be exploited by attackers to remotely connect to a host without needing any passwords, according to a Trustwave researcher.

FEATURES, INSIGHTS // Identity & Access

rss icon

Mike Tierney's picture
Much can be learned from airport security that can applied to dealing with insider threats. As a starting point, let’s compare two approaches to airport security – the US approach and the Israeli approach.
Gil Zimmermann's picture
Understanding why passwords are so valuable to hackers can both explain and prepare enterprises to deal with potential security vulnerabilities. There are potentially hundreds of uses for stolen passwords once they are obtained.
Nimmy Reichenberg's picture
By including security into the DevOps model, organizations can attain that improved agility and operational excellence while also improving the necessary checks and balances before changes are pushed into production.
Nick Cavalancia's picture
Recognized Big Data security solutions can only examine data that administrators and engineers have programmed them to identify. They cannot, on their own, choose to browse data sets that they "think" might yield information, nor can they detect information about risky user behaviors that hasn't been captured.
Mark Hatton's picture
Despite the billions of dollars spent annually by government and private industry to protect their networks and critical data assets, the large majority of breaches can be tied directly to human error and/or a breakdown in protocol.
Chris Hinkley's picture
Without the internal and external safeguards working in conjunction, your vulnerability will spike and your performance will suffer as a by-product -- two things you can’t afford to have happen.
Tal Be'ery's picture
When it comes to setting the standards for crucial internet functionality such as authentication, the Internet community must remain vigilant and carefully examine and scrutinize change proposals, to ensure they support the greater good of all of the Internet users.
Mike Lennon's picture
Enjoy this selection of top picks for 2010, listed in no particular order. Happy New Year!
Tom Grubb's picture
The day after Twin Towers fell, all kinds of security measures changed and new ones were implemented overnight. Is there a Web identity 911 equivalent wake-up call coming—a single event that will suddenly jolt us into enforced standards overnight?
Ram Mohan's picture
Are your passwords safe? Three simple ways to create memorable yet secure passwords
view counter