application security

Online Authentication Group FIDO Alliance Grabs A Big Bone: Alibaba

The FIDO Alliance, an up-and-coming industry consortium aimed at simplifying online identity and doing away with passwords added IPO darling Alibaba to its Board of Directors, according to a statement on Tuesday. The FIDO (or “Fast IDentity Online”) Alliance announced that Alibaba Group’s payments business, Alipay will be among the first to deploy FIDO technology for secure payments authentication. On September 17, the company announced that it will use Nok Nok Labs’ FIDO-compliant  NNL™ S3 Authentication Suite to enable secure online payments via the Fingerprint Sensor (FPS) technology on the Samsung Galaxy S5. Alipay customers will be able to make payments and transfers using Alipay’s mobile application, Alipay Wallet by applying their fingerprint to the Galxy’s fingerprint sensor. “We look forward to participating on the FIDO Alliance board, and assuring that commerce and authentication are uniquely cooperative and seamlessly compatible,” said Ni Liang, Alibaba group, senior director, department of security, in a statement. Mobile payments […]

Continue Reading

You’re Invited: A Conversation on Password Security and Targeted Attacks

A note to Security Ledger readers that I’ll be facilitating a really interesting conversation this afternoon on password (in)security and how weak user authentication can undermine even the best laid security plans. The SANS Webinar, Security for the People: End User Authentication Security on the Internet” kicks off at 3:00 PM Eastern today (12:00 PM Pacific). You can register to join us using this link.   My guest is DUO Security researcher Mark Stanislav, a frequent Security Ledger contributor and one of the smartest guys out there when it comes to passwords, authentication and securing the Internet of Things. There’s plenty to talk about: weak authentication schemes are the root cause of any number of prominent breaches – from the recent attacks the Apple iCloud accounts of A-list celebrities, to the breach at retailer Target (reportedly the result of a phishing attack on an HVAC contractor that Target used.) Mark and I […]

Continue Reading

Report: Home Depot Fallout Reveals History of Lax Security, Hiring

Its a truism in cyber security that behind every great hack often lies a string of bad decisions and missed opportunities. Its also true that when you dig into the details of damaging cyber incidents, the root causes are personal and psychological as often as they are technical in nature. Organizations -even sophisticated and wealthy organizations – end up making bad decisions for all the wrong reason: failing to properly assess their risk, or pursuing short term savings when long term investment is needed. Home Depot learned via law enforcement that a breach of transaction data exposed as many as 52 million credit card transactions, the largest retail credit card breach to date. But as more comes out about the breach at home improvement giant Home Depot, it starts to look a lot more like the root causes there may have started in the HR department rather than the data center. The […]

Continue Reading

IoT Set To Transform Manufacturing, Security is Obstacle| IDG Connect

The folks over at IDG Connect have a good overview of what the German Government calls “Industry 4.0” but many of us just think of as a branch of the Internet of Things. The blog post by Andy Roxburgh, the Vice-President of Systems and Service in Schneider Electric’s Industry Business, predicts that automation and intelligent machinery will lead to a transition from human-intensive low wage manufacturing to machine centric “smart” manufacturing that lowers costs by taking humans out of the equation and using automation to create faster, more effective and nimble manufacturing processes. “Manufacturers need to prepare for a world where value is re-defined,” Roxburgh says. “Winning companies will be those who automate their operations and use data to create the smartest processes.” No surprise: security is one major obstacle on the road to Industry 4.0 (as we’ve written before). “Universally connected devices, more data, and a boom of cloud-based technology means manufacturers and users have more […]

Continue Reading

How Big Data holds the Key To Securing the Internet of Things

I’m seeing a lot of pre-conference promotion of content from the big Internet of Things Expo out in Santa Clara in early November. One interesting presentation that is worth checking out (the slides are already online) is James Kobielus’s talk on how IT professionals should address the security challenges of IoT. Kobielus is IBM’s program director for Big Data analytics product marketing. In his presentation, he tackles the question of whether the Internet of Things is (to use his words) “too big, diverse, pervasive,  and dynamic to secure comprehensively?” [Read our coverage of Internet of Things security here. ] After all, history will show that we’ve done – at best – a so-so job of securing the Internet of machines. How will adding a few zeros to the number of connected endpoints make things better? IoT will undermine even the tenuous walls we’ve built around our existing IT infrastructure: moving us to a […]

Continue Reading
1 20 21 22 23 24 47