Content tagged with Authentication
Latest
Page 1 / 2   >   >>
Fake Google Digital Certificates Found & Confiscated
News  |  7/9/2014  | 
A certificate authority in India had issued rogue certificates for some Google domains, the search engine giant discovers.
AVAST Test Results: What People Leave Behind When Selling Their Phone Online
Products and Releases  |  7/9/2014  | 
Deleting files is not enough – overwriting data is the only way to remove personal information.
BeyondTrust Offers Free App for Mobile Vuln Management
Products and Releases  |  6/25/2014  | 
New version of Retina CS for Mobile features automated, cloud-based vulnerability signature updates for Android devices
Data Security Decisions In A World Without TrueCrypt
Commentary  |  6/18/2014  | 
The last days of TrueCrypt left many unanswered questions. But one thing is certain: When encryption freeware ends its life abruptly, being a freeloader can get you into a load of trouble.
TweetDeck Scammers Steal Twitter IDs Via OAuth
News  |  6/6/2014  | 
Users who give up their TweetDeck ID are promised 20 followers for free or 100 to 5,000 new followers a day for five days.
How The Math Of Biometric Authentication Adds Up
Commentary  |  6/2/2014  | 
Yes, it's true that if your authentication scheme only allows a single fingerprint you only have 10 choices. But there's no rule that says it has to be one, and only one.
LogmeOnce Adds Kill-Pill Technology to USB Two-Factor Authentication Token while Surpassing Kickstarter Goal
Products and Releases  |  5/28/2014  | 
LogmeOnce password manager will offer USB kill pill, USB geo location and USB decoy and file camouflage to protect against lost or stolen USB
Survey Reveals Many Organizations Fail to Implement Effective Password Security Practices
Products and Releases  |  5/28/2014  | 
Lieberman Software Survey Reveals Many Organizations Fail to Implement Effective Password Security Practices.
BioCatch Launches eCommerce Edition of Behavioral Analysis Solution
Products and Releases  |  5/28/2014  | 
Biometric Tool Prevents Fraud
eBay Breach: Is Your Identity Up For Auction?
Commentary  |  5/23/2014  | 
In a sick twist of events, the roles may just have been reversed on eBay users. It’s their social media identities and data that now have the greatest value in the cyber underground.
Global Velocity Announces its New Approach to Cyber Security Today
Products and Releases  |  5/22/2014  | 
Securio™ provides a simple, cost-effective solution for protecting data stored in the enterprise or cloud.
6 Tips For Securing Social Media In The Workplace
Commentary  |  5/20/2014  | 
Empower employees by training them to be aware and secure, and in how to avoid becoming a statistic.
Breach At Bit.ly Blamed On Offsite Backup Storage Provider
Quick Hits  |  5/13/2014  | 
URL shortening service says user database may have been compromised through backup data.
WidePoint Collaborates with Wave to Secure Digital Certificates Within Hardware for Today's Increasingly Mobile Workforce
Products and Releases  |  5/12/2014  | 
WidePoint Will Use Wave's EMBASSY® Security Center and Cryptographic Service Provider (CSP) to Secure Digital Certificates within TPMs on Customer Devices
Deactivated User Accounts Die Hard
Quick Hits  |  5/6/2014  | 
New research finds deleted Windows accounts stick around for up to 10 hours and are open to abuse.
Defending Against Identity Theft In The Military
Commentary  |  5/5/2014  | 
Our military troops are twice as likely to be victims of identity theft as the general population. The reason is in the structure of military culture.
Privacy, Cybercrime Headline the Infosecurity Europe Conference
Slideshows  |  5/2/2014  | 
Attendees debate NSA surveillance, privacy reforms, cybercrime defenses, and sharpen their CISO skills.
How To Avoid Sloppy Authentication
Commentary  |  5/1/2014  | 
Viewing authentication as a process, not simply as an encryption or algorithm, is the key to defending corporate resources from attacks.
Cartoon: E2c$y5tion
Cartoon Contest  |  4/18/2014  | 
Heartbleed: A Password Manager Reality Check
News  |  4/18/2014  | 
Is a password manager an effective defense against vulnerabilities like Heartbleed, or just another way to lose data to hackers?
SMS PASSCODE Announces North America Launch
Products and Releases  |  4/16/2014  | 
Industry Veteran Henrik Jeberg Joins Team to Manage and Grow SMS
What Is The FIDO Alliance?
What Is The FIDO Alliance?
Dark Reading Videos  |  4/2/2014  | 
Phillip Dunkelberger of Nok Nok Labs explains why its proposed specifications will transform computing.
Attacks Rise On Network 'Blind' Spot
News  |  3/27/2014  | 
Interop speaker says DDoS attacks are not the only forms of abuse on the Domain Name Server.
Finally, Plug & Play Authentication!
Finally, Plug & Play Authentication!
Dark Reading Videos  |  3/26/2014  | 
FIDO Alliance technology will allow enterprises to replace passwords with plug-and-play multifactor authentication.
Strong Passwords
Cartoon Contest  |  3/26/2014  | 
Cartoon: Strong Passwords
Commentary  |  3/26/2014  | 
Report: Cybercriminals Bank Nearly $4 Billion On Tax Fraud
Quick Hits  |  3/11/2014  | 
Attackers collect almost $4 billion by filing fraudulent tax returns, stealing taxpayer identities, ThreatMetrix report says
Rethinking Identity Management
Commentary  |  5/20/2013  | 
Secret identities are a good thing. Multiple identities? Not so much
Will We Learn Authentication Lessons From Global Payments Breach?
News  |  4/3/2012  | 
Weaknesses in knowledge-based authentication and mag stripe highlighted in security experts speculation about the breach
Web Services Single Sign-On Contain Big Flaws
News  |  3/19/2012  | 
Microsoft Research report shows how risky single sign-on can be without solid integration and better support from Web service providers like Google and Facebook
Slide Show: 10 Movie Scenes Of Authentication Worth Rewatching
Slideshows  |  3/6/2012  | 
From the prophetic to the downright silly, these scenes are sure to entertain any security pro
Solving The SSL Certificate-Revocation Checking Shortfall
News  |  3/5/2012  | 
Just weeks after Google turned off revocation checking in Chrome, browser vendors convene at RSA to discuss some solutions to a broken system
On Determining Online Identities
Commentary  |  2/10/2012  | 
Forging a stronger tie between the sign-on process and the actual known user who owns that particular account
On Determining Online Identities
Commentary  |  2/8/2012  | 
Detecting Online User Identities
RSA Weakness and e-Commerce Authentication
Commentary  |  2/8/2012  | 
RSA key weakness
How Can We Gracefully Update Crypto?
Commentary  |  2/8/2012  | 
Cryptographic methods at any point in time will become weak at some point due to the advances made in computing
Online And Physical User Identities
Commentary  |  2/8/2012  | 
Some data-owning businesses are getting into the Internet authentication market -- and that's good news
VeriSign Breach May Actually Reaffirm Commitment To CA Model
News  |  2/6/2012  | 
Proposals, like DANE, to roll up certificate issuance into DNS show that trusting domain registrars just as risky as trusting CAs
Silent Authentication
Commentary  |  1/29/2012  | 
Authenticating users without explicit login
The Value Of Device Authentication
Commentary  |  1/29/2012  | 
'Fingerprinting' evolving to protect device IDs
Is SSL Cert Holder ID Verification A Joke?
News  |  1/24/2012  | 
Some complain that certificate authorities don't do enough to verify identities for 'domain-validated' certificates
Identity Versus Authentication
Commentary  |  1/12/2012  | 
Distinguishing between identity and authentication
Passphrases A Viable Alternative To Passwords?
News  |  1/10/2012  | 
Some experts say they are, but technological and cultural issues bar the path to passphrases
More About Software Tokens
Commentary  |  12/29/2011  | 
When software tokens are as strong as hardware ones
Unraveling The Riddle Of Privileged Identity
News  |  12/12/2011  | 
Some argue for monitoring to take a greater role in refining privileged identity policies, but root accounts pose problems
Four SSL Certificate Management Tips For Holiday E-Commerce Success
News  |  11/28/2011  | 
Don't let CA compromises, expired SSL certificates break your Internet authentication processes
SSL's Future
Commentary  |  11/28/2011  | 
SSL will evolve to meet requirements for e-commerce and mobile
Will Software Authentication Survive?
Commentary  |  11/26/2011  | 
Protecting secret keys or seeds in software without the risk of being stolen is crucial
Embedding Digital Certificates In Hardware
Commentary  |  11/23/2011  | 
A natural evolution, but there are a few potential pitfalls to avoid
Gauging The Long-Term Effects Of RSA's Breach
News  |  11/14/2011  | 
Worries still linger of future attacks, but experts hope the event shook industry out of black-and-white security mentality
Page 1 / 2   >   >>


Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
DevOps’ Impact on Application Security
DevOps’ Impact on Application Security
Managing the interdependency between software and infrastructure is a thorny challenge. Often, it’s a “developers are from Mars, systems engineers are from Venus” situation.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-4907
Published: 2014-07-11
Cross-site scripting (XSS) vulnerability in share/pnp/application/views/kohana_error_page.php in PNP4Nagios before 0.6.22 allows remote attackers to inject arbitrary web script or HTML via a parameter that is not properly handled in an error message.

CVE-2014-4908
Published: 2014-07-11
Multiple cross-site scripting (XSS) vulnerabilities in PNP4Nagios through 0.6.22 allow remote attackers to inject arbitrary web script or HTML via the URI used for reaching (1) share/pnp/application/views/kohana_error_page.php or (2) share/pnp/application/views/template.php, leading to improper hand...

CVE-2014-2963
Published: 2014-07-10
Multiple cross-site scripting (XSS) vulnerabilities in group/control_panel/manage in Liferay Portal 6.1.2 CE GA3, 6.1.X EE, and 6.2.X EE allow remote attackers to inject arbitrary web script or HTML via the (1) _2_firstName, (2) _2_lastName, or (3) _2_middleName parameter.

CVE-2014-3310
Published: 2014-07-10
The File Transfer feature in WebEx Meetings Client in Cisco WebEx Meetings Server and WebEx Meeting Center does not verify that a requested file was an offered file, which allows remote attackers to read arbitrary files via a modified request, aka Bug IDs CSCup62442 and CSCup58463.

CVE-2014-3311
Published: 2014-07-10
Heap-based buffer overflow in the file-sharing feature in WebEx Meetings Client in Cisco WebEx Meetings Server and WebEx Meeting Center allows remote attackers to execute arbitrary code via crafted data, aka Bug IDs CSCup62463 and CSCup58467.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Marilyn Cohodas and her guests look at the evolving nature of the relationship between CIO and CSO.