HNS MAIN FEED
Saturday, 00:48 EST
- Zero-day vulnerabilities in Firefox extensions discovered
- Three charged with Comcast.net hijacking
- Cloud computing security benefits, risks and recommendations
- Poisoned Google search results
- World’s first wireless USB external hard drive
- A look at Securitybyte & OWASP AppSec Asia Conference 2009
- Biggest threats to federal systems and critical infrastructure
- Are 64-bit Windows inherently safer?
- NSA on cyber attacks and Microsoft collaboration
- New books: ModSecurity, Snow Leopard, social Web applications
- Vulnerability in IBM SolidDB memory caching software
- Two arrested for Zbot Trojan
Authentication
Authentication: 10 most recent
(show all)
| Embracing tokenization: Payment without pain (Authentication) Today, it’s expected that merchants accept electronic payments. It’s more than expected that those payments are secure. No data leaks or breaches of any kind. The reality is many companies don’t truly understand the security vulnerabilities that electronic payments present, nor the solutions on the market. They may think they are secure, but in fact are at great risk. |
| The path to comprehensive ID management (Authentication) There have been many changes since enterprises first looked at implementing smart card-based common access card programs in the 1990s. Although some large corporations successfully deployed such programs, smart card-based identity solutions never fully penetrated the enterprise or consumer markets. Looking back, it is clear that a lack of standards as well as the ensuing incompatibility between different proprietary products led to one-off projects, rather than solutions that would consistently drive prices down and make implementation straightforward. |
| Surf Jacking: HTTPS Will Not Save You (Authentication) In this paper we will describe a security issue that affects major web sites and their customers. Attackers exploiting this vulnerability are able to hijack an HTTP session even when the victim and the attacker’s connection is encrypted using SSL or TLS. |
| Safeguard Your Organization with Proper Password Management (Authentication) Access control is one way to ensure security in your organization. An intruder can break into your network by compromising accounts with weak passwords. If the compromised account turns out to be a privileged account, or if the intruder escalates privileges, then you may face significant damage to your IT systems. |
| Beware the Default Password (Authentication) The default password exists to allow an administrator initial access, for setup and configuration, and you are generally forced, or at least you should be, to change the password to something more complicated as the configuration advances. Unfortunately, this is not a step that everyone takes. |
| Reducing Shoulder-surfing by Using Gaze-based Password Entry (Authentication) Shoulder-surfing – using direct observation techniques, such as looking over someone's shoulder, to get passwords, PINs and other sensitive personal information – is a problem that has been difficult to overcome. EyePassword is a system that mitigates the issues of shoulder surfing via a novel approach to user input. |
| Survey Reveals Scandal of Snooping IT Staff (Authentication) Whilst you sit at your desk working innocently away, little do you realize that one in three of your IT work colleagues are snooping through company systems, peeking at confidential information such as your private files, salary data, personal emails, just by using the special administrative passwords that give IT workers privileged and anonymous access to virtually any system. |
| Biometrics: What and How (Authentication) A biometric system is a pattern recognition system; it operates by acquiring biometric data from a person, extracting a feature set from the acquired data and comparing this feature against the templates in the database. |
| Super Power Password Protection - Watching You Watching Me (Authentication) Not a day goes by without some story hitting the wires about yet another piece of confidential information appearing in somebody’s inbox. Confidential emails, files, financial data, instant messaging data, you name it, find their way into the public domain and overnight a company is faced with a crisis or an individual’s private indiscretions become public property. And regardless of whether or not in some cases there may be am issue of the “greater good”, ultimately questions have to be asked as to why nothing seems to be confidential anymore. |
| How Companies Can Manage Strong Authentication Intelligently (Authentication) The most recent phishing attacks have shown how professional internet fraudsters steal passwords and identities. To exclude the growing security risk, experts recommend dual-factor authentication – also known as “strong” authentication. The use of security systems for strong authentication practically excludes the risk of passwords being deliberately stolen or cracked. |
Authentication: most read articles