Identity Management

Identity Management news, solutions, and analysis for IT professionals

No building access card? No problem if you have new Def Con tools

A slew of new RFID hacking tools will be released at the Def Con conference next month.

Bug exposes OpenSSH servers to brute-force password guessing attacks

The keyboard-interactive authentication setting could allow for thousands of password retries, a researcher found


Welcome mat

Cisco leaves key to all its Unified CDM systems under doormat

Cisco's Unified Communications Domain Manager software contains a privileged account with a static password that can't be deleted or changed

VMware's Identity Manager offers authentication for Web, native apps

The growing popularity of cloud apps means enterprises have to rethink indentity management.

Cybercriminals increasingly target point of sales systems

Trustwave highlights the difference in data-breach activity between North America and the rest of the world

Memory scraping malware targets Oracle Micros point-of-sale customers

A new threat dubbed MalumPoS is being used against businesses in the hospitality, food and retail industries, researchers said

Users with weak SSH keys had access to GitHub repositories for popular projects

GitHub revoked the keys, but it's not clear if they were ever abused by attackers.

Large scale attack hijacks routers through users' browsers

Researchers found a Web attack tool designed specifically to exploit vulnerabilities in routers and hijack their DNS settings

The best way to protect passwords may be creating fake ones

A research project, NoCrack, creates plausible decoy password vaults to confuse attackers

Electronic lock maker clashes with security firm over software flaws

CyberLock said it wasn't given enough time before IOActive published a security advisory

Credit card terminals have used same password since 1990s, claim researchers

Many users never changed the password thinking it was unique to them

Wi-Fi client vulnerability could expose Android, Linux, BSD, other systems to attacks

A flaw in the widely used wpa_supplicant wireless client can lead remote code execution

Microsoft moves to address customers' concerns about cloud control and transparency

The company will launch new features for Office 365 designed to give organizations more control and visibility into their data

Centrify adds extra protection for sensitive accounts with new cloud service

The company's Centrify Privilege Service will cost from $50 per user and month

VMware helps CIOs tunnel their way to more secure mobile apps

VMware's goal is to make it easier for administrators to control what apps and resources mobile users can access.

Researchers show that IoT devices are not designed with security in mind

Lack of encryption and other security issues found in home automation hubs could facilitate burglary, stalking and spying

Chinese Internet authority clashes with Google over digital certificates

Google's Chrome will no longer recognize new digital certificates issued by CNNIC

Salesforce acquires mobile authentication firm Toopher

Toopher used to offer a mobile two-factor authentication app

British Airways notifies frequent flyers of possible breach of their accounts

Many users had their reward points removed from their accounts as a precaution

Cisco patches autonomic networking flaws in IOS routers and switches

The flaws could allow attackers to gain limited access over affected devices or to disrupt their normal operation

Load More