Access Control

Access Control news, information, and how-to advice

defenses against super attackes 1
automated security defense protection

light from window

Researchers find way to steal Windows Active Directory credentials from the Internet

The technique could enable attackers to attack Windows servers hosted in the cloud

cloud security lock

File sync services provide covert way to control hacked computers

File synchronization services, used to accommodate roaming employees inside organizations, can also be a weak point that attackers could exploit to remain undetected inside compromised networks.

us surveillance spy ts

NSA will lose access to 'historical' phone surveillance data Nov. 29

After Nov. 29, data requests must be made on an as-needed basis to the FISA Court

tunnel threat

VPN users, beware: You may not be as safe as you think you are

Thanks to IPv6 leakage, your data could be out there for anyone to see


Lieberman: Mandiant and Verizon wrong on unstoppable threats

Mandiant, Verizon and other cyber-forensics firms are profiting from so-called unstoppable threats like zero-day exploits and advanced persistent attacks, according to a new report from Lieberman Software.

kill password

FUD: Vendor claims their map-based password tool is unbreakable

Nova Spatial, the developer of a map-based authentication method called MapLogin, says their tool is unbreakable after a round of vulnerability testing with HackerOne. A bold claim, one that just isn't true based on the evidence.

single sign on tools review 1

Best tools for single sign-on

Single mindednessSince we last looked at single sign-on products in 2012, the field has gotten more crowded and more capable. For this round of evaluations, we looked at seven SSO services: Centrify’s Identity Service, Microsoft’s...

security fingerprints

Expert: Time to stop relying on PII for authentication

These days, the criminals often know more of our personal details than we know ourselves -- it's time to stop asking users for their personal details and to switch to more secure methods for authentication

flashlight darkness

Windows 10 will allow apps to actively scan their content for malware

Developers will be able to have their apps talk to the locally installed antivirus programs through a new API

03 point of sale

Cybercriminals increasingly target point of sales systems

Trustwave highlights the difference in data-breach activity between North America and the rest of the world

haunted hallway ghost

Do departed employees haunt your networks?

Many companies have ghosts in their systems. Employees who've gone on to a better place -- say, with better pay -- but are still wandering through company files, cloud services, and social media accounts

st louis federal reserve bank

eNom discloses DNS attack to customers

On Thursday, Taryn Naidu, the CEO of domain registrar eNom, sent a letter to customers disclosing a "very sophisticated attack" that targeted the DNS settings on four domains. The email was sent in order to provide transparency, but...

dugoni dental clinic horizontal

Hard-coded credentials placing dental offices at risk

One researcher says that customers using Henry Schein's Dentrix software have been unknowingly exposed to risk after the latest version shipped with a flaw that was supposed to have been patched two years ago. This was reported to...

airplane interior

Security researcher's hack caused airplane to climb, FBI asserts

The FBI contends a cybersecurity researcher said he caused an airplane's engine to climb after hacking its software, according to a court document. The FBI interviewed him after he flew into Syracuse, New York, and seized his...


Electronic lock maker clashes with security firm over software flaws

CyberLock said it wasn't given enough time before IOActive published a security advisory

fire hydrant

Startup HydrantID launches subscription model for buying SSL certificates

The idea is to drive down the cost of certificates and streamline management

sendgrid screenshot

SendGrid customers told to reset passwords and DKIM keys after breach

SendGrid, a Boulder, Colorado-based transactional and marketing email delivery service, has urged customers to reset passwords after an internal investigation discovered that an employee's credentials were compromised.

rsa moscone south

166816 (Z66816): A post-RSA Conference recap

Default credentials: Ignored by those who should be paying attention, and collected by everyone else, they're the reason most breaches don't need to be too technical.

Load More