Authentication

CA has announced its SiteMinder and SOA Security Manager products are now available for the open source JBoss middleware platform.

Twitter required some users to reset their passwords on Tuesday after discovering that their log-in information may have been harvested via security-compromised torrent Web sites, the company said.

The Gmail accounts of foreign reporters in at least two news bureaus in Beijing have been hijacked, a journalists' group in China said Monday.

Microsoft plans to buy health-care software maker Sentillion for an undisclosed sum in order to expand its own health-care offerings and capitalize on an upcoming opportunity for new sales.

An employee of the U.S. Department of State was sentenced Wednesday to 12 months of probation for illegally accessing more than 125 electronic passport application files, the U.S. Department of Justice said.

For US$34, a new cloud-based hacking service can crack a WPA (Wi-Fi Protected Access) network password in just 20 minutes, its creator says.

A Seattle computer security consultant says he's developed a new way to exploit a recently disclosed bug in the SSL protocol, used to secure communications on the Internet. The attack, while difficult to execute, could give attackers a very powerful phishing attack.

A flaw in the protocol used to secure communications over the Internet could have been used to hack Twitter accounts, according to an IBM security researcher.

In the face of mounting threats from hackers, MasterCard will use mobile phones to improve security for online transactions, the company said on Monday.

The first worm written for Apple's iPhone has been unleashed and is infecting phones in Australia.

A U.K. security company is giving to banks, for free, security software that it says can block malicious software from manipulating online banking transactions or stealing data, even if the computer is infected.

A massive bot-based attack has been hitting Facebook users, with nearly three-quarters of a million users receiving fake password reset messages, according to security researchers.

Google's Gmail and Yahoo's Mail were also targeted by a large-scale phishing attack, perhaps the same one that harvested at least 10,000 passwords from Microsoft's Windows Live Hotmail, according to a report by the BBC.

Twitter users beware: this scam will not leave you ROFL.

Chris Nickerson is willing to push it about as far as a person can go when it comes to security assessments. The founder of Lares, a security consultancy in Colorado, Nickerson conducts what he calls "Red Team Assessments" for clients. He is paid to try and dupe a client, and the client's employees, to give them a clear picture of the weak spots in their security plan. He then advises them on how to shore up defenses more effectively in the event a real criminal comes knocking.

When it comes to security, the British government's Consulate-General in New York, part of the United Kingdom's diplomatic mission for business and visa-related activities, is taking no chances on spies or other intruders sneaking onto its network.

Even if your spouse doesn't know your e-mail password, he or she probably knows enough information to get it.

Passwords have been standing guard over our computer user accounts seemingly forever; for a long while, and for most purposes, they could go it alone.

False positives and faulty readers are common criticism of biometric security systems. But with the right plan, can they be practical in your security portfolio?

The annual report from Georgia Tech Information Security Center identifies five evolving cyber security threats, and the news is not good.

If there is a Holy Grail in the information security industry, it surely is the answer to the question, "How secure is secure enough?"

Theft of laptops and other mobile devices is spiraling, and the consequences -- financial and other -- are getting increasingly dire.

Security assessment and deep testing don't require a big budget. Some of most effective security tools are free, and are commonly used by professional consultants, private industry and government security practitioners. Here are a few to start with.

Whether you hire outside consultants or do the testing yourself, here are some tips for making sure your time and money are well spent.

Web-based e-mail is booming. Services such as Gmail, Yahoo Mail and Hotmail are convenient, accessible and, best of all, free. Many of us have come to rely on them without giving it a second thought.

Jeff Jonas knows the Las Vegas gambling industry inside and out. As the founder and chief scientist of Systems Research & Development (SRD), Jonas helped build numerous casino systems before 2005 when his company was purchased by IBM.

A secure connection between browser and back end underlies Internet commerce. But what if it's already compromised?

We've known for a long time that requiring just a user name and password to get on the network or to access personal information on a Web site isn't the tightest security posture, but there weren't a lot of good alternatives, and there wasn't that much pressure to change.

RSA Security late last year acquired privately held Cyota, which offers online security and anti-fraud services to help financial institutions protect consumer accounts. CEO Art Coviello recently sat down with Ellen Messmer to discuss the Cyota acquisition and RSA's views on the future of authentication. With its anti-fraud services for banks, Cyota is a very different type of business than RSA Security traditionally has been in with its SecurID products for two-factor authentication and the BSAFE encryption toolkits.

Technology isn't going to protect e-commerce customers -- stronger government regulation is what will get the attention of online banks and merchants, forcing them to stop being casual about security, said Bruce Schneier, founder and chief technology officer of Counterpane Internet Security.

Open source has encompassed all areas of software applications and services, so there was little doubt that authentication would, sooner or later, be part of this fast growing movement. OpenLDAP, the open source directory project, has been with us for quite some time. But there's a new movement to create an authentication protocol, to standardize how authentication data is exchanged.