RSA Breach Long Term Impact for Security Professionals. Full-disclosure: I am the co-founder of a company that competes with RSA.
Consider the source, but don't toss this post as FUD without reading. I have tried to be as fact-driven and as clear in my recommendations as I can. The Longer Term Impact of the RSA Breach for Security Professionals The past few weeks have seen successful attacks against providers of key elements of Internet security for many companies. Most people seemed unsurprised about the lax security around a certificate authority while most were surprised by a breach at RSA.
Both of these attacks demonstrate how organizations rely on the security of their vendors. More than that, with the explosion of cloud-based services, organizations are relying on the security of their vendor's vendors. Analyze your purchasing heuristics. Heterogeneous vs Homogeneous. Use asymmetric encryption and "Best practices" for encryption, especially when performing key generation. Switching costs. Expect a chain of failures.
Sécurité. Openid. Keyloger. Identité Numérique et Authentification Forte. Identity. Digital. Online banking still not secure, many UK adults believe. Online banking still not secure, many UK adults believe Nearly two-thirds of UK adults who bank online think their security is threatened , according to a survey from French security solutions provider XIRING.
When asked what would improve their online banking confidence, 21% suggested that being asked an extra security question would be the best option. This finding, XIRING believes, highlights the extent to which online banking users still need to be educated on the fallibility of static passwords and how to better protect themselves when conducting their e-banking activities. With online banking fraud on the rise, answering an extra security question does not protect against phishing and some other types of attacks, XIRING says. While 54% of people questioned admitted that they were aware of the scare stories about e-banking at the time of signing up for the service, they were convinced that their bank would fully secure their online banking activities. Other survey results include: OSSIR_VMware_20080807.pdf (application/pdf Object) La sécurité du système d'identifiant unique OpenID mise en question - Actualités - ZDNet.fr. Alors que le système d’identifiant unique OpenID est adopté par un nombre croissant d’acteurs de l’internet - notamment Microsoft, Google et Yahoo -, sa sécurité est mise en question.
OpenID est un système qui permet d’utiliser le même identifiant pour se connecter à différents services en ligne. Il suffit de s’enregistrer une fois, et le log-in fonctionne sur le réseau de sites qui adhèrent au principe, notamment ceux de Microsoft, Google et Yahoo. Or la technologie repose sur les serveurs qui gèrent les noms de domaines (DNS), prévient ainsi un expert des identités fédérées chez Sun Microsystems, Robin Wilton. A la lumière des récentes failles de sécurité décelées au niveau du système DNS, OpenID présente donc des risques comme toutes les autres applications dépendantes des DNS.
Le système de la Liberty Alliance plus sécurisé ? Elle compte totalement sur son intégrité pour s’assurer que l’identifiant fourni provient bien d’un fournisseur de confiance.