Online Security Tips
Stories of the Day
Security Bites 122: IBM sees security challenges ahead
Last month, IBM released a report (PDF) identifying the security challenges facing enterprises in the next two to five years. The survey is based on data collected internally by IBM.
One theme is that as the pace of globalization picks up, traditional boundaries continue to disappear. In this new global ...Security Bites 121: What Microsoft's Geneva means for online IDs
In this week's Security Bites podcast, CNET's Robert Vamosi talks about user authentication with Kim Cameron, chief architect with the Identity and Security group at Microsoft.
At this year's PDC and again at WinHec, Microsoft certainly talked up its new Windows Azure cloud-based services, along with Windows 7. It has also been talking about Geneva, the code name for the next version of CardSpace, the Microsoft user authentication system. One goal of Geneva is to extend the reach of its predecessor, Active Directory Federation Services.
To help developers, Microsoft unveiled at PDC and WinHec the Geneva Server and the Geneva Framework. To play well with other system, Geneva accepts industry standards WS-Trust and WS-Federation, as well as the SAML 2.0 protocol.
(Credit:
Microsoft)
Windows CardSpace Geneva releases digitally signed security tokens to Web sites, and allows multiple sites to accept the same tokens, so users don't have to be authenticated for various related sites. On the other hand, if a phishing site lures a user to accidentally use a card and submit a token, that token would not be "redeemable" at any other site and therefore is not useful for impersonating the user in any other context.
Another example of its use might be that an enterprise could have its employees use their Windows Live ID to access various assets within the company.
In addition to working on Geneva at Microsoft, Cameron is part of the Identify Card Foundation, a group that is advocating open standards around the use of ID cards for authentication.
Listen now:
Download today's podcast
Security Bites 120: When social networks host malware
In this week's Security Bites podcast, Robert Vamosi speaks with Ryan Naraine, security evangelist for Kaspersky and Zero Day blogger for ZDNet, about malicious software.
Naraine recently spoke at a conference on emerging security threats sponsored by the Georgia Tech Information Security Center about the increasing risks of malware ...Security Bites 119: Does the Internet need its own Interpol?
In this week's Security Bites podcast, Robert Vamosi spoke with Patrik Runald, chief security adviser at F-Secure, about the need for a new international agency to handle cybercrime. Although there have been several high-profile arrests--such as that of "Chao," an alleged Turkish ATM skimmer-- Runald said, "the message ...Security Bites 118: Voting in America
Voting--it's the cornerstone of our democracy. But in recent years, both the systems we use and the trust we have in the accuracy of our votes have been challenged.
A new report (PDF) looks at all the systems currently in use--from paper ballots to Direct-Recording Electronic machines--and the issues ...Security Bites 117: How 'Clickjacking' attacks hide behind the mouse
Criminals may have found a way to get you to click on malware without you even knowing. Worse, they might also be able to open the microphone or Webcam on your PC to eavesdrop.
Called Clickjacking, the process allows the attacker to trick you the user into clicking on something ...Security Bites 116: Investigating data breaches
According to a report this week from Verizon Business, risk factors for data breaches vary industry to industry and defy a "cookie cutter" approach to security, which is why Verizon has revisited an earlier report. The goal of both the new and the prior report is to offer detailed insight ...Security Bites 115: Inside ID fraud's underground forums
This week Tom Rusin, president and chief executive officer of Affinion's North America operation, is Robert Vamosi's guest. His company monitors the criminal underground for several thousand banking institutions by lurking in carder chat rooms.
"Carders" are the people who buy, sell, and trade online the credit card ...
|
|
