Access control and authentication - News, Features, and Slideshows

News

• Security manager's journal: Helping in-house developers

  This week I found out that my company is developing software in-house. Until now I hadn't known that we were a software development shop, but I guess I shouldn't be surprised. Most companies that I've been with have developed their own software for one purpose or another. I only learned about this software development project when one of the programmers approached me to ask about the best way to store usernames and passwords in the application's database. Yes, that's right -- they built the authentication right inside the application, instead of calling out to an external authentication source.

  J.F. Rice | 29 Mar | Read more

• Twitter adds option to always use HTTPS connection

  With the rising awareness and concern over the stealing of passwords and other sensitive data from unsecured Wi-Fi networks, Twitter is the latest online services company to boost its use of encrypted website connections.

  Juan Carlos Perez | 17 Mar | Read more

• Malvertising continues to pound legitimate websites

  In the last three months of 2010 attackers managed to serve 3 million malicious advertising, or malvertising, impressions every day. That's the headline figure from a report released today from Web security firm Dasient. According to Dasient, that's a 100 percent increase from the preceding quarter.

  George V. Hulme | 09 Mar | Read more

• Germany identifies a secure way to deal with spam

  In theory, stopping spam is easy: just make it uneconomic to send millions of messages by charging for each one sent, or make senders authenticate their identity to stop address spoofing and simplify blocking.

  Peter Sayer | 05 Mar | Read more

• Extreme takes aim at secure mobile networking

  Extreme Networks is going mobile. The company today wheeled out a roadmap that will steer the company's product line toward mobile device and application access, availability and management support.

  Tim Greene | 02 Mar | Read more

• IBM DeveloperWorks site defaced

  An IBM site for developers was defaced over the weekend, with attackers replacing some of the Web pages on the site with ones containing their own messages, IBM confirmed Monday.

  Joab Jackson | 11 Jan | Read more

• How secure is Windows Phone 7 app code?

  A recent glitch on Microsoft's download servers for brand new Windows Phone 7 applications has sparked widespread Internet chatter among developers and focused new attention on the best ways to protect smartphone apps from being hacked.

  John Cox | 30 Nov | Read more

• Google adds OAuth support to Google Apps

  Joining a growing number of enterprise and consumer-facing Web services, Google has added support in Google Apps for the OAuth authorization profile, the company announced Monday.

  Joab Jackson | 28 Sep | Read more

• Security blunders 'dumber than dog snot'

  Voltaire is famous for noting that the main problem with common sense is that it's not all that common. Proof of that abounds in the security industry, where people who should know better do idiotic things daily, according to Roger G. Johnston, a member of the vulnerability assessment team at Argonne National Laboratory.

  Bill Brenner | 12 Aug | Read more

• Elcomsoft releases iPhone 4 password cracker

  Russian password-cracking company Elcomsoft has released new software that can in some instances figure out the password used to encrypt backed-up iPhone data.

  Jeremy Kirk | 06 Aug | Read more

• OpenSSO, neglected by Oracle, gets second life

  A Norwegian startup is assuming responsibility for maintaining an open source Web authentication technology originally developed by Sun Microsystems, and seemingly neglected by Oracle, which purchased Sun in January.

  Joab Jackson | 27 Jul | Read more