Identity Management

Starting early next year, air travelers will have to provide their birth date and gender, as well as their full names to the airline when making flight reservations.

David Kernell is facing five years in prison for allegedly hacking into Alaska Governor Sarah Palin's Yahoo e-mail account, but lawyers watching the case say that the felony charge against him is a bit of a stretch.

A 20-year-old Tennessee man has been indicted for hacking into an e-mail account of U.S. vice presidential candidate Sarah Palin, according to court records.

A US House subcommittee is charging that a US$500 million IT project intended to "connect the dots" on terrorists and help prevent another 9/11 is a failure; it can't even handle basic Boolean search terms, such as "and, or and not."

The next time you relinquish your personal identity to simply enter a venue or purchase something, spare a thought for how the information might be stored, transmitted and used in the future. Such an overload of identity information may lead to a dramatic escalation in fraud, claims one legal eye.

International experts in Wellington for a conference on identity last week expressed admiration for the New Zealand government's igovt identity information management scheme and the policy behind it.

A prominent Sydney club has deployed a network firewall solution to protect its gaming rewards system, which can potentially hold $50 million.

BMC Australia has won a deal with explosives, chemicals and paint making giant Orica to provide automated employee identity management to accelerate the productivity of new employees.

Barclays bank in the UK has found itself at the centre of another security scam, this time around someone posed as the bank's chairman and scammed £10,000 out of his personal account.

Yahoo appears close to implementing OpenID, a Web authentication standard that relieves people of the need to remember multiple passwords to log into different Web sites.

The BBC presenter Jeremy Clarkson has lost £500 after publishing his bank details in a British newspaper in a naive attempt to prove that the UK's largest ever data breach was a storm in a tea cup.

IBM is aggressively expanding its security portfolio in hopes of becoming the de facto source of advice and technology for businesses looking to adopt high-level IT governance and risk management strategies -- a transformation among customers that officials at Big Blue cite as both ongoing and inevitable.

IBM upgraded its identity management capabilities with tools to help customers manage user access to sensitive information, the company said Wednesday.

The government has defended security measures for its £5.6 billion ID cards scheme in the wake of the data loss crisis at HM Revenue and Customs.

Whether it is for an investigation, a whistle-blower statement, a prank or just extreme paranoia, you may have a need for anonymously sending messages. The following five tools provide an easy to use way to communicate incognito with Internet surfing, emails, phone calls and text messages. While these tools have their limitations, they do provide an Investigator a great way to hide his identity, gather intelligence, and communicate secretly when needed.

Chris Nickerson is willing to push it about as far as a person can go when it comes to security assessments. The founder of Lares, a security consultancy in Colorado, Nickerson conducts what he calls "Red Team Assessments" for clients. He is paid to try and dupe a client, and the client's employees, to give them a clear picture of the weak spots in their security plan. He then advises them on how to shore up defenses more effectively in the event a real criminal comes knocking.

Facebook's Application Verification Program, controversial due to its concept of charging developers to have their applications certified as "trustworthy," has run into technical problems.

Computer networks in the academic world are a lot like the Wild West: It's hard to tell the good guys from the bad, and the sheriff's ability to maintain order is severely limited.

Role mining and discovery: The ability to collect user access and authorization information from a variety of resources, associate this data with candidate roles and responsibilities, propose alternative roles and leverage decisions made about the data on an ongoing basis.

The role management software vendor community is relatively young, and as such, Burton Group says there is no clear market leader. Vendors can be categorized into two segments: general purpose solutions and embedded solutions.

If there is a Holy Grail in the information security industry, it surely is the answer to the question, "How secure is secure enough?"

Remember the old M&M analogy - security is like an M&M candy, hard shell on the outside, soft on the inside. In other words, put up firewalls, built a strong perimeter and you're good to go. Of course, nobody believes that M&M-type security is sufficient in today's world of insider threats, data leakage, mobile workers, thumb drives and sophisticated malware. So, what's the new metaphor? We asked around and came up with a number of interesting and useful ways to think about enterprise security.

Ah, youth. Ready to take on the world, today's generation of dynamic, tech-immersed youngsters have grown up alongside the Internet. Firsthand, and sometimes single-handedly, they have advanced some of today's hottest technology trends, from peer-to-peer networking, to massively multiplayer online games, to social networks and instant messaging. And along the way, a small, sociopathic number of them have behaved very, very badly.

We've known for a long time that requiring just a user name and password to get on the network or to access personal information on a Web site isn't the tightest security posture, but there weren't a lot of good alternatives, and there wasn't that much pressure to change.

It's security's dirty little secret: Not having your users logged in as root or administrator will not stop malware.

Faced with looming regulations such as the Health Insurance Portability and Accountability Act and the Sarbanes-Oxley Act, Craig Shumard, chief information security officer for healthcare provider Cigna, knew he needed better tools for role-based access control.

Federated identity has long been a goal of many IT organizations. One look at the promise of federation, and it is easy to see why. After all, empowering one organization to serve as an identity provider for another frees IT from having to manage the identities of partnering organizations' employees and customers, thereby facilitating the pursuit of competitive-advantage projects. In this era of increasing enterprise decentralization, thanks in large part to the Web, establishing a federated identity framework is fast proving as essential as it is hard to pull off.

Reformed hacker-turned-security-consultant Kevin Mitnick served five years in federal prison for breaking into phone and software company networks. He talks about his past hacking exploits, computer security, and how he turned an illegal hobby into a useful career.

An Australian researcher is developing technology that would let you use your eyes - or more specifically your iris - to unlock your PC, access secure buildings or open your front door.

What are some of the challenges in deploying NAC? What are the alternatives for LAN security?