Endpoint // Authentication
News & Commentary
Heartbleed: A Password Manager Reality Check
Mathew J. Schwartz, News
Is a password manager an effective defense against vulnerabilities like Heartbleed, or just another way to lose data to hackers?
By Mathew J. Schwartz , 4/18/2014
Comment7 comments  |  Read  |  Post a Comment
What Is The FIDO Alliance?
Dark Reading, CommentaryVideo
Phillip Dunkelberger of Nok Nok Labs explains why its proposed specifications will transform computing.
By Dark Reading , 4/2/2014
Comment0 comments  |  Read  |  Post a Comment
Attacks Rise On Network 'Blind' Spot
Kelly Jackson Higgins, Senior Editor, Dark ReadingNews
Interop speaker says DDoS attacks are not the only forms of abuse on the Domain Name Server.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 3/27/2014
Comment4 comments  |  Read  |  Post a Comment
Finally, Plug & Play Authentication!
Phil Dunkelberger, President & CEO, Nok Nok LabsCommentaryVideo
FIDO Alliance technology will allow enterprises to replace passwords with plug-and-play multifactor authentication.
By Phil Dunkelberger President & CEO, Nok Nok Labs, 3/26/2014
Comment1 Comment  |  Read  |  Post a Comment
Cartoon: Strong Passwords
John Klossner, CartoonistCommentary
By John Klossner Cartoonist, 3/26/2014
Comment0 comments  |  Read  |  Post a Comment
Report: Cybercriminals Bank Nearly $4 Billion On Tax Fraud
Tim Wilson, Editor in Chief, Dark ReadingQuick Hits
Attackers collect almost $4 billion by filing fraudulent tax returns, stealing taxpayer identities, ThreatMetrix report says
By Tim Wilson Editor in Chief, Dark Reading, 3/11/2014
Comment1 Comment  |  Read  |  Post a Comment
Rethinking Identity Management
Tim Wilson, Editor in Chief, Dark ReadingCommentary
Secret identities are a good thing. Multiple identities? Not so much
By Tim Wilson Editor in Chief, Dark Reading, 5/20/2013
Comment0 comments  |  Read  |  Post a Comment
Will We Learn Authentication Lessons From Global Payments Breach?
Dark Reading, News
Weaknesses in knowledge-based authentication and mag stripe highlighted in security experts speculation about the breach
By Dark Reading , 4/3/2012
Comment1 Comment  |  Read  |  Post a Comment
Web Services Single Sign-On Contain Big Flaws
Dark Reading, News
Microsoft Research report shows how risky single sign-on can be without solid integration and better support from Web service providers like Google and Facebook
By Dark Reading , 3/19/2012
Comment0 comments  |  Read  |  Post a Comment
Slide Show: 10 Movie Scenes Of Authentication Worth Rewatching
Ericka Chickowski, Contributing Writer, Dark Reading
From the prophetic to the downright silly, these scenes are sure to entertain any security pro
By Ericka Chickowski Contributing Writer, Dark Reading, 3/6/2012
Comment2 comments  |  Read  |  Post a Comment
Solving The SSL Certificate-Revocation Checking Shortfall
Dark Reading, News
Just weeks after Google turned off revocation checking in Chrome, browser vendors convene at RSA to discuss some solutions to a broken system
By Dark Reading , 3/5/2012
Comment0 comments  |  Read  |  Post a Comment
On Determining Online Identities
Taher Elgamal, Commentary
Forging a stronger tie between the sign-on process and the actual known user who owns that particular account
By Taher Elgamal , 2/10/2012
Comment1 Comment  |  Read  |  Post a Comment
On Determining Online Identities
Taher Elgamal, Commentary
Detecting Online User Identities
By Taher Elgamal , 2/8/2012
Comment0 comments  |  Read  |  Post a Comment
RSA Weakness and e-Commerce Authentication
Taher Elgamal, Commentary
RSA key weakness
By Taher Elgamal , 2/8/2012
Comment0 comments  |  Read  |  Post a Comment
How Can We Gracefully Update Crypto?
Taher Elgamal, Commentary
Cryptographic methods at any point in time will become weak at some point due to the advances made in computing
By Taher Elgamal , 2/8/2012
Comment0 comments  |  Read  |  Post a Comment
Online And Physical User Identities
Taher Elgamal, Commentary
Some data-owning businesses are getting into the Internet authentication market -- and that's good news
By Taher Elgamal , 2/8/2012
Comment0 comments  |  Read  |  Post a Comment
VeriSign Breach May Actually Reaffirm Commitment To CA Model
Dark Reading, News
Proposals, like DANE, to roll up certificate issuance into DNS show that trusting domain registrars just as risky as trusting CAs
By Dark Reading , 2/6/2012
Comment2 comments  |  Read  |  Post a Comment
Silent Authentication
Taher Elgamal, Commentary
The Value Of Device Authentication
Taher Elgamal, Commentary
Is SSL Cert Holder ID Verification A Joke?
Dark Reading, News
Some complain that certificate authorities don't do enough to verify identities for 'domain-validated' certificates
By Dark Reading , 1/24/2012
Comment6 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by Marilyn Cohodas
Current Conversations LOL.
In reply to: Check out our new cartoon
Post Your Own Reply
More Conversations
Register for Dark Reading Newsletters
White Papers
Cartoon
Latest Comment: LOL.
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-6213
Published: 2014-04-19
Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 Patch 1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1833.

CVE-2013-6214
Published: 2014-04-19
Unspecified vulnerability in the Integration Service in HP Universal Configuration Management Database 9.05, 10.01, and 10.10 allows remote authenticated users to obtain sensitive information via unknown vectors, aka ZDI-CAN-2042.

CVE-2012-0871
Published: 2014-04-18
The session_link_x11_socket function in login/logind-session.c in systemd-logind in systemd, possibly 37 and earlier, allows local users to create or overwrite arbitrary files via a symlink attack on the X11 user directory in /run/user/.

CVE-2012-6646
Published: 2014-04-18
F-Secure Anti-Virus, Safe Anywhere, and PSB Workstation Security before 11500 for Mac OS X allows local users to disable the Mac OS X firewall via unspecified vectors.

CVE-2013-4279
Published: 2014-04-18
imapsync 1.564 and earlier performs a release check by default, which sends sensitive information (imapsync, operating system, and Perl version) to the developer's site.

Best of the Web