Endpoint // Authentication
News & Commentary
Heartbleed: A Password Manager Reality Check
Mathew J. Schwartz, News
Is a password manager an effective defense against vulnerabilities like Heartbleed, or just another way to lose data to hackers?
By Mathew J. Schwartz , 4/18/2014
Comment13 comments  |  Read  |  Post a Comment
What Is The FIDO Alliance?
Dark Reading, CommentaryVideo
Phillip Dunkelberger of Nok Nok Labs explains why its proposed specifications will transform computing.
By Dark Reading , 4/2/2014
Comment0 comments  |  Read  |  Post a Comment
Attacks Rise On Network 'Blind' Spot
Kelly Jackson Higgins, Senior Editor, Dark ReadingNews
Interop speaker says DDoS attacks are not the only forms of abuse on the Domain Name Server.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 3/27/2014
Comment4 comments  |  Read  |  Post a Comment
Finally, Plug & Play Authentication!
Phil Dunkelberger, President & CEO, Nok Nok LabsCommentaryVideo
FIDO Alliance technology will allow enterprises to replace passwords with plug-and-play multifactor authentication.
By Phil Dunkelberger President & CEO, Nok Nok Labs, 3/26/2014
Comment1 Comment  |  Read  |  Post a Comment
Cartoon: Strong Passwords
John Klossner, CartoonistCommentary
By John Klossner Cartoonist, 3/26/2014
Comment0 comments  |  Read  |  Post a Comment
Report: Cybercriminals Bank Nearly $4 Billion On Tax Fraud
Tim Wilson, Editor in Chief, Dark ReadingQuick Hits
Attackers collect almost $4 billion by filing fraudulent tax returns, stealing taxpayer identities, ThreatMetrix report says
By Tim Wilson Editor in Chief, Dark Reading, 3/11/2014
Comment1 Comment  |  Read  |  Post a Comment
Rethinking Identity Management
Tim Wilson, Editor in Chief, Dark ReadingCommentary
Secret identities are a good thing. Multiple identities? Not so much
By Tim Wilson Editor in Chief, Dark Reading, 5/20/2013
Comment0 comments  |  Read  |  Post a Comment
Will We Learn Authentication Lessons From Global Payments Breach?
Dark Reading, News
Weaknesses in knowledge-based authentication and mag stripe highlighted in security experts speculation about the breach
By Dark Reading , 4/3/2012
Comment1 Comment  |  Read  |  Post a Comment
Web Services Single Sign-On Contain Big Flaws
Dark Reading, News
Microsoft Research report shows how risky single sign-on can be without solid integration and better support from Web service providers like Google and Facebook
By Dark Reading , 3/19/2012
Comment0 comments  |  Read  |  Post a Comment
Slide Show: 10 Movie Scenes Of Authentication Worth Rewatching
Ericka Chickowski, Contributing Writer, Dark Reading
From the prophetic to the downright silly, these scenes are sure to entertain any security pro
By Ericka Chickowski Contributing Writer, Dark Reading, 3/6/2012
Comment2 comments  |  Read  |  Post a Comment
Solving The SSL Certificate-Revocation Checking Shortfall
Dark Reading, News
Just weeks after Google turned off revocation checking in Chrome, browser vendors convene at RSA to discuss some solutions to a broken system
By Dark Reading , 3/5/2012
Comment0 comments  |  Read  |  Post a Comment
On Determining Online Identities
Taher Elgamal, Commentary
Forging a stronger tie between the sign-on process and the actual known user who owns that particular account
By Taher Elgamal , 2/10/2012
Comment1 Comment  |  Read  |  Post a Comment
On Determining Online Identities
Taher Elgamal, Commentary
Detecting Online User Identities
By Taher Elgamal , 2/8/2012
Comment0 comments  |  Read  |  Post a Comment
RSA Weakness and e-Commerce Authentication
Taher Elgamal, Commentary
RSA key weakness
By Taher Elgamal , 2/8/2012
Comment0 comments  |  Read  |  Post a Comment
How Can We Gracefully Update Crypto?
Taher Elgamal, Commentary
Cryptographic methods at any point in time will become weak at some point due to the advances made in computing
By Taher Elgamal , 2/8/2012
Comment0 comments  |  Read  |  Post a Comment
Online And Physical User Identities
Taher Elgamal, Commentary
Some data-owning businesses are getting into the Internet authentication market -- and that's good news
By Taher Elgamal , 2/8/2012
Comment0 comments  |  Read  |  Post a Comment
VeriSign Breach May Actually Reaffirm Commitment To CA Model
Dark Reading, News
Proposals, like DANE, to roll up certificate issuance into DNS show that trusting domain registrars just as risky as trusting CAs
By Dark Reading , 2/6/2012
Comment2 comments  |  Read  |  Post a Comment
Silent Authentication
Taher Elgamal, Commentary
The Value Of Device Authentication
Taher Elgamal, Commentary
Is SSL Cert Holder ID Verification A Joke?
Dark Reading, News
Some complain that certificate authorities don't do enough to verify identities for 'domain-validated' certificates
By Dark Reading , 1/24/2012
Comment6 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-2391
Published: 2014-04-24
The password recovery service in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 makes an improper decision about the sensitivity of a string representing a previously used but currently invalid password, which allows remote attackers to obtain potent...

CVE-2014-2392
Published: 2014-04-24
The E-Mail autoconfiguration feature in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 places a password in a GET request, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer log...

CVE-2014-2393
Published: 2014-04-24
Cross-site scripting (XSS) vulnerability in Open-Xchange AppSuite 7.4.1 before 7.4.1-rev11 and 7.4.2 before 7.4.2-rev13 allows remote attackers to inject arbitrary web script or HTML via a Drive filename that is not properly handled during use of the composer to add an e-mail attachment.

CVE-2011-5279
Published: 2014-04-23
CRLF injection vulnerability in the CGI implementation in Microsoft Internet Information Services (IIS) 4.x and 5.x on Windows NT and Windows 2000 allows remote attackers to modify arbitrary uppercase environment variables via a \n (newline) character in an HTTP header.

CVE-2012-0360
Published: 2014-04-23
Memory leak in Cisco IOS before 15.1(1)SY, when IKEv2 debugging is enabled, allows remote attackers to cause a denial of service (memory consumption) via crafted packets, aka Bug ID CSCtn22376.

Best of the Web