HealthCare.gov deferred final security check, could leak personal data

Posted on October 31, 2013 by mea

HealthCare.gov sends data to analytics providers such as Google’s DoubleClick and Pingdom. As Simo reviewed the Web requests being made as part of his movement through the HealthCare.gov site, he found requests sent to these two providers that included his visit to the password reset page—and all of the user data that was generated by the page. That runs counter to the privacy policy on HealthCare.gov, which states that no personally identifiable information will be collected by site analytics tools. This is the same sort of behavior that the Federal Trade Commission has fined social networks such as Facebook and MySpace for in the past.

via HealthCare.gov deferred final security check, could leak personal data | Ars Technica.

How Much is Your Gmail Worth?

Posted on June 26, 2013 by mea

The brainchild of researchers at the University of Illinois at Chicago, Cloudsweeper’s account theft audit tool scans your inbox and presents a breakdown of how many accounts connected to that address an attacker could seize if he gained access to your Gmail. Cloudsweeper then tries to put an aggregate price tag on your inbox, a figure that’s computed by totaling the resale value of other account credentials that crooks can steal if they hijack your email.

via How Much is Your Gmail Worth? — Krebs on Security.

Facebook vs. Salesforce: An Identity Smackdown?

Posted on April 18, 2013 by mea

If an alternative did take root, his money would be on Salesforce to prevail. “There’s credibility for Salesforce being an enterprise identity provider,” Shaw says. “They have a legitimate claim for being an identity provider because so many people use salesforce.com. It’s hard not to run into an enterprise that’s not using Salesforce to some degree. Even small companies.

via Facebook vs. Salesforce: An Identity Smackdown? — Dark Reading.

When Active Directory And LDAP Aren’t Enough

Posted on March 22, 2013 by mea

Ultimately, the chaos is breeding a whole new niche in Identity as a Service (IdaaS) that’s being tightly contested by vendors like Okta and Identropy and others like Centrifiy and Symplified. It’s an exploding market that Gartner says will make up a quarter of all new IAM sales by the end of 2014 and 40 percent by 2015,

via When Active Directory And LDAP Aren’t Enough – Dark Reading.

Not another x as a service acronym. IAM=Identity and Access Management

Bypassing Google’s Two-Factor Authentication

Posted on February 26, 2013 by mea

TL;DR – An attacker can bypass Google’s two-step login verification, reset a user’s master password, and otherwise gain full account control, simply by capturing a user’s application-specific password (ASP).

via Bypassing Google’s Two-Factor Authentication – Blog · Duo Security.

Also From: Google Security Vulnerability Allowed Two-Step Verification Bypass – Dark Reading.

A successful attack would require first stealing a user’s ASP, which could theoretically be accomplished via malware or a phishing attack.

PayPal, Lenovo Launch New Campaign to Kill the Password with New Standard from FIDO Alliance

Posted on February 12, 2013 by mea

Under the standards put forward by the FIDO Alliance, the device a person is using to log in to an account would play a more central role in authentication. That would make it impossible to compromise accounts by stealing passwords, as hackers did in order to break into Twitter this month and LinkedIn last year.

via PayPal, Lenovo Launch New Campaign to Kill the Password with New Standard from FIDO Alliance | MIT Technology Review.

Requiring a person to offer both a password and a physically linked secondary proof is an approach known as “two-factor authentication.”

Is Identity The New Perimeter?

Posted on February 10, 2013 by mea

“It used to be that because everything was behind the firewall, they could architect IAM with LDAP authentication and NTLM. But now they’re got the business line going out and driving so much via SaaS.”

via Is Identity The New Perimeter? – Dark Reading.

SaaS=Software as a Service

DISQUS – Elevating the discussion

Posted on November 11, 2012 by mea

With a few quick steps, you can turn your old comment system into a new way to engage your visitors.

From small blogs to massive websites, Disqus is the easiest way to build active communities. It’s free to use and works with virtually any type of website.

via DISQUS – Elevating the discussion.

Facebook API bug deletes contact info on users’ phones

Posted on July 3, 2012 by mea

In the majority of cases, those who allowed their Blackberry, Android, iOS6 beta and Windows Phone 8 beta phones to sync their contacts with Facebook, have had the originally stored email addresses overwritten. The lucky ones had their contacts duplicated – with the new ones containing the @facebook email addresses.

via Facebook API bug deletes contact info on users’ phones.

At least it was the user’s choice allowing Facebook to write stuff onto their devices.

BlackBerry Mobile Voice System

Posted on March 17, 2012 by mea

One office identity

Employees can make and receive calls from almost anywhere with a single number1—and quickly and easily switch between their desk phones and BlackBerry smartphones.

via BlackBerry – BlackBerry Mobile Voice System – MVS Business Phone Solutions – BlackBerry US.

Bucktown Bell

Cut to the chase.

Tag Archives: user management