Expert insights. Personalized for you.
GizModo VR
MARCH 16, 2021
Accidentally deleting your Google Authenticator app is a nightmare. The app, which generates one-time codes for many websites, is usually your key to many major email services, including Gmail, domain name services like Namecheap, and even banking services.
Venture Beast
MAY 4, 2022
GitHub has revealed plans to make two-factor authentication (2FA) mandatory for all GitHub.com users by the end of 2023. Read More.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
CTOvision
FEBRUARY 18, 2015
The breakfast event focused on security for big data designs and featured the highly regarded security architect Eddie Garcia. Eddie Garcia is chief security architect at Cloudera , a leader in enterprise analytic data management. Eddie helps Cloudera enterprise customers reduce security and compliance risks associated with sensitive data sets stored and accessed in Apache Hadoop environments. This creates the most secure Hadoop distribution on the market.
The Verge
MARCH 4, 2021
Apple has promised to open up its Find My app to third-party accessory makers. There don’t appear to be serious security implications for the Find My network itself, either (though the team has submitted other bug reports to Apple ). Image: OpenHaystack.
Tech Republic Security
MARCH 22, 2021
The security key is built on open source hardware and firmware, making it a universal factor authentication device instead of a two-factor authentication device
CTOvision
SEPTEMBER 5, 2016
On Labor Day, September 5 th 2016, NIST published their Digital Authentication Guideline: Public Preview. There will be successive open comment periods. The base document SP 800-63-3 is the third iteration of this special publication, and has been renamed to: Digital Authentication Guideline. SP 800-63B – Authentication & Lifecycle Management. For over a decade we have used LOA 1, LOA 2, LOA 3 and LOA 4, to classify and refer to the type of authentication we used.
GeekWire
MAY 11, 2020
A native of Finland, he’s the former CEO of MySQL, the open-source database company that was sold to Sun Microsystems in 2008. Security had been this very dogmatic, closed, secret group of people, building advanced technology that makes life more and more difficult.
The Verge
JUNE 4, 2020
Circumstances and situations vary and none of these methods are 100 percent foolproof, but they do offer increased security for you and your info. Use a password rather than biometrics to secure your data. Now’s a good time to secure your device and any information on it.
ForAllSecure
JANUARY 12, 2022
With more applications being built every day, the need for robust Application Security Testing (AST) has never been greater. In this blog post, we'll cover the roles DAST and SAST play in Application Security Testing and discuss how fuzzing fits into it all.
SecureWorld News
JANUARY 27, 2022
Tesla is one car maker that is getting closer and closer to creating a fully electric, self-driving car, but it has hit some speed bumps along the way, specifically with security issues. Security vulnerability in TeslaMate. I reported this issue to the Tesla Security Team immediately.
Network World
DECEMBER 21, 2016
The Nmap Project just released the Holiday Edition of its open source cross-platform security scanner and network mapper, with several important improvements and bug fixes. New features in Nmap 7.40 include Npcap 0.78r5, for adding driver signing updates to work with Windows 10 Anniversary Update; faster brute-force authentication cracking; and new scripts for Nmap Script Engine, the project’s maintainer Fyodor wrote on the Nmap mailing list.
Kitaboo on EdTech
JUNE 20, 2022
Content security: Content typically is not secure within an LMS. Security, without the hassle of complexity: Although an LMS can easily deliver learning at a large scale, it lacks a range of multiple functionalities. Using DRM to Securely Distribute Textbooks Online.
CTOvision
JANUARY 21, 2017
Their Mesos framework is built on open source tools: Apache Spark, Apache Mesos, R, and Docker. AirBnB has released the platform to the entire travel industry as open source. Trend #6—Security. Despite continued advances in security like AES encryption and multi-factor authentication, we don’t seem to be winning the war on cybercrime. Nathaniel Crocker. Seven Trends and Predictions for 2017. In billiards, you must call your shot ahead of time.
|
Vox
MAY 6, 2021
Authenticator apps like Google Authenticator might seem intimidating, but they’re easy to use and safer than texts. If you’re using texts for two-factor authentication, it’s time to change to an app. When people ask me for security tips, I give them the basics.
IT Manager Daily
APRIL 11, 2018
Threat: Versions of the open-source Exim message transfer agent are vulnerable. Exploited flaw: The buffer overflow in the handling of base64 authentication can be used to send a boobytrapped mail message that then allows bad actors to run arbitrary code remotely. Fixes/Workarounds: Exim released a security update (version 4.90.1), but many haven’t installed the patch. An estimated 400,000 servers are still at risk, so update your version of Exim to stay secure.
Linux Academy
APRIL 10, 2020
By now you’ve heard the stories that Microsoft loves Linux and fully embraces the open-source world. Microsoft, under Satya Nadella, has taken a new stance on open-source , which to some is a complete flip-flop from the Microsoft of the past.
CTOvision
JANUARY 25, 2016
As advanced applications are developed that leverage the capabilities that make Bitcoin possible, enterprise technologists will be able to tap into new capabilities for security and functionality. It was invented by Satoshi Nakamoto, who published the invention in 2008 and released it as open source software in 2009. Users of bitcoin are provided with enhanced security and control. Fortunately, with bitcoin, you can learn sound security practices to protect the money.
Scott Lowe
MAY 27, 2022
Along those lines, one of their latest articles discusses how to achieve identity-based mutual authentication leveraging eBPF. Researchers have uncovered a potential security flaw in Apple Silicon CPUs; more details in this 9to5Mac article. I’m not sure how I feel about security researchers calling this flaw “not that bad.” Security. Via Teri Radichel , I saw this article from Google Project Zero about zero-click security vulnerabilities in Zoom.
Galido
JUNE 2, 2016
Keeping track of passwords and making them secure is startlingly simple with Dashlane’s free password manager. Automatically import your passwords from Chrome or any other browser into your secure password vault. Outstanding authentication through facial biometrics, including liveness detection. Secure password sharing. KeePass Password Safe is a free, Open Source, lightweight, and easy-to-use password manager for Windows, Linux, Mac OS X, and Android mobile devices.
SecureWorld News
JULY 30, 2020
In February 2020, UK security researchers discovered a vulnerability in free, open source, automation servers that would allow cybercriminals to amplify a Distributed Denial of Service attack by 100. Featured DDoS Attack Network Security Original Content
Galido
NOVEMBER 29, 2018
Customer data is the lifeblood of any business entity; they are driven towards the increasing obligation of securing it as they possibly can. Cyber risk is now a huge corporate concern, and IT security budgets have risen in connection with it. Cyber Security 101. Who is in Charge of Cyber Security. Hiring of CISO (Chief Information Security Officer) has a large role to play with the planning and enforcement of the data loss prevention program. Security
Galido
OCTOBER 7, 2019
According to sources by the end of 2020, online retail sales will the figure of 4,058 billion. Right from managing data security to generating traffic, retaining customers, product return, and refund procedures, and the list goes on. Open source. At last, using open source tools also means that the platform guarantees a robust performance and enhanced security for merchants and developers. Security.
Linux Academy
MARCH 28, 2019
To ensure ongoing security site reliability engineers must work hand-in-hand with the CISO’s (Chief Information Security Officer) office to implement Kubernetes security. It is important to use security tooling such as OpenSCAP, the open source version of the Security Content Automation Protocol, to harden virtual machine images prior to their deployment in virtual private clouds. Implement Pod Security Policy.
Phil Windley
DECEMBER 28, 2020
Summary: The self-sovereign internet, a secure overlay on the internet, provides the same capacity to produce change by numerous, unaffiliated and uncoordinated actors as the internet itself. TLS (HTTPS) is a secure overlay, but it is incomplete because it's not symmetrical.
Phil Windley
JUNE 4, 2019
Summary: DID Messaging can provide a secure, authenticated, and verified channel for every relationship you have. The exchange of these so-called "peer DIDs" thus creates a mutually-authenticated relationship between the participants, where each can use the public key associated with the other's DID to authenticate them. He hadn't been at IIW, but I opened my wallet and created an invitation for Tim and sent it to him in a Twitter DM.
Scott Lowe
JANUARY 15, 2021
The content this time around seems to be a bit more security-focused, but I’ve still managed to include a few links in other areas. Rory McCune points out that Kubernetes is a router , and users should not rely on the fact that pods are not accessible from the outside by default as any form of a security barrier. Security. The popular open source cryptography library known as Bouncy Castle has uncovered a severe authentication bypass vulnerability.
GeekWire
DECEMBER 9, 2021
” The 30-person company has worked to create decentralized identifiers for open-source projects and efforts such as International Air Transport Association’s Travel Pass. Department of Homeland Security. Evernym director of marketing Alex Andrade-Walz said they are very familiar with Auth0, contrasting Evernym’s approach with Auth0’s focus on authentication and log-ins.
Phil Windley
JANUARY 8, 2022
Open source software, the internet, and the World Wide Web broke the stranglehold of proprietary software with free software and open protocols, but within a few decades, Google, Amazon, and others had built huge new monopolies founded on big data.
Scott Lowe
JUNE 18, 2021
Sonia Cuff provides a set of links for detailed instructions on setting up VPN access from macOS to Microsoft Azure with Azure Active Directory authentication. John Gruber’s post on “Secure Intent” on Apple devices was, for me at least, an informative read. I hadn’t delved that much into Apple’s hardware security efforts around Secure Enclave, mostly due to the fact that I was running older Apple hardware (a fact that has since changed).
Scott Lowe
DECEMBER 27, 2019
Security. Bruce Schneier writes about how some Chinese hackers are bypassing RSA software token authentication (the title is a bit more broad, implying other forms of two-factor authentication are affected, but the article focuses on attacks against the use of RSA software tokens). Cole Atkinson discusses the fact that osxfuse is no longer open source , and the ramifications of this development on open source in general.
Scott Lowe
MARCH 20, 2020
Security. Chris Wahl touches on the topic of using GitHub personal tokens to authenticate to HashiCorp Vault. Guido Appenzeller—once my manager at VMware, now at Yubico—shared this article about the Cerberus banking trojan , which is apparently now able to steal two-factor authentication (2FA) tokens from the Google Authenticator application.
ForAllSecure
FEBRUARY 9, 2022
Vulnerability scanning is an important part of security as it can help organizations identify and fix vulnerabilities before they can be exploited by attackers. Vulnerability scanning can also help organizations comply with regulatory requirements for security. Vulnerability scanning is the process of identifying security vulnerabilities in systems or networks. Authenticated Scans.
Cloud Musings
AUGUST 7, 2015
Although a security update applied by the Office of Management and Budget (OPM) and the Homeland Security Department (DHS) in January ended the bulk of the data extraction, the U.S. Agencies were instructed to immediately patch critical vulnerabilities, review and tightly limit the number of privileged users with access to authorized systems and dramatically accelerate the use of strong authentication, especially for privileged users. UPDATE: NBC News reports U.S.
Scott Lowe
JANUARY 14, 2016
Security. VMware open-sourced an identity and access management service called Lightwave ( project web site , GitHub repo ). First, he has a post on setting up a multi-node Lightwave domain ; once you have a Lightwave domain running, his post on enabling SSH to authenticate against Lightwave may be useful. A moderate security bug in OpenSSH (all releases between 5.4 Welcome to Technology Short Take #59, the first Technology Short Take of 2016.
Phil Windley
MARCH 13, 2020
Summary: The Sovrin Identity Metasystem is based on a sophisticated stack of protocols, implemented in open-source code, backed and supported by hundreds of organizations, large and small, around the world.
Scott Lowe
APRIL 19, 2019
Security. Tim Hinrichs discusses securing the Kubernetes API with Open Policy Agent. Pod Security Policies (PSPs) are an important security feature in Kubernetes. This article discusses four open source secrets management tools. Many organizations prefer to use two-factor authentication (2FA) to help protect their systems. Welcome to Technology Short Take #112!
Scott Lowe
MAY 17, 2019
Security. Since we’re on a bit of a security kick this time around, then the recent announcement by HyTrust of HyTrust CloudControl 6.0 This article by Bob Killen provides a good foundation of information on understanding Kubernetes authentication (AuthN) and authorization (AuthZ; implemented via RBAC). These look interesting, but be aware that they are not licensed with an open source license. Welcome to Technology Short Take #114!
Scott Lowe
APRIL 21, 2016
In any case, I can see some very useful cases for subnet pools, particularly in conjunction with tenant networks that use “routable” IPs and don’t use source NAT on the logical router(s). Security. Bruce Schneier asks the question that society has yet to answer (and may be afraid to answer): “…do we prioritize security over surveillance, or do we sacrifice security for surveillance?”. Welcome to Technology Short Take #65!
The Verge
APRIL 26, 2022
I also want to make Twitter better than ever by enhancing the product with new features, making the algorithms open source to increase trust, defeating the spam bots, and authenticating all humans.”. Open source” algorithms. Authenticate all humans?
The Verge
AUGUST 3, 2020
Adobe has released more details on its Content Authenticity Initiative, a system for permanently attaching sources and details to an image. They would want a CAI-enabled camera to provide the initial metadata, a Photoshop record for edits, and certificates identifying the source.
ForAllSecure
DECEMBER 17, 2021
As I produce this episode, there's a dangerous new vulnerability known informally as Log4Shell, it’s a flaw in an open source Java logging library developed by the Apache Foundation and, in the hands of a malicious actor, could allow for remote code injection. Open to open SSL.
ForAllSecure
NOVEMBER 24, 2020
I mean, it was open source, right? To answer these questions I’ll talk with an expert on developing security testing tools, someone who was, coincidentally, there the moment Heartbleed was discovered. Kaksonen: I have been looking at the space of security tools.
ForAllSecure
NOVEMBER 24, 2020
I mean, it was open source, right? To answer these questions I’ll talk with an expert on developing security testing tools, someone who was, coincidentally, there the moment Heartbleed was discovered. Kaksonen: I have been looking at the space of security tools.
104 
Let's personalize your content