Web Authentication and Access Control
- November 08, 2016
Researchers find widespread risk for users of apps with insecure OAuth implementation, which could lead to attackers being able to access the data held within a vulnerable app.
- October 30, 2015
Google demands Certificate Transparency for all Symantec-issued certificates in wake of last month's escalating disclosures about fake "testing" certificates.
- September 16, 2015
A new report details how attackers can fly under the radar by using stolen credentials in order to avoid breach detection and forgoing the use of malware in malicious activity.
- June 11, 2015
Agencies from U.S. and U.K. governments now support the FIDO Alliance and its open standards for passwordless authentication.
- March 25, 2015
Google, Microsoft, and Mozilla have revoked unauthorized TLS certificates issued by an intermediate certificate authority that could have been used in man-in-the-middle attacks.
- March 11, 2015
A growing number of cryptographic keys and security certificates are being abused, according to a new study from cybersecurity firm Venafi and the Ponemon Institute.
- January 09, 2015
Expert contributor David Strom provides the lowdown on CA's Strong Authentication multifactor authentication software solution.
- December 09, 2014
Amid growing fears of stolen credentials and data breaches, the FIDO Alliance released its long-awaited 1.0 specifications for passwordless and multifactor authentication systems.
- September 08, 2014
Data from McAfee shows many organizations have yet to fully patch the Heartbleed vulnerability, and as many as 300,000 websites remain at risk.
- August 08, 2014
News roundup: When a breach occurs, it's common practice to share the information with victims -- both the users and the companies involved. However, Hold Security's billion-password hack disclosure hasn't followed standard procedure.
- June 05, 2014
Despite the popularity of SAML, the mobile and cloud benefits of OpenID Connect may spur adoption as an enterprise authentication platform.
- December 15, 2011
Following a breach to a GlobalSign Web server, an extensive investigation found no evidence of an infiltration of its digital certificate infrastructure and no leakage of its certificate keys.
- June 07, 2011
Following a retooling of its manufacturing and supply chain management processes, RSA plans to replace security tokens for high risk customers.
- August 30, 2010
CA said Arcot's software as a service delivery model could help accelerate its delivery of CA identity and access management technologies from the cloud.
- August 26, 2010
Hardware-based security is in use at some enterprises and gains in virtualization are predicted on the horizon, but the technology has seen slow adoption.