Authentication

The Defence Science Technology Organisation (DSTO) is running facial recognition trials which will underpin biometric initiatives across the Department of Defence, Immigration and new smartcard driver's licences.

Commonwealth departments to trial Quantum Key Distribution.

Just days after his apprehension in Mexico following two years on the run from law enforcement authorities, an alleged hacker was indicted this week by a federal grand jury for hacking into the computer networks of VoIP service providers.

The European Parliament signed up to a plan Wednesday to introduce computerized biometric passports including people's fingerprints as well as their photographs, despite criticism from civil liberties groups and security experts who argue that the move is flawed on technical grounds.

The PCI Security Standards Council Monday unveiled a plan to sharpen oversight of the hundreds of security-service providers now authorized to evaluate merchant networks under the organization's Payment Card Industry data standards.

Microsoft Tuesday will unveil an open identity platform code-named Geneva that extends to the cloud and includes development tools, gateway technologies and provides long-awaited support for the SAML 2.0 protocol.

The hugely promising security technology of Quantum Key Distribution (QKD) has moved an important step closer to commercialization with the announcement by UK-based researchers that they can now shift encryption keys around at speeds of 1Mbps.

Japan's Self Defense Force lost sensitive data pertaining to a joint US-Japan military exercise last year, the Ministry of Defense said Tuesday.

The vendor HyBlue says it can prevent the "cold boot" encryption hack discovered by Princeton researchers with a laptop security product announced Tuesday.

Centeris, which provides cross-platform authentication via Microsoft's Active Directory, Tuesday enhanced its Likewise platform (Clear Choice Test of Likewise)Â and an added open source project that will be distributed with the top Linux operating systems.

Yahoo!7, eBay and PayPal have joined forces to protect customers against fraudulent e-mails and phishing attacks with the implementation of new authentication technology.

Users of online banking sites tend to bypass critical clues that the integrity of those sites may have been compromised, according to the working draft of a study released on Sunday by researchers at Harvard University and the Massachusetts Institute of Technology.

E-mail authentication can help fight the growing spam e-mail problem, but vendors need to come up with a single, open standard to avoid confusion and crippling costs for small ISPs (Internet service providers), participants in a U.S. government summit said Wednesday.

Chris Nickerson is willing to push it about as far as a person can go when it comes to security assessments. The founder of Lares, a security consultancy in Colorado, Nickerson conducts what he calls "Red Team Assessments" for clients. He is paid to try and dupe a client, and the client's employees, to give them a clear picture of the weak spots in their security plan. He then advises them on how to shore up defenses more effectively in the event a real criminal comes knocking.

Even if your spouse doesn't know your e-mail password, he or she probably knows enough information to get it.

Passwords have been standing guard over our computer user accounts seemingly forever; for a long while, and for most purposes, they could go it alone.

False positives and faulty readers are common criticism of biometric security systems. But with the right plan, can they be practical in your security portfolio?

The annual report from Georgia Tech Information Security Center identifies five evolving cyber security threats, and the news is not good.

If there is a Holy Grail in the information security industry, it surely is the answer to the question, "How secure is secure enough?"

Theft of laptops and other mobile devices is spiraling, and the consequences -- financial and other -- are getting increasingly dire.

Whether you hire outside consultants or do the testing yourself, here are some tips for making sure your time and money are well spent.

Security assessment and deep testing don't require a big budget. Some of most effective security tools are free, and are commonly used by professional consultants, private industry and government security practitioners. Here are a few to start with.

Web-based e-mail is booming. Services such as Gmail, Yahoo Mail and Hotmail are convenient, accessible and, best of all, free. Many of us have come to rely on them without giving it a second thought.

Jeff Jonas knows the Las Vegas gambling industry inside and out. As the founder and chief scientist of Systems Research & Development (SRD), Jonas helped build numerous casino systems before 2005 when his company was purchased by IBM.

We've known for a long time that requiring just a user name and password to get on the network or to access personal information on a Web site isn't the tightest security posture, but there weren't a lot of good alternatives, and there wasn't that much pressure to change.

Web security is at the top of customers' minds after many well-publicized personal data breaches, but the people who actually build Web applications aren't paying much attention to security, experts say.

A secure connection between browser and back end underlies Internet commerce. But what if it's already compromised?

RSA Security late last year acquired privately held Cyota, which offers online security and anti-fraud services to help financial institutions protect consumer accounts. CEO Art Coviello recently sat down with Ellen Messmer to discuss the Cyota acquisition and RSA's views on the future of authentication. With its anti-fraud services for banks, Cyota is a very different type of business than RSA Security traditionally has been in with its SecurID products for two-factor authentication and the BSAFE encryption toolkits.

Technology isn't going to protect e-commerce customers -- stronger government regulation is what will get the attention of online banks and merchants, forcing them to stop being casual about security, said Bruce Schneier, founder and chief technology officer of Counterpane Internet Security.

Open source has encompassed all areas of software applications and services, so there was little doubt that authentication would, sooner or later, be part of this fast growing movement. OpenLDAP, the open source directory project, has been with us for quite some time. But there's a new movement to create an authentication protocol, to standardize how authentication data is exchanged.