Items Tagged with "Authentication"


69dafe8b58066478aea48f3d0f384820

Howard Schmidt on Federal Cyber Security Priorities

March 27, 2012 Added by:Headlines

"Federal Departments and Agencies must defend their information systems in a resource-constrained environment, balancing system security and survivability while meeting numerous operational requirements requires robust risk management," said Schmidt...

Comments  (0)

F29746c6cb299c1755e4087e6126a816

Fifteen Unsafe Security Practices that Lead to Data Breaches

March 21, 2012 Added by:Kelly Colgan

Database security is an essential element of overall security maturity at enterprise level. Underestimating its value and not dedicating sufficient attention to developing a comprehensive data security plan can, in many instances, lead to data compromise...

Comments  (1)

0a8cae998f9c51e3b3c0ccbaddf521aa

Enterprise Security's Achilles Heel

March 16, 2012 Added by:Rafal Los

Have you ever wondered why enterprise security people are so downtrodden? Baffled by the impossible arrogance of penetration testers when they laugh at corporate security postures? The bottom line: people have always been and will always be the Achilles heel...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Malware Variant Signed with Valid Digital Certificate

March 16, 2012 Added by:Headlines

Kaspersky has discovered malware in the wild identified as Trojan.Win32.Mediyes accompanied by a VeriSign digital certificate which appears to be part of a click-fraud operation designed to generate revenues for the attackers from a legitimate marketing service...

Comments  (1)

3e35900ae6facc6c146a85c435c71d82

Implementing Least Privilege

March 15, 2012 Added by:Ben Rothke

Least privilege is the notion that in a particular abstraction layer of a computing environment every module - such as a process, a user or a program depending on the subject - must be able to access only the information that is necessary for its legitimate purpose...

Comments  (1)

7fef78c47060974e0b8392e305f0daf0

NIST Steering Group to Support Trusted Identities in Cyberspace

March 15, 2012 Added by:Infosec Island Admin

"The committee will guide creation of an ‘Identity Ecosystem’ in which businesses and individuals can have more confidence in the security and privacy of their online transactions. The committee will also be responsible for identifying resources that will support the effort..."

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

Examining the Top Ten Database Threats

March 14, 2012 Added by:PCI Guru

Most attacks are perpetrated inside the perimeter, so protection from an inside attack is important. Once an attacker is on the inside, it is easy to use SQL injection or other techniques to obtain data. Organizations are just beginning to understand the insider threat...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

CyLab Researchers Release Free Smartphone Security App

March 14, 2012 Added by:Headlines

"SafeSlinger provides you with the confidence that the person you are communicating with is actually the person they have represented themselves to be... SafeSlinger provides secure communications and file transfer even if the servers involved are tainted with malware..."

Comments  (0)

37d5f81e2277051bc17116221040d51c

How Safe is Paying Online with Your Smart Phone?

March 13, 2012 Added by:Robert Siciliano

Handset manufacturers, application developers, and mobile security vendors continue working to improve mobile security. Banks are offering a consistent sign-on experience for both their online and mobile channels, including multifactor authentication programs for mobile...

Comments  (0)

99edc1997453f90eb5ac1430fd9a7c61

CISSP Reloaded - Domain Two: Access Controls

March 07, 2012 Added by:Javvad Malik

Understand who’s trying to get access and choose the control that will really protect you. Or rather, I should say, the control should protect you long enough for you to do something about it. Otherwise you might find yourself as the person holding a knife in a gunfight...

Comments  (0)

0f57a863af3b7e5bf59a94319a408ff7

A Structured Approach to Handling External Connections

February 27, 2012 Added by:Enno Rey

The approach to be developed is meant to work on the basis of several types of remote connections in which each determines associated security controls and other parameters. At the first glance, not overly complicated, but – as always – the devil is in the details...

Comments  (0)

00c83c62ef65f17ce8e790850c596964

Secure Now or Forever...

February 24, 2012 Added by:Pamela Gupta

Traditional access control is simple, but permission-based access has become challenging – applications that request the user’s permission to access sensitive data explicitly. We are expecting users to be system administrators without adequate training, which is not feasible...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

ICS-CERT: Advantech Webaccess Multiple Vulnerabilities

February 17, 2012 Added by:Headlines

ICS-CERT received reports of eighteen vulnerabilities in BroadWin WebAccess. These vulnerabilities include Cross-site scripting (XSS), SQL injection, Cross-site report forgery (CSRF)and Authentication issues. Public exploits are known to target these vulnerabilities...

Comments  (0)

759c37c6aff04cd46262f93652b5fad5

Smart Meter Security Testing

February 15, 2012 Added by:Spencer McIntyre

While reviewing the communication used by a couple of smart meters, it was found that the user did not have to properly authenticate himself to read certain pieces of data and that some data could be written to the device without the use of a proper C12.18 Security Request...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

ICS-CERT: Koyo Ecom100 Brute Force Cracking Tool

February 15, 2012 Added by:Headlines

A brute force password cracking tool has been released that targets the weak authentication vulnerability in the Koyo ECOM100 Ethernet Module. This tool may greatly reduce the time and skill level required to attack a vulnerable system...

Comments  (0)

03b2ceb73723f8b53cd533e4fba898ee

Subordinate Digital Certificates Pits Trustwave vs Mozilla

February 14, 2012 Added by:Pierluigi Paganini

Trustwave declared that the issuing of subordinate root certificates to private companies was done to allow inspection of the SSL encrypted traffic that passes through their networks. Trustwave decided to stop issuing these in the future, and revoked the existing ones...

Comments  (0)

Page « < 3 - 4 - 5 - 6 - 7 > »