Access control and authentication - News, Features, and Slideshows

News

• Dropbox adds U2F support for better security

  Two-factor authentication is often held up as a best practice for security in the online world, but Dropbox on Wednesday announced a new feature that's designed to make it even tougher.

• Researchers find way to steal Windows Active Directory credentials from the Internet

  An attack using the SMB file sharing protocol that has been believed to work only within local area networks for over a decade can also be executed over the Internet, two researchers showed at the Black Hat security conference.

• File sync services provide covert way to control hacked computers

  File synchronization services, used to accommodate roaming employees inside organizations, can also be a weak point that attackers could exploit to remain undetected inside compromised networks.

• No building access card? No problem if you have new Def Con tools

  RFID card access systems are used by most companies to let people into their buildings. But over the last few years, researchers have shown how these systems can be easily bypassed.

• Bug exposes OpenSSH servers to brute-force password guessing attacks

  A bug in OpenSSH, the most popular software for secure remote access to UNIX-based systems, could allow attackers to bypass authentication retry restrictions and execute many password guesses.

• Cisco leaves key to all its Unified CDM systems under doormat

  Cisco Systems recently realized that its Unified Communications Domain Manager (Unified CDM) software contains a default privileged account with a static password that cannot be changed, exposing the platform to hacking by remote attackers.

• VMware's Identity Manager offers authentication for Web, native apps

  VMware is hoping to convince CIOs to centralize single sign-on access to all kinds of apps with Identity Manager, which can run in the cloud or on-site and also offers application provisioning and a self-service catalog.

• Cybercriminals increasingly target point of sales systems

  The data breach landscape could look very different in the future with the increased adoption of chip-enabled payment cards in North America -- but for now point-of-sale systems account for the majority of breaches there, compared to a tiny minority in other regions of the world.

• Memory scraping malware targets Oracle Micros point-of-sale customers

  A new malware program designed to steal payment card details from point-of-sale (PoS) systems is targeting businesses using Oracle Micros products.

• Hacker turns toy into tool that can open garage doors in seconds

  Owners of fixed-code garage door openers might want to consider upgrading them because a researcher has developed a technique that guesses the numbers in seconds.

• Users with weak SSH keys had access to GitHub repositories for popular projects

  A number of high-profile source-code repositories hosted on GitHub could have been modified using weak SSH authentication keys, a security researcher has warned.

• Large scale attack hijacks routers through users' browsers

  Cybercriminals have developed a Web-based attack tool to hijack routers on a large scale when users visit compromised websites or view malicious advertisements in their browsers.

• The best way to protect passwords may be creating fake ones

  Password managers are a great way to supply random, unique passwords to a high number of websites. But most still have an Achilles' heel: Usually, a single master password unlocks the entire vault.

• Electronic lock maker clashes with security firm over software flaws

  The maker of a widely used electronic lock has taken issue with a security company's criticism of one of its flagship products.

• Credit card terminals have used same password since 1990s, claim researchers

  While retailers battle breaches that have resulted in tens of millions of credit card numbers stolen, word comes from the RSA Conference in San Francisco that a major vendor of payment terminals has been shipping devices for over two decades with the same default password.