Web Authentication and Access Control
- May 12, 2017
A Slack vulnerability exposed user authentication tokens and enabled hackers to access private data. Expert Matthew Pascucci explains how and why this hack was successful.
- April 07, 2017
CA Strong Authentication brings inexpensive multi- and two-factor authentication to businesses looking to protect mobile applications and devices and to prevent identity theft.
- November 08, 2016
Researchers find widespread risk for users of apps with insecure OAuth implementation, which could lead to attackers being able to access the data held within a vulnerable app.
- July 13, 2016
The wildly popular Pokémon GO mobile game obtained a full account access token to iOS users' Google accounts, revealing a major issue with Google's OAuth authentication system.
- October 30, 2015
Google demands Certificate Transparency for all Symantec-issued certificates in wake of last month's escalating disclosures about fake "testing" certificates.
- September 16, 2015
A new report details how attackers can fly under the radar by using stolen credentials in order to avoid breach detection and forgoing the use of malware in malicious activity.
- June 11, 2015
Agencies from U.S. and U.K. governments now support the FIDO Alliance and its open standards for passwordless authentication.
- March 25, 2015
Google, Microsoft, and Mozilla have revoked unauthorized TLS certificates issued by an intermediate certificate authority that could have been used in man-in-the-middle attacks.
- March 11, 2015
A growing number of cryptographic keys and security certificates are being abused, according to a new study from cybersecurity firm Venafi and the Ponemon Institute.
- December 09, 2014
Amid growing fears of stolen credentials and data breaches, the FIDO Alliance released its long-awaited 1.0 specifications for passwordless and multifactor authentication systems.
- September 08, 2014
Data from McAfee shows many organizations have yet to fully patch the Heartbleed vulnerability, and as many as 300,000 websites remain at risk.
- August 08, 2014
News roundup: When a breach occurs, it's common practice to share the information with victims -- both the users and the companies involved. However, Hold Security's billion-password hack disclosure hasn't followed standard procedure.
- June 05, 2014
Despite the popularity of SAML, the mobile and cloud benefits of OpenID Connect may spur adoption as an enterprise authentication platform.
- December 15, 2011
Following a breach to a GlobalSign Web server, an extensive investigation found no evidence of an infiltration of its digital certificate infrastructure and no leakage of its certificate keys.
- June 07, 2011
Following a retooling of its manufacturing and supply chain management processes, RSA plans to replace security tokens for high risk customers.