by Mark Diodati | July 2, 2012 | 1 Comment
Last week, US-CERT published a vulnerability note on the Simple Certificate Enrollment Protocol (SCEP). The vulnerability was reported by Certified Security Solutions, a consulting company with extensive Windows and PKI deployment experience. The company’s summary of the vulnerability is here. This vulnerability—when combined with two additional pieces of information—enables an attacker to impersonate another user [...]
Category: Authentication Cloud IAM Mobility Tags:
by Mark Diodati | June 27, 2012 | Comments Off
You may have read about two recent vulnerabilities associated with RSA authentication products. Last month, a researcher specified how to copy a SecurID software token from one computer to another, which can enable an impersonation attack (Ars Technica). This week, researchers described a way to decrypt data encrypted with a SecurID smart card (again, Ars [...]
Comments Off
Category: Authentication IAM Mobility Uncategorized Tags:
by Mark Diodati | April 20, 2012 | Comments Off
I want to welcome you to a multi-post discussion about near-field communication (NFC). Over the next few blog posts, I will be talking about: NFC’s moving parts Impending demand from your users NFC’s potential for access to buildings and applications Missing ecosystem components The next revolution in mobility is coming: it is near field communication [...]
Comments Off
Category: Applications Authentication Cloud IAM Mobility NFC Tags:
by Mark Diodati | April 12, 2012 | Comments Off
The topic of the secure distribution of one-time password (OTP) secrets recently surfaced again as part of our ongoing mobility research. Many organizations make the classic distribution mistake; they couple a weak identity proofing mechanism with the deployment of stronger authentication systems1. In our research, I call this an “impendance mismatch”. For example, if an [...]
Comments Off
Category: Authentication IAM Mobility Tags:
by Mark Diodati | February 19, 2012 | Comments Off
Industry analysts discuss emerging concepts and current events with journalists. We are misquoted more than you might think (or we would like). Sometimes the misquote is minor. On occasion, the statement attributed to us differs materially from our original statement; we are inclined to speak out and make a correction. Misquotes can be the result [...]
Comments Off
Category: Authentication IAM Mobility Tags:
