Content Tagged ‘identity’

Cisco Releases the 2011 Annual Security Report

December 14, 2011 - This post focuses on the recent simultaneous publication of the Cisco 2011 Annual Security Report and the Cisco Connected World Technology Report Chapter 3. Several highlights from the reports focus on the shifting technologies, expectations, and employee behaviors already (continue reading...) Read more

Bogus Bank of America Google Plus page attacks their reputation

November 14, 2011 - Hacker pranksters have created a bogus Bank of America profile on the Google Plus service. Is this harmless hijinx, or an indication of future Google Plus abuse? Read more

Even Security Administrators Deserve a Break – Part 2 of 2

June 23, 2011 - In my last post on this topic, I highlighted just how true the words “Work is no longer a place you go, but what you do” really are. We now have the ability to work anytime, anywhere, (continue reading...) Read more

Establishing Trust in the NSTIC

June 15, 2011 - The National Strategy for Trusted Identities in Cyberspace (NSTIC) proposes a large ecosystem of identity providers, attribute providers, and relying parties that must establish trust with each other in various ways. NSTIC requires various types of trust within the identity (continue reading...) Read more

Adapting Levels of Assurance for the NSTIC

May 19, 2011 - One of the goals of the National Strategy for Trusted Identities in Cyberspace (NSTIC) is to support a wide range of use cases. These might include everything from low-value purchases to making adjustments to critical infrastructure, like power systems, (continue reading...) Read more

Credential and Attribute Providers in the NSTIC

May 6, 2011 - The National Strategy for Trusted Identities in Cyberspace (NSTIC) describes two types of intermediaries between subjects (users) and relying parties: identity providers and attribute providers. This is a separation not frequently found in identity systems. (continue reading...) Read more

The Gap Between Policy and Implementation

May 3, 2011 - Mark Twain once wrote, “Everybody complains about the weather, but nobody ever does anything about it.” Security policy is a lot like that. Creating a security policy is at the top of the list for anyone looking to really secure (continue reading...) Read more

Amex Password Policies Declared Brain-Dead

February 8, 2010 - I was reminded today of a problem I noticed long ago: American Express's policies for (continue reading...) Read more

Yet Another Reason For Password Variety

February 2, 2010 - It's standard operating procedure for most users to have a small number of passwords, perhaps only one, that they use on every site that requires a username and password. This is, of (continue reading...) Read more

What Are the Advanced Security Settings in the Tools-Internet Options Dialog?

January 27, 2010 - The Tools-Internet Options dialog box in Internet Explorer has a wealth of important settings in it, some which affect the system outside of Internet Explorer. This dialog box is also available as (continue reading...) Read more

Happy Data Privacy Day

January 27, 2010 - Tomorrow, Thursday, January 28, 2010, is Data Privacy Day in North America and Europe. (Sorry I didn't get you a card. What's your address and social security number so I can (continue reading...) Read more

Google Toolbar Tracks Browsing Even After Users Choose “Disable” [Updated]

January 25, 2010 - We have reported on Ben Edelman's research in the past, including the recent past. The spyware researcher and Harvard B-School professor has demonstrated that the Google Toolbar continues to track a (continue reading...) Read more

Upromise Working on Privacy Issue

January 22, 2010 - Upromise has announced that they moved immediately to address the privacy problems identified by Ben Edelman yesterday in their toolbar, TurboSaver. Only TurboSaver users who selected personalized offers were affected, although this (continue reading...) Read more

Can TSA Copy Your Laptop Hard Drive and Search Your Files?

January 22, 2010 - Say you're bringing your notebook through airport security in the US. Can the TSA (Transportation Security Administration) personnel copy your hard disk and/or search the data on it? No, says Blogger Bob (continue reading...) Read more

Upromise Toolbar Betrays Privacy

January 21, 2010 - Privacy researcher and Harvard Business School Professor Ben Edelman has written a report on the practices of the Upromise Toolbar, called TurboSaver by the company. Upromise is a membership system through which (continue reading...) Read more

Is Facebook Privacy a Sham?

January 15, 2010 - One of the big security stories of last month was that Facebook changed their (continue reading...) Read more

Adobe and Google Both Reveal Intrusion Attempts

January 12, 2010 - It's an eventful day. Just as they release an important new version of Acrobat, Adobe has also revealed that "...a sophisticated, coordinated attack..." was mounted "...against corporate network systems managed by (continue reading...) Read more

(Top?) 10 of the Most Infamous Unsolved Computer Crimes

December 27, 2009 - Security services firm infySEC has a cool list of what they call the Top 10 of the most infamous unsolved computer crimes. These aren't all famous, or infamous crimes, but the unsolved (continue reading...) Read more

I Was Wrong – Facebook Can Set Group Rights

December 22, 2009 - Thanks to reader Roberto Perez for pointing out an error in my recent entry on How the New Facebook Privacy Settings Work (since corrected).I was bothered that restrictions on (continue reading...) Read more

11 Jailed in China For Gaming Trojans

December 21, 2009 - The People's Daily Online (citing Xinhua) is reporting that 11 people in east China have been convicted of writing and distributing malware designed to steal usernames and passwords for online games. The (continue reading...) Read more

Copyright © 2012 The Security Blog. All rights reserved.