A Review of the Best News of the Week on Identity Mgt & Web Fraud

Google launches Chrome Enterprise with added security and Active Directory integration (TechRepublic, Aug 24 2017)
The new Chrome Enterprise brings additional management capabilities and 24/7 enterprise support for businesses looking to work with Google’s OS…

NIST’s New Security and Privacy Controls For IoT, MFA and SSO (The Duo Blog, Aug 22 2017)
NIST has released the fifth revision of the Security and Privacy Controls draft of Special Publication 800-53 (PDF), now available for comments through September 12, 2017. New Control Enhancements for Password-Based Authentication..Security Benefits of Combining MFA & SSO……

There’s no need to kill the password, at least not yet (Behaviosec, Aug 21 2017)
Every trade show I attend have an increasing amount of companies there claiming that they have THE solution that will eliminate the need for passwords once and for all. However, with a modern system you can let your users use simple, easy to remember, passwords without compromising your security…

strip-bizarro-password


Sponsored by LogRhythm
SIEM Magic Quadrant
Gartner Positions LogRhythm in SIEM Leaders Quadrant for 5th Consecutive Year. Get the report


Three barriers to digital IDs on the blockchain (Help Net Security, Aug 21 2017)
There has been a lot of hype around blockchain technology and the benefits it could bring to a wide variety of verticals, including identity verification….

DHS S&T Evaluates TSA Touch-Free Fingerprint Scanners (Homeland Security, Aug 21 2017)
Government entities need to collaborate and agree on how to issue and hold identities. Who is in charge for onboarding people to a blockchain distributed ledger? Consumers must be served with trust, transparency and consent for an identity-based blockchain to grow…

Identity Thieves Hijack Cellphone Accounts to Go After Virtual Currency (The New York Times, Aug 22 2017)
“These guys will sit and call 600 times before they get through and get an agent on the line that’s an idiot,” Mr. Weeks said…

50% of Ex-Employees Can Still Access Corporate Apps (Dark Reading, Aug 23 2017)
Twenty percent of respondents report their failure to deprovision employees from corporate applications has contributed to a data breach at their organization. Of those, 47% say more than 10% of all data breaches have been the result of ex-employees….

Aussie cyber security start-up TokenOne heads to US to kill passwords (Financial Review, Aug 24 2017)
Australian start-up, TokenOne, was selected to work with a consortium to tackle identity theft and fraud in e-commerce through multi-factor authentication. Their product utlizes one-time pad principles (a crypto algorithm in which plaintext is combined with a random key) to create unique, unbreakable codes…

Dissecting Security Hardware at Black Hat and DEF CON (The Duo Blog, Aug 18 2017)
Due to the difficulty of verifying a device’s security properties, purchasing decisions often have to made based on secondary factors, like vendor reputation. This creates an environment where software-oriented people just assume hardware is secure because life becomes much more difficult if that assumption is questioned…

The Confessions: What If All Your Secrets Became Public? A Story by Joshua Cohen (Wired, Aug 22 2017)
OK. My computer. It seems as if my computer has been hacked and all the crap on it, or all the crap related to all the accounts related to it, or whatever—everything I’ve ever done on it—has been made public…

Blockchain firm ShoCard raises $4M for enterprise identity management (SiliconANGLE, Aug 24 2017)
The California-based distributed-ledger company started its foray into using blockchain technology for identity management in the consumer sector with its launch in 2015. Using its technology, customers could store usernames, identity cards and other credentials on a distributed ledger system accessible via mobile devices, which allows them to forgo carrying extra cards or papers…

Brazil’s Ministry of Planning Is Testing Blockchain Identity Tech (CoinDesk, Aug 24 2017)
A government agency in Brazil is investigating how it could leverage blockchain technology to verify the legitimacy of ID documents…