Web Authentication and Access Control
- December 13, 2019
RSA Security joined forces with Yubico to eliminate passwords within the enterprise. RSA's Jim Ducharme explains what it will take to the reach the 'last mile' of the pursuit.
- December 02, 2019
A security researcher found that Google's search engine hides results for misconfigured Firebase databases that are publicly accessible on the internet.
- November 07, 2019
Phishing attacks against the United Nations and humanitarian organizations show how threat actors are weaponizing valid SSL certificates and how hard it is to stop the abuse.
- November 06, 2019
A recently reported bug in Firefox allows spammed authentication dialogs to lock users out of their browsers and it is under attack in the wild, despite previous efforts to patch.
- February 28, 2019
After two previous attempts, Cisco has issued a third patch for a persistent flaw in its Webex platform, which allows privilege escalation attacks on systems running the software.
- December 13, 2018
Tavis Ormandy of Google's Project Zero discovered a serious authentication vulnerability in Logitech's Options application, but the peripheral device maker has yet to address the flaw.
- August 03, 2018
Using two-factor authentication with one-time passwords sent via SMS has come under question again after a Reddit breach was blamed on the faulty 2FA method.
- July 06, 2018
In this week's Risk & Repeat podcast, SearchSecurity editors discuss Identiverse 2018 and how artificial intelligence is being applied to identity and access management.
- June 26, 2018
Ping Identity increased its focus on API security with the acquisition of Elastic Beam, a startup that uses artificial intelligence to apply behavioral security on enterprise APIs.
- April 24, 2018
As network perimeter security grows less practical, Akamai talks at RSA Conference about moving beyond firewalls to improve authentication with a zero-trust model.
- April 10, 2018
W3C and the FIDO Alliance have given websites a new tool for doing FIDO-compliant authentication, as the WebAuthn authentication protocol is promoted to W3C Candidate Recommendation.
- February 07, 2018
A Grammarly vulnerability in its browser extension authentication could have exposed users' sensitive documents if the popular spelling and grammar checker were left unpatched.
- July 12, 2017
In this week's Risk & Repeat podcast, SearchSecurity editors discuss the identity and access management industry and how machine learning algorithms could govern IAM systems.
- July 12, 2017
Ping Identity CEO Andre Durand talks with SearchSecurity about the data-driven move toward contextual authentication and intelligent identity and what this means for enterprises.
- May 12, 2017
A Slack vulnerability exposed user authentication tokens and enabled hackers to access private data. Expert Matthew Pascucci explains how and why this hack was successful.
- April 07, 2017
CA Strong Authentication brings inexpensive multi- and two-factor authentication to businesses looking to protect mobile applications and devices and to prevent identity theft.
- November 08, 2016
Researchers find widespread risk for users of apps with insecure OAuth implementation, which could lead to attackers being able to access the data held within a vulnerable app.
- July 13, 2016
The wildly popular Pokémon GO mobile game obtained a full account access token to iOS users' Google accounts, revealing a major issue with Google's OAuth authentication system.
- October 30, 2015
Google demands Certificate Transparency for all Symantec-issued certificates in wake of last month's escalating disclosures about fake "testing" certificates.
- September 16, 2015
A new report details how attackers can fly under the radar by using stolen credentials in order to avoid breach detection and forgoing the use of malware in malicious activity.
- June 11, 2015
Agencies from U.S. and U.K. governments now support the FIDO Alliance and its open standards for passwordless authentication.
- March 25, 2015
Google, Microsoft, and Mozilla have revoked unauthorized TLS certificates issued by an intermediate certificate authority that could have been used in man-in-the-middle attacks.
- March 11, 2015
A growing number of cryptographic keys and security certificates are being abused, according to a new study from cybersecurity firm Venafi and the Ponemon Institute.
- December 09, 2014
Amid growing fears of stolen credentials and data breaches, the FIDO Alliance released its long-awaited 1.0 specifications for passwordless and multifactor authentication systems.
- September 08, 2014
Data from McAfee shows many organizations have yet to fully patch the Heartbleed vulnerability, and as many as 300,000 websites remain at risk.
- August 08, 2014
News roundup: When a breach occurs, it's common practice to share the information with victims -- both the users and the companies involved. However, Hold Security's billion-password hack disclosure hasn't followed standard procedure.
- June 05, 2014
Despite the popularity of SAML, the mobile and cloud benefits of OpenID Connect may spur adoption as an enterprise authentication platform.
- December 15, 2011
Following a breach to a GlobalSign Web server, an extensive investigation found no evidence of an infiltration of its digital certificate infrastructure and no leakage of its certificate keys.
- June 07, 2011
Following a retooling of its manufacturing and supply chain management processes, RSA plans to replace security tokens for high risk customers.
- August 30, 2010
CA said Arcot's software as a service delivery model could help accelerate its delivery of CA identity and access management technologies from the cloud.
- April 20, 2010
Too many employees are given access to systems they don't need, according to a survey conducted by the Ponemon Institute.
- December 07, 2009
Cybercriminals target Yahoo and other hosting services using a new phishing campaign to hijack accounts and commit bank fraud.
- October 27, 2009
Identity management technologies are struggling to keep pace with constantly evolving nature of attacks, according to the Center for Applied Identity Management Research (CAIMR).
- July 29, 2009
Researcher Dan Kaminsky returned to Black Hat with new research on X.509 certificates, explaining an attack method that could enable malicious hackers to spoof legitimate SSL certificates..
- September 30, 2008
Sun integrates access management, federation and secure Web services in its new OpenSSO Enterprise
- April 02, 2008
Kerberos is a dominant authentication protocol, embedded in Windows, Solaris and multiple Linux flavors. But with new threats and new technology, an upgrade is in order.
- April 02, 2008
Kerberos is one of the most-widely used authentication methods today, but experts explain that it comes with some weaknesses.
- March 04, 2008
Sun Microsystems is making a move into the governance, risk and compliance market, ramping up the competition against Oracle, IBM, CA and others.
- July 12, 2007
Web security gateways combine layered defense against the rising tide of Web-based malware with URL filtering and application control.
- May 22, 2007
While more organizations are seeking database authentication and encryption technologies, others are turning to database monitoring to secure data.
- July 26, 2006
Employee monitoring is on the rise as organizations try to safeguard their sensitive information and increase productivity. However, one security expert says there are several important questions to ask before implementing an employee monitoring ...
- May 02, 2006
One vendor says selling corporate assets on eBay, spying on coworkers and running illegal gambling rings are just a few examples of the crazy stunts employees will try when given unchecked use of the Web at work.
- December 09, 2005
Just by browsing your competitor's Web site, you might be giving away your company's most guarded secrets. Experts offer advice for countering the subterfuge and keeping secrets safe.
- April 07, 2005
Enthusiasts say better standards will make the technology a more viable option for enterprises. Not everyone agrees.
- April 21, 2003
Experts at RSA Conference 2003 explained how people can either circumvent or strengthen an enterprise's security technologies and policies. Companies have to invest in the human side of security, then supplement those investments with solid ...