Authentication

The PCI Security Standards Council Monday unveiled a plan to sharpen oversight of the hundreds of security-service providers now authorized to evaluate merchant networks under the organization's Payment Card Industry data standards.

Microsoft Tuesday will unveil an open identity platform code-named Geneva that extends to the cloud and includes development tools, gateway technologies and provides long-awaited support for the SAML 2.0 protocol.

The hugely promising security technology of Quantum Key Distribution (QKD) has moved an important step closer to commercialization with the announcement by UK-based researchers that they can now shift encryption keys around at speeds of 1Mbps.

Japan's Self Defense Force lost sensitive data pertaining to a joint US-Japan military exercise last year, the Ministry of Defense said Tuesday.

The vendor HyBlue says it can prevent the "cold boot" encryption hack discovered by Princeton researchers with a laptop security product announced Tuesday.

Centeris, which provides cross-platform authentication via Microsoft's Active Directory, Tuesday enhanced its Likewise platform (Clear Choice Test of Likewise)Â and an added open source project that will be distributed with the top Linux operating systems.

Yahoo!7, eBay and PayPal have joined forces to protect customers against fraudulent e-mails and phishing attacks with the implementation of new authentication technology.

Users of online banking sites tend to bypass critical clues that the integrity of those sites may have been compromised, according to the working draft of a study released on Sunday by researchers at Harvard University and the Massachusetts Institute of Technology.

E-mail authentication can help fight the growing spam e-mail problem, but vendors need to come up with a single, open standard to avoid confusion and crippling costs for small ISPs (Internet service providers), participants in a U.S. government summit said Wednesday.

The annual report from Georgia Tech Information Security Center identifies five evolving cyber security threats, and the news is not good.

If there is a Holy Grail in the information security industry, it surely is the answer to the question, "How secure is secure enough?"

Theft of laptops and other mobile devices is spiraling, and the consequences -- financial and other -- are getting increasingly dire.

Whether you hire outside consultants or do the testing yourself, here are some tips for making sure your time and money are well spent.

Security assessment and deep testing don't require a big budget. Some of most effective security tools are free, and are commonly used by professional consultants, private industry and government security practitioners. Here are a few to start with.

Web-based e-mail is booming. Services such as Gmail, Yahoo Mail and Hotmail are convenient, accessible and, best of all, free. Many of us have come to rely on them without giving it a second thought.

Jeff Jonas knows the Las Vegas gambling industry inside and out. As the founder and chief scientist of Systems Research & Development (SRD), Jonas helped build numerous casino systems before 2005 when his company was purchased by IBM.

We've known for a long time that requiring just a user name and password to get on the network or to access personal information on a Web site isn't the tightest security posture, but there weren't a lot of good alternatives, and there wasn't that much pressure to change.

Web security is at the top of customers' minds after many well-publicized personal data breaches, but the people who actually build Web applications aren't paying much attention to security, experts say.

A secure connection between browser and back end underlies Internet commerce. But what if it's already compromised?

First, the good news: e-businesses have moved quickly to combat phishers, consumers are learning to be more discerning, and vendors are stepping up with anti-phish tools and services.

The University of Western Sydney (UWS) has today gone live with a managed Intrusion Detection System (IDS) for its 5000 users.

The PCI Security Standards Council was established in the US by the major credit card companies in September 2006 as an independent organization to manage the Payment Card Industry Data Security Standard. In an interview, general manager Bob Russo talks about the council's efforts to administer the PCI standard amid continuing concerns about credit and debit card security. And he defends the standard, despite the recent data breaches at Hannaford Bros. and Okemo Mountain Resort.

RSA Security late last year acquired privately held Cyota, which offers online security and anti-fraud services to help financial institutions protect consumer accounts. CEO Art Coviello recently sat down with Ellen Messmer to discuss the Cyota acquisition and RSA's views on the future of authentication. With its anti-fraud services for banks, Cyota is a very different type of business than RSA Security traditionally has been in with its SecurID products for two-factor authentication and the BSAFE encryption toolkits.

Technology isn't going to protect e-commerce customers -- stronger government regulation is what will get the attention of online banks and merchants, forcing them to stop being casual about security, said Bruce Schneier, founder and chief technology officer of Counterpane Internet Security.

It has been a number of years since the fantasy that hackers will be offered a job by those who they hacked was even a potential reality, but there are reports that this might still be the case in New Zealand.

Open source has encompassed all areas of software applications and services, so there was little doubt that authentication would, sooner or later, be part of this fast growing movement. OpenLDAP, the open source directory project, has been with us for quite some time. But there's a new movement to create an authentication protocol, to standardize how authentication data is exchanged.