December 2014

• December 31, 2014 31 Dec'14

  Report: Chick-Fil-A data breach affects locations nationwide

  The popular fast-food chain has suffered what may be a massive, months-long payment card data breach that likely dates back as far as December 2013.  Continue Reading

• December 30, 2014 30 Dec'14

  As PCI DSS 3.0 deadline looms, QSAs urge 'continuous compliance'

  As PCI DSS 3.0 becomes mandatory on Jan. 1, QSAs say struggling merchants will find that a continuous approach to PCI compliance eases the long-term compliance burden.  Continue Reading

• December 29, 2014 29 Dec'14

  Why infosec will increasingly rely on computer hardware security

  Video: Cryptography luminary Paul Kocher discusses why computer hardware security will play a larger role in the information security product ecosystem.  Continue Reading

• December 24, 2014 24 Dec'14

  How the role of the CISO is changing for better and for worse

  Video: Securicon's Ernie Hayden discusses why new resources make the CISO role easier, but new threats and a brighter spotlight make the role harder than ever.  Continue Reading

• December 23, 2014 23 Dec'14

  single-factor token

  A single-factor token is a small hardware device that produces one confirming credential for user authentication; the devices may be used in conjunction with other types of credentials for multifactor authentication.  Continue Reading

• December 23, 2014 23 Dec'14

  multifactor token

  Multifactor tokens are security tokens that use more than one category of credential to confirm user authentication. The standard categories of authentication credentials are knowledge factors things that the user knows) inherence factors (things ...  Continue Reading

• December 23, 2014 23 Dec'14

  mobile authentication

  Mobile authentication is the verification of a user’s identity through the use a mobile device and one or more authentication methods for secure access.  Continue Reading

• December 23, 2014 23 Dec'14

  Does enterprise compliance rely on cloud service provider compliance?

  Enterprise compliance with standards such as HIPAA, PCI DSS and SOX is tricky to maintain. How much of it relies on cloud service provider compliance? Expert Mike Chapple explains.  Continue Reading

• December 23, 2014 23 Dec'14

  shared secret

  A shared secret is data known to only the two entities involved in a communication so that either party's possession of that data can be provided as proof of identity for authentication.  Continue Reading

• December 22, 2014 22 Dec'14

  Staples data breach update: 1.16 million cards, 1,400 stores affected

  An update from the office-supply giant shows that 1.16 million cards and point-of-sale systems at more than 1,400 stores may have been affected.  Continue Reading

• December 22, 2014 22 Dec'14

  How does the safe harbor program affect COPPA compliance?

  The FTC's safe harbor program won't necessarily ease COPAA compliance requirements for enterprises. Expert Mike Chapple reviews the seven regulations the FTC will definitely enforce.  Continue Reading

• December 22, 2014 22 Dec'14

  grid authentication

  Grid authentication is a method of ensuring that an end user is who he claims to be by requiring him to enter values from specific cells in a grid whose content should be only accessible to him and the service provider. Because the grid consists of ...  Continue Reading

• December 22, 2014 22 Dec'14

  Researchers uncover serious NTP security flaws

  According to researchers, the most severe of several newly discovered Network Time Protocol security flaws can be exploited remotely with a single packet.  Continue Reading

• December 20, 2014 20 Dec'14

  soft token

  A soft token is a software-based security token that generates a single-use login PIN. Traditionally, a security token has been a hardware device that produces a new, secure and individual PIN for each use and displays it on a built-in LCD display.  Continue Reading

• December 20, 2014 20 Dec'14

  signature analysis

  Signature analysis has two meanings. It can involve scrutinizing human signatures in order to detect forgeries and it can be a troubleshooting technique in which an AC signal with a specific waveform is applied across a component.  Continue Reading

• December 20, 2014 20 Dec'14

  risk-based authentication (RBA)

  Risk-based authentication (RBA) is a method of applying varying levels of stringency to authentication processes based on the likelihood that access to a given system could result in its being compromised. As the level of risk increases, the ...  Continue Reading

• December 20, 2014 20 Dec'14

  out-of-band authentication

  Out-of-band authentication is a type of two-factor authentication that requires a secondary verification method through a separate communication channel along with the typical ID and password. Out-of-band authentication is often used in financial ...  Continue Reading

• December 19, 2014 19 Dec'14

  Home router security vulnerability exposes 12 million devices

  Check Point has uncovered a widespread home router security vulnerability, dubbed Misfortune Cookie, that could allow attackers to gain control over millions of devices.  Continue Reading

• December 19, 2014 19 Dec'14

  claims-based identity

  Claims-based identity is a means of authenticating an end user, application or device to another system in a way that abstracts the entity’s specific information while providing data that authorizes them for appropriate and relevant interactions.  Continue Reading

• December 19, 2014 19 Dec'14

  FBI connects Sony Pictures hack to North Korean government

  The investigative U.S. government agency said it found overlap between the malware and infrastructure used in the Sony Pictures hack and other North Korean operations.  Continue Reading