Security » Authentication & Access Control

Shhh... ACMA preps URL 'block' page

In a recent discussion with Senator Conroy’s media advisors, I was given the privilege of being politely declined any more information about the composition of the proposed URL 'block' page or what options people have to check if their Web site is caught up in the filter.

By Rodney Gedda | 16 June, 2010 10:29

Tags: ACMA, censorship, Department of Broadband Communications and the Digital Economy (DBCDE), internet filter blacklist, Stephen Conroy

How recessions make good people do bad things

Whom can you trust? In security, many of us nurture a healthy sense of paranoia and tend to be distrustful. But as human beings, as social beings, we form bonds of trust with those around us.

By Andreas M. Antonopoulos | 13 November, 2008 10:49

Tags: global recession

Hard times mean more problems with insider security

Does my company need to be more proactive about insiders during hard times?

By Brian Contos | 05 November, 2008 09:07

Tags: insider security

Good security in recessionary times

If you've had any money in the stock market, it's been a bloodbath the last few weeks. It's hard to remember that any 10-year period in stock market history has always ended up with better returns than any other investment. As financial analysts argue over whether we are already in or just headed into a deep global recession, we are facing a rough, contracting period. People with good jobs are holding on to them tighter than ever.

By Roger A. Grimes | 20 October, 2008 09:21

Tags: risk management

Can we really stop malicious insiders?

In terms of malicious insiders committing fraud, can anything "really" be done?

By Brian Contos | 30 September, 2008 08:48

Tags: fraud, insider threats

Who is behind that Gmail account?

Who is the real identity behind that Gmail account? While finding out may not be as easy as knowing who is behind chunkylover53@aol.com (Homer Simpson, for the curious), it apparently isn't much harder.

By Carl Jongsma | 23 September, 2008 14:13

Tags: gmail

Information security governance: Centralized vs. distributed

The management of information risk has become a significant topic for all organizations, small and large alike. But for the large, multi-divisional organization, it poses the additional challenge of determining how to deploy an information security governance program among what are often disparate business units. Should the policies, procedures, and processes that define the program be developed and managed within a central, corporate body? Or perhaps responsibility would be better placed at the individual unit level? Is there a workable middle-ground?

By Audrey Agle | 05 September, 2008 10:15

Tags: information security

Separation of duties and IT security

Separation of duties is a key concept of internal controls and is the most difficult and sometimes the most costly one to achieve. This objective is achieved by disseminating the tasks and associated privileges for a specific security process among multiple people.

Reflections on a new internal data theft study

While external data breaches involving household brand names such as TJX tend to grab more headlines, insider data thefts are emerging as compliance and reputational risks for organizations. Recent studies suggest that over 60 per cent of data breaches originate from an internal source or event. One reason for this is that in today's data-rich environment organizations continue to struggle with the 'human element' at the heart of data security. It can be extremely difficult to balance the protection of sensitive data with granting access to employees who need it to complete their daily job requirements. To that end, organizations have implemented several new security measures including employee education programs, data access monitoring, and strict policies regarding USB ports and portable devices. Although these are steps in a positive direction, little has been done to study and understand how the data is exploited once it leaves an organization.

Dangerous databases?

Treat metadata skeptically, or it can lead to unexpected risks to corporations, warned the keynote speaker at the Black Hat conference.

Data security meets disco fever

Here's a travel advisory: The next time you find yourself in a foreign city at night with nothing to do, take my advice: rent a movie in your hotel room. Don't go to discos. And if you do go out, don't bring a smart phone with you.

Lessons learned from the Kaminsky DNS vulnerability

There has been a lot of speculation devoted to the impending release of information about a DNS vulnerability discovered and initially announced by Dan Kaminsky almost two weeks ago. A lot of the coverage has been back and forth arguing about whether what has been discovered is relevant or not but the best thing to have done in the intervening period is to have sat on your hands and waited.

Major Sites Fall Victim to Web Hijack

Security company Finjan Wednesday reported it has found more than 1,000 sites infected by an attack toolkit called "Asprox," which exploits discovered flaws in a vulnerable site's programming to add hidden attack code. The attack code in turn searches for flaws on a browser's PC, and if any such holes are found it will download malware onto the computer.

When university research is responsible for that network probe

The Internet Storm Center, operated by SANS, is one of the leading sources when it comes to identifying emerging attacks against networks, through their DShield collaborative network analysis effort. Traffic spikes on network ports that are well above the normal rates of traffic flow can signify a rapidly spreading exploit or it could be a misconfigured network spewing rubbish across the rest of the Internet. One of the ISC's handlers noted a significant spike of traffic on port 7 recently and was surprised by what he found.

RFID fact and fiction

In an effort to dispel some of the privacy concerns surrounding radio frequency identification technology (RFID), the Information Technology Association of America has issued a white paper covering what the technology is and is not capable of.

Chinese financial systems begin hardening

China's financial markets have paralleled the rapid growth and development of the country and for a time were regarded as something of a 'Wild West' environment, where the risks were significant but the rewards were immense. Rapid growth in cities like Shanghai and the handover of Hong Kong and Macau have provided ample opportunities for investment and the development of a form of capitalist communism has created an environment where the potential rewards seemed to justify the risk.

When selling snake oil catches up with you

Recent reporting from AP and The Charleston Gazette demonstrates that selling snake oil will eventually catch up with you. LifeLock, an identity theft protection company based in Arizona, is facing a class-action lawsuit alleging that their services are 'inept' at preventing identity theft from taking place.

How to avoid the Debian SSH key attacks

If you are running a Debian-based Linux system and haven't already caught up with the announcement [1] that there was a major flaw with the generation of SSH, OpenVPN, DNSSEC, SSL/TLS session keys and X.509 certificate key material, you might want to update your system to address the problem.

Why does a person need so many electronic identities?

What is the solution to the growing number and risks of the identities that are now connected with us all? Will a simple identity trust framework be part of such a solution? How will users be able to reduce the number of passwords they have to handle? This article will attempt to explore these questions.

Twitter Feed

Whitepapers

- + c

Latest News

- + c
more