Operations // Identity & Access Management
News & Commentary
Federal IT Security Policies Must Be User Friendly
James Bindseil, President & CEO, GlobalscapeCommentary
Federal agencies should choose security tools and policies that suit the productivity needs of their employees.
By James Bindseil President & CEO, Globalscape, 4/16/2014
Comment2 comments  |  Read  |  Post a Comment
Active Directory Is Dead: 3 Reasons
Thomas Pedersen, CEO & Founder, OneLoginCommentary
These days, Active Directory smells gangrenous to innovative companies born in the cloud and connecting customers, employees, and partners across devices at light speed.
By Thomas Pedersen CEO & Founder, OneLogin, 4/15/2014
Comment26 comments  |  Read  |  Post a Comment
What’s Worse: Credit Card Or Identity Theft?
Kerstyn Clover, Attack & Defense Team ConsultantCommentary
When it comes to data loss, it’s time for the conversation to shift from credit cards to personal information like Social Security numbers, home addresses, and your favorite flavor of ice cream.
By Kerstyn Clover Attack & Defense Team Consultant, 4/9/2014
Comment17 comments  |  Read  |  Post a Comment
NSA’s Big Surprise: Gov’t Agency Is Actually Doing Its Job
Ira Winkler, Commentary
When people claimed after 9/11 that the NSA was ill equipped to deal with a changing world, I wonder what they expected to happen.
By Ira Winkler , 4/4/2014
Comment14 comments  |  Read  |  Post a Comment
What Is The FIDO Alliance?
Dark Reading, CommentaryVideo
Phillip Dunkelberger of Nok Nok Labs explains why its proposed specifications will transform computing.
By Dark Reading , 4/2/2014
Comment0 comments  |  Read  |  Post a Comment
Finally, Plug & Play Authentication!
Phil Dunkelberger, President & CEO, Nok Nok LabsCommentaryVideo
FIDO Alliance technology will allow enterprises to replace passwords with plug-and-play multifactor authentication.
By Phil Dunkelberger President & CEO, Nok Nok Labs, 3/26/2014
Comment1 Comment  |  Read  |  Post a Comment
Cartoon: Strong Passwords
John Klossner, CartoonistCommentary
By John Klossner Cartoonist, 3/26/2014
Comment0 comments  |  Read  |  Post a Comment
7 Behaviors That Could Indicate A Security Breach
Becca Lipman, News
Breaches create outliers. Identifying anomalous activity can help keep firms in compliance and out of the headlines.
By Becca Lipman , 3/14/2014
Comment1 Comment  |  Read  |  Post a Comment
Target Ignored Data Breach Alarms
Mathew J. Schwartz, News
Target's security team reviewed -- and ignored -- urgent warnings from threat-detection tool about unknown malware spotted on the network.
By Mathew J. Schwartz , 3/14/2014
Comment21 comments  |  Read  |  Post a Comment
Retail Industry May Pool Intel To Stop Breaches
Kelly Jackson Higgins, Senior Editor, Dark ReadingNews
Target and other shopper-data breaches turn up the heat on retail industry to establish a cyberthreat Information-Sharing and Analysis Center.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 3/12/2014
Comment2 comments  |  Read  |  Post a Comment
Snowden, Bitcoin, Data Breaches Foretell New Regulations
Peter Waterhouse, Senior Technical Marketing Advisor, CA TechnologiesCommentary
It's inevitable that more businesses will be penalized for breaking customer trust. Is your enterprise prepared for new security laws?
By Peter Waterhouse Senior Technical Marketing Advisor, CA Technologies, 3/12/2014
Comment5 comments  |  Read  |  Post a Comment
Experian ID Theft Exposed 200M Consumer Records
Mathew J. Schwartz, News
ID theft ring sold access to database with 200 million consumers' private data to 1,300 criminals.
By Mathew J. Schwartz , 3/11/2014
Comment9 comments  |  Read  |  Post a Comment
Can We Control Our Digital Identities?
Mark Bregman, Senior Vice President & Chief Technology Officer, NeustarCommentary
The web and cloud need an identity layer for people to give us more control over our sprawling digital identities.
By Mark Bregman Senior Vice President & Chief Technology Officer, Neustar, 3/11/2014
Comment4 comments  |  Read  |  Post a Comment
Snowden: I'd Do It Again
Kelly Jackson Higgins, Senior Editor, Dark ReadingNews
NSA whistleblower fields questions via live video feed at South by Southwest, calls encryption "defense against the dark arts."
By Kelly Jackson Higgins Senior Editor, Dark Reading, 3/10/2014
Comment10 comments  |  Read  |  Post a Comment
The Case For Browser-Based Access Controls
Garret Grajek, CTO & COO, SecureAuthCommentary
Is "browser-ized" security a better defense against hackers than traditional methods? Check out these two examples.
By Garret Grajek CTO & COO, SecureAuth, 3/7/2014
Comment2 comments  |  Read  |  Post a Comment
Yahoo Unfriends Facebook, Google Sign-In
Kristin Burnham, Senior Editor, InformationWeek.comNews
Yahoo drops third-party logins, will soon require Yahoo IDs.
By Kristin Burnham Senior Editor, InformationWeek.com, 3/5/2014
Comment11 comments  |  Read  |  Post a Comment
Data Breach: ‘Persistence’ Gives Hackers the Upper Hand
Martin Lee, Technical Lead, Threat Research, Analysis & Communications, CiscoCommentary
Hackers are winning on speed and determination. But we can stack the odds in our favor by shifting the time frames of an attack. Here's how.
By Martin Lee Technical Lead, Threat Research, Analysis & Communications, Cisco, 3/5/2014
Comment2 comments  |  Read  |  Post a Comment
'Connect': A Modern Approach To Mobile, Cloud Identity
Patrick Harding, Commentary
A new protocol from the OpenID Foundation promises enterprises federated single sign-on that can scale.
By Patrick Harding , 2/19/2014
Comment1 Comment  |  Read  |  Post a Comment
FIDO Alliance Releases Authentication Standards, Unveils Products
Tim Wilson, Editor in Chief, Dark ReadingNews
Proponents say the new specifications will pave the way for the replacement of passwords, which are frequently lost, stolen, or hacked.
By Tim Wilson Editor in Chief, Dark Reading, 2/18/2014
Comment0 comments  |  Read  |  Post a Comment
Why FIDO Alliance Standards Will Kill Passwords
Phil Dunkelberger, President & CEO, Nok Nok LabsCommentaryVideo
Phillip Dunkelberger of Nok Nok Labs tells why the time is finally ripe for a password-free computing experience.
By Phil Dunkelberger President & CEO, Nok Nok Labs, 2/18/2014
Comment9 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by Marilyn Cohodas
Current Conversations LOL.
In reply to: Check out our new cartoon
Post Your Own Reply
More Conversations
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-3946
Published: 2014-04-24
Cisco IOS before 15.3(2)S allows remote attackers to bypass interface ACL restrictions in opportunistic circumstances by sending IPv6 packets in an unspecified scenario in which expected packet drops do not occur for "a small percentage" of the packets, aka Bug ID CSCty73682.

CVE-2012-5723
Published: 2014-04-24
Cisco ASR 1000 devices with software before 3.8S, when BDI routing is enabled, allow remote attackers to cause a denial of service (device reload) via crafted (1) broadcast or (2) multicast ICMP packets with fragmentation, aka Bug ID CSCub55948.

CVE-2013-6738
Published: 2014-04-24
Cross-site scripting (XSS) vulnerability in IBM SmartCloud Analytics Log Analysis 1.1 and 1.2 before 1.2.0.0-CSI-SCALA-IF0003 allows remote attackers to inject arbitrary web script or HTML via an invalid query parameter in a response from an OAuth authorization endpoint.

CVE-2014-0188
Published: 2014-04-24
The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, 1.2.7, and earlier does not properly handle authentication requests from the remote-user auth plugin, which allows remote attackers to bypass authentication and impersonate arbitrary users via the X-Remote-User header in a request to...

CVE-2014-2391
Published: 2014-04-24
The password recovery service in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 makes an improper decision about the sensitivity of a string representing a previously used but currently invalid password, which allows remote attackers to obtain potent...

Best of the Web