Content tagged with Authentication
Latest
Page 1 / 2   >   >>
Cartoon: E2c$y5tion
Cartoon Contest  |  4/18/2014  | 
Heartbleed: A Password Manager Reality Check
News  |  4/18/2014  | 
Is a password manager an effective defense against vulnerabilities like Heartbleed, or just another way to lose data to hackers?
SMS PASSCODE Announces North America Launch
Products and Releases  |  4/16/2014  | 
Industry Veteran Henrik Jeberg Joins Team to Manage and Grow SMS
What Is The FIDO Alliance?
What Is The FIDO Alliance?
Dark Reading Videos  |  4/2/2014  | 
Phillip Dunkelberger of Nok Nok Labs explains why its proposed specifications will transform computing.
Attacks Rise On Network 'Blind' Spot
News  |  3/27/2014  | 
Interop speaker says DDoS attacks are not the only forms of abuse on the Domain Name Server.
Finally, Plug & Play Authentication!
Finally, Plug & Play Authentication!
Dark Reading Videos  |  3/26/2014  | 
FIDO Alliance technology will allow enterprises to replace passwords with plug-and-play multifactor authentication.
Cartoon: Strong Passwords
Commentary  |  3/26/2014  | 
Strong Passwords
Cartoon Contest  |  3/26/2014  | 
Report: Cybercriminals Bank Nearly $4 Billion On Tax Fraud
Quick Hits  |  3/11/2014  | 
Attackers collect almost $4 billion by filing fraudulent tax returns, stealing taxpayer identities, ThreatMetrix report says
Rethinking Identity Management
Commentary  |  5/20/2013  | 
Secret identities are a good thing. Multiple identities? Not so much
Will We Learn Authentication Lessons From Global Payments Breach?
News  |  4/3/2012  | 
Weaknesses in knowledge-based authentication and mag stripe highlighted in security experts speculation about the breach
Web Services Single Sign-On Contain Big Flaws
News  |  3/19/2012  | 
Microsoft Research report shows how risky single sign-on can be without solid integration and better support from Web service providers like Google and Facebook
Slide Show: 10 Movie Scenes Of Authentication Worth Rewatching
Slideshows  |  3/6/2012  | 
From the prophetic to the downright silly, these scenes are sure to entertain any security pro
Solving The SSL Certificate-Revocation Checking Shortfall
News  |  3/5/2012  | 
Just weeks after Google turned off revocation checking in Chrome, browser vendors convene at RSA to discuss some solutions to a broken system
On Determining Online Identities
Commentary  |  2/10/2012  | 
Forging a stronger tie between the sign-on process and the actual known user who owns that particular account
On Determining Online Identities
Commentary  |  2/8/2012  | 
Detecting Online User Identities
RSA Weakness and e-Commerce Authentication
Commentary  |  2/8/2012  | 
RSA key weakness
How Can We Gracefully Update Crypto?
Commentary  |  2/8/2012  | 
Cryptographic methods at any point in time will become weak at some point due to the advances made in computing
Online And Physical User Identities
Commentary  |  2/8/2012  | 
Some data-owning businesses are getting into the Internet authentication market -- and that's good news
VeriSign Breach May Actually Reaffirm Commitment To CA Model
News  |  2/6/2012  | 
Proposals, like DANE, to roll up certificate issuance into DNS show that trusting domain registrars just as risky as trusting CAs
Silent Authentication
Commentary  |  1/29/2012  | 
Authenticating users without explicit login
The Value Of Device Authentication
Commentary  |  1/29/2012  | 
'Fingerprinting' evolving to protect device IDs
Is SSL Cert Holder ID Verification A Joke?
News  |  1/24/2012  | 
Some complain that certificate authorities don't do enough to verify identities for 'domain-validated' certificates
Identity Versus Authentication
Commentary  |  1/12/2012  | 
Distinguishing between identity and authentication
Passphrases A Viable Alternative To Passwords?
News  |  1/10/2012  | 
Some experts say they are, but technological and cultural issues bar the path to passphrases
More About Software Tokens
Commentary  |  12/29/2011  | 
When software tokens are as strong as hardware ones
Unraveling The Riddle Of Privileged Identity
News  |  12/12/2011  | 
Some argue for monitoring to take a greater role in refining privileged identity policies, but root accounts pose problems
Four SSL Certificate Management Tips For Holiday E-Commerce Success
News  |  11/28/2011  | 
Don't let CA compromises, expired SSL certificates break your Internet authentication processes
SSL's Future
Commentary  |  11/28/2011  | 
SSL will evolve to meet requirements for e-commerce and mobile
Will Software Authentication Survive?
Commentary  |  11/26/2011  | 
Protecting secret keys or seeds in software without the risk of being stolen is crucial
Embedding Digital Certificates In Hardware
Commentary  |  11/23/2011  | 
A natural evolution, but there are a few potential pitfalls to avoid
Gauging The Long-Term Effects Of RSA's Breach
News  |  11/14/2011  | 
Worries still linger of future attacks, but experts hope the event shook industry out of black-and-white security mentality
Tales of De-Crypt: 2011 Authentication And IAM Horror Stories
News  |  10/31/2011  | 
Who's scared of monsters under the bed when there's Lulzsec, Russian mobsters, and cybercrooks creeping out there?
Authentication Reality Check
Commentary  |  10/18/2011  | 
Two-factor authentication products slow to catch on
On Trusting Certificate Authorities
Commentary  |  10/18/2011  | 
The time has come for a way to vet CAs by reputation
Authentication With Hardware
Commentary  |  10/18/2011  | 
Needed: a unified way for users to log in websites regardless of the device they are using
Authentication-As-A-Service Gains Steam
News  |  10/17/2011  | 
Improved security, scalability, operational flexibility, and even brand differentiation are driving AaaS
Internet Authentication's Wild Ride
News  |  10/3/2011  | 
BEAST exploit and CA hacks make for healthy debate about the future of Internet's authentication mechanisms
Identity Federation Versus PKI
Commentary  |  9/24/2011  | 
Neither technology alone offers the ultimate user authentication infrastructure
Identity Federation: Waiting On Access Control
Commentary  |  9/21/2011  | 
Separate authentication by websites will remain the reality until access control is done right in Web apps
UBS Rogue Trader Incident Stirs Access Management Speculation
News  |  9/19/2011  | 
Details are still sparse, but UBS rogue trader incident sets off identity and access management debate
Passwords: Time's Up?
Commentary  |  9/10/2011  | 
Stronger authentication is a major security issue yet to be solved
Seven Crucial Identity And Access Management Metrics
News  |  9/1/2011  | 
Measure identity and access management for improved security
Leaps Of Faith
Commentary  |  6/20/2011  | 
Mobile is more secure than the browser realm because most mobile transactions are conducted through applications, not the browser
From Device to Device, From Site To Site
Commentary  |  5/23/2011  | 
Obama administration's digital identities initiative relies on private industry to come together and make it work
Kind Of A Mess
Commentary  |  4/27/2011  | 
Internet needs an infrastructure that enables back ends and users to communicate with each other using better authentication--and allows any number of authentication technologies to sign into it
A New Spin On Fraud Prevention
Commentary  |  3/3/2011  | 
Most online fraud stems from electronic transactions not associating the identity of the user with the card or account
What About Biometrics?
Commentary  |  11/22/2010  | 
Integrating fingerprints in a standard way so that Web and enterprise applications can take advantage of them
Slide Show: Extreme And Alternative Authentication Methods
Slideshows  |  11/16/2010  | 
Passwords are the weakest link in access control, but there are plenty of other, less-traveled options for authentication
A True Second Factor
Commentary  |  11/9/2010  | 
I'm sure some of you remember a time when you actually used to telephone the bank to do a transaction. Do you remember all the questions they would ask to verify that you were, in fact, the account owner?
Page 1 / 2   >   >>


Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Containing Corporate Data on Mobile Devices
Containing Corporate Data on Mobile Devices
If youíre still focused on securing endpoints, youíve got your work cut out for you. WiFi network provider iPass surveyed 1,600 mobile workers and found that the average US employee carries three devices -- a smartphone, a computer, and a tablet or e-reader -- with more than 80% of them doing work on personal devices.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-3946
Published: 2014-04-24
Cisco IOS before 15.3(2)S allows remote attackers to bypass interface ACL restrictions in opportunistic circumstances by sending IPv6 packets in an unspecified scenario in which expected packet drops do not occur for "a small percentage" of the packets, aka Bug ID CSCty73682.

CVE-2012-5723
Published: 2014-04-24
Cisco ASR 1000 devices with software before 3.8S, when BDI routing is enabled, allow remote attackers to cause a denial of service (device reload) via crafted (1) broadcast or (2) multicast ICMP packets with fragmentation, aka Bug ID CSCub55948.

CVE-2013-6738
Published: 2014-04-24
Cross-site scripting (XSS) vulnerability in IBM SmartCloud Analytics Log Analysis 1.1 and 1.2 before 1.2.0.0-CSI-SCALA-IF0003 allows remote attackers to inject arbitrary web script or HTML via an invalid query parameter in a response from an OAuth authorization endpoint.

CVE-2014-0188
Published: 2014-04-24
The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, 1.2.7, and earlier does not properly handle authentication requests from the remote-user auth plugin, which allows remote attackers to bypass authentication and impersonate arbitrary users via the X-Remote-User header in a request to...

CVE-2014-2391
Published: 2014-04-24
The password recovery service in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 makes an improper decision about the sensitivity of a string representing a previously used but currently invalid password, which allows remote attackers to obtain potent...

Best of the Web