Identity Management

Identity Management news, solutions, and analysis for IT professionals

Large scale attack hijacks routers through users' browsers

Researchers found a Web attack tool designed specifically to exploit vulnerabilities in routers and hijack their DNS settings

The best way to protect passwords may be creating fake ones

A research project, NoCrack, creates plausible decoy password vaults to confuse attackers


Electronic lock maker clashes with security firm over software flaws

CyberLock said it wasn't given enough time before IOActive published a security advisory

Credit card terminals have used same password since 1990s, claim researchers

Many users never changed the password thinking it was unique to them

Wi-Fi client vulnerability could expose Android, Linux, BSD, other systems to attacks

A flaw in the widely used wpa_supplicant wireless client can lead remote code execution

Microsoft moves to address customers' concerns about cloud control and transparency

The company will launch new features for Office 365 designed to give organizations more control and visibility into their data

Centrify adds extra protection for sensitive accounts with new cloud service

The company's Centrify Privilege Service will cost from $50 per user and month

VMware helps CIOs tunnel their way to more secure mobile apps

VMware's goal is to make it easier for administrators to control what apps and resources mobile users can access.

Researchers show that IoT devices are not designed with security in mind

Lack of encryption and other security issues found in home automation hubs could facilitate burglary, stalking and spying

Chinese Internet authority clashes with Google over digital certificates

Google's Chrome will no longer recognize new digital certificates issued by CNNIC

Salesforce acquires mobile authentication firm Toopher

Toopher used to offer a mobile two-factor authentication app

British Airways notifies frequent flyers of possible breach of their accounts

Many users had their reward points removed from their accounts as a precaution

Cisco patches autonomic networking flaws in IOS routers and switches

The flaws could allow attackers to gain limited access over affected devices or to disrupt their normal operation

Dell support tool put PCs at risk of malware infection

Weak authentication in Dell's System Detect utility could have enabled drive-by malware attacks

Flash-based vulnerability lingers on many websites three years later

A large number of developers have failed to patch their Flash applications against a vulnerability that can be exploited to target Web users

Cisco small business phones open to remote eavesdropping, calling

An authentication flaw allows attackers to listed to audio streams and make calls from Cisco SPA 300 and 500 IP phones

At least 700,000 routers given to customers by ISPs are vulnerable to hacking

The devices have serious flaws that enable unauthorized remote access and DNS hijacking, a researcher found

Yahoo's new on-demand password system is no replacement for two-factor authentication

The new authentication option offers better security than static passwords, but it's not as strong as two-step verification

BlackBerry teams with Samsung and IBM to offer governments a secure tablet

The SecuTablet is a modified Samsung Galaxy Tab S 10.5 bundled with security management software and a hardware encryption module

Tool allows account hijacking on sites that use Facebook Login

Attackers can force users to associate their accounts on other sites with malicious Facebook accounts

Load More