December 2014
-
December 31, 2014
31
Dec'14
Report: Chick-Fil-A data breach affects locations nationwide
The popular fast-food chain has suffered what may be a massive, months-long payment card data breach that likely dates back as far as December 2013. Continue Reading
-
December 30, 2014
30
Dec'14
As PCI DSS 3.0 deadline looms, QSAs urge 'continuous compliance'
As PCI DSS 3.0 becomes mandatory on Jan. 1, QSAs say struggling merchants will find that a continuous approach to PCI compliance eases the long-term compliance burden. Continue Reading
-
December 29, 2014
29
Dec'14
Why infosec will increasingly rely on computer hardware security
Video: Cryptography luminary Paul Kocher discusses why computer hardware security will play a larger role in the information security product ecosystem. Continue Reading
-
December 24, 2014
24
Dec'14
How the role of the CISO is changing for better and for worse
Video: Securicon's Ernie Hayden discusses why new resources make the CISO role easier, but new threats and a brighter spotlight make the role harder than ever. Continue Reading
-
December 23, 2014
23
Dec'14
single-factor token
A single-factor token is a small hardware device that produces one confirming credential for user authentication; the devices may be used in conjunction with other types of credentials for multifactor authentication. Continue Reading
-
December 23, 2014
23
Dec'14
multifactor token
Multifactor tokens are security tokens that use more than one category of credential to confirm user authentication. The standard categories of authentication credentials are knowledge factors things that the user knows) inherence factors (things ... Continue Reading
-
December 23, 2014
23
Dec'14
mobile authentication
Mobile authentication is the verification of a user’s identity through the use a mobile device and one or more authentication methods for secure access. Continue Reading
-
December 23, 2014
23
Dec'14
Does enterprise compliance rely on cloud service provider compliance?
Enterprise compliance with standards such as HIPAA, PCI DSS and SOX is tricky to maintain. How much of it relies on cloud service provider compliance? Expert Mike Chapple explains. Continue Reading
-
December 23, 2014
23
Dec'14
shared secret
A shared secret is data known to only the two entities involved in a communication so that either party's possession of that data can be provided as proof of identity for authentication. Continue Reading
-
December 22, 2014
22
Dec'14
Staples data breach update: 1.16 million cards, 1,400 stores affected
An update from the office-supply giant shows that 1.16 million cards and point-of-sale systems at more than 1,400 stores may have been affected. Continue Reading
-
December 22, 2014
22
Dec'14
How does the safe harbor program affect COPPA compliance?
The FTC's safe harbor program won't necessarily ease COPAA compliance requirements for enterprises. Expert Mike Chapple reviews the seven regulations the FTC will definitely enforce. Continue Reading
-
December 22, 2014
22
Dec'14
grid authentication
Grid authentication is a method of ensuring that an end user is who he claims to be by requiring him to enter values from specific cells in a grid whose content should be only accessible to him and the service provider. Because the grid consists of ... Continue Reading
-
December 22, 2014
22
Dec'14
Researchers uncover serious NTP security flaws
According to researchers, the most severe of several newly discovered Network Time Protocol security flaws can be exploited remotely with a single packet. Continue Reading
-
December 20, 2014
20
Dec'14
soft token
A soft token is a software-based security token that generates a single-use login PIN. Traditionally, a security token has been a hardware device that produces a new, secure and individual PIN for each use and displays it on a built-in LCD display. Continue Reading
-
December 20, 2014
20
Dec'14
signature analysis
Signature analysis has two meanings. It can involve scrutinizing human signatures in order to detect forgeries and it can be a troubleshooting technique in which an AC signal with a specific waveform is applied across a component. Continue Reading
-
December 20, 2014
20
Dec'14
risk-based authentication (RBA)
Risk-based authentication (RBA) is a method of applying varying levels of stringency to authentication processes based on the likelihood that access to a given system could result in its being compromised. As the level of risk increases, the ... Continue Reading
-
December 20, 2014
20
Dec'14
out-of-band authentication
Out-of-band authentication is a type of two-factor authentication that requires a secondary verification method through a separate communication channel along with the typical ID and password. Out-of-band authentication is often used in financial ... Continue Reading
-
December 19, 2014
19
Dec'14
Home router security vulnerability exposes 12 million devices
Check Point has uncovered a widespread home router security vulnerability, dubbed Misfortune Cookie, that could allow attackers to gain control over millions of devices. Continue Reading
-
December 19, 2014
19
Dec'14
claims-based identity
Claims-based identity is a means of authenticating an end user, application or device to another system in a way that abstracts the entity’s specific information while providing data that authorizes them for appropriate and relevant interactions. Continue Reading
-
December 19, 2014
19
Dec'14
FBI connects Sony Pictures hack to North Korean government
The investigative U.S. government agency said it found overlap between the malware and infrastructure used in the Sony Pictures hack and other North Korean operations. Continue Reading