Archive for the ‘security’ Category
3D (in)Secure
It’s not news that the 3D Secure system that gets branded as ‘Verified by Visa’ is a steaming pile of something that should be scraped off shoes rather than presented on screens. Ben Laurie was the first serious voice of dissent (that I noticed), but then along came Ross Anderson and Steven Murdoch to ensure […]
Filed under: could_do_better, security | 2 Comments
Tags: 3D Secure, additional cardholder, cardholder not present, CNP, credit, credit card, joint account, liability, payments, phishing, security, Verified by Visa
Digital 9/11
This post is probably going to get me into trouble, but this stuff needs saying. There’s been a sudden outburst of sanity today about this topic, so I feel obliged to throw in my 2¢. A few weeks back I heard somebody say that we hadn’t yet seen a ‘digital 9/11’. I think what they […]
Filed under: security | 2 Comments
Tags: 9/11, cyber, intelligence, movie plot, response, security, terrorist
The MAC hullabaloo
Kim Cameron has had lots of interesting things to say over the past few days about the security and privacy implications of harvesting MAC addresses in the wake of Google being somewhat caught out with their activities in this area. Today though he has a piece where I think he’s crossed over the Chicken Little line. In […]
Filed under: identity, security | Leave a Comment
Tags: cardspace, information card, Kim Cameron, MAC, MACs, privacy, security, streetview, wifi
A little while ago I put out a plea for stronger authentication for Google Apps, and it seems that my wish has been granted with Tricipher launching their myOneLogin for Google Apps[1]. I had tried myOneLogin before, and frankly wasn’t too impressed. This time things are different though, the issues I’d seen before with Chrome compatibility and […]
Filed under: identity, security | 2 Comments
Tags: authentication, google, identity, saas, security, strong authentication, tricipher, verisign, vip
Two wishes granted – an API for XACML, and OpenID from Google Apps. Wish three – strong(er) authentication for Google Apps to make SaaS more secure.
Filed under: identity, security | 1 Comment
Tags: directories, google, identity, idm, ldap, ldif, OpenID, saas, security, strong auth, strong authentication, twittergate, xacml
Something needs to be figured out so that users can’t pwn censorship rights over networks where the admins have been smart enough to choose a ‘better’ DNS service, but not smart enough to take active control over its management.
Filed under: security | 2 Comments
Tags: censorship, OpenDNS, pwnage
Security conferences
Having dragged James into the debate about Pamela’s post, and having spent most of the week at a security conference I thought I’d throw some of my own thoughts into the ring. Let’s start with attendees, or ‘plankton‘ as Pamela calls them, and the idea that attendees learn something by going to conferences. I think […]
Filed under: security | 4 Comments
Tags: conference, security
Persona – one year on
It seems that the term Persona is finally finding its way into common usage, and I’m encouraged by the recent posts by Nishant Kaushik and Mark Dixon.
Filed under: security | 2 Comments
Tags: digital identity, idm, llp, persona, security, trust
Why I’m a NAC nonbeliever
I was recently speaking at a conference, and the subject of network access control (NAC) came up. At the time I gave a rather glib answer that ‘it’s not the network that you wish to control access to, but the data and services that wrap it’. That’s been my position for some time, but it’s […]
Filed under: security | 2 Comments
Tags: entitlements, nac, reperimiterisation, reperimiterization, security
For most enterprises the essence of trustworthiness is their internal build, which normally comes in client and server flavours for a variety of ‘supported’ operating systems. Machines running this build are trusted to access corporate resources, anything else is kept out with policies, firewalls and mechanisms like network access control (NAC). That internal build is […]
Filed under: security | 1 Comment
Tags: malware, management, managment, security, trust, virtual appliance, virtualisation