A Review of the Best News of the Week on Identity Mgt & Web Fraud
Why Biometric Data Breaches Won’t Require You To Change Your Body (danielmiessler.com, Sep 26 2017)
The real risk to biometric authentication will come at some (likely distant) point in the future where it’s possible to: 1) take extraordinarily high resolution images of peoples’ faces, eyes, hands, etc., and then 2) recreate those body parts in three dimensions with such detail and precision that they can trick any sensor.
The Top 20 AWS IAM Documentation Pages so Far in 2017 (AWS Security Blog, Oct 02 2017)
Here’s the 20 pages that have been the most viewed AWS Identity and Access Management (IAM) documentation pages so far this year.
Infographic: Top 10 Signs Knowledge-Based Authentication is Going Extinct (Jumio, Oct 03 2017)
Given how much personally identifiable information (PII) is out in the wild, the fate of KBA is now being openly questioned. Knowledge-based authentication is an authentication process in which the user is asked to answer at least one “secret” question. KBA is often used as a component for self-service password retrieval.
Sponsored by LogRhythm
SIEM Magic Quadrant
Gartner Positions LogRhythm in SIEM Leaders Quadrant for 5th Consecutive Year. Get the report
How Good Are Equifax’s Identity Protection Offerings? (Wired, Sep 30 2017)
After its massive data breach and bungled initial response, Equifax is offering a free set of tools to protect your identity, but they have limits.
Google Will Retool User Security in Wake of Political Hack (Bloomberg, Sep 30 2017)
Google is preparing to upgrade its security tools for online accounts to better insulate users from cyberattacks and politically motivated hacks, according to two people familiar with the company’s plan.
New Research Shows Cyber Criminals Increasingly Focused on Credential Theft (WatchGuard, Sep 29 2017)
WatchGuard’s report findings from Q2 2017 revealed that criminal tactics used to access user credentials are growing in prevelance, and that a record 47 percent of all malware is new or zero day, and thus able to evade signature-based antivirus solutions.
Poor access control dooms federal cybersecurity, watchdog finds – CIO Dive (CIO Dive, Oct 03 2017)
All 24 agencies of the CFO Act showed continued weakness in access control and security management, according to the Government Accountability Office’s (GAO) September report on federal information security. Between $3 million and $1.3 billion were spent on IT security practices, which ranged between 1% and 22% of organizations’ overall IT budget.
The Google tracking feature you didn’t know you’d switched on (Naked Security – Sophos, Oct 03 2017)
Matt’s a security expert but Google’s Your Timeline slipped past him and almost everyone he asked. Using GPS, Wi-Fi and cell tower data, Google’s Your Timeline can paint a very accurate picture of your daily life.
Google Updates Cloud Access Management Policies (Dark Reading, Oct 03 2017)
Custom roles for Cloud Identity and Access Management will give users full control of 1,287 public permissions in the Google Cloud.
Adobe invests in Aadhaar-based authentication for its ‘e-sign’ solution – Economic Times (The Economic Times, Oct 04 2017)
In a bid to facilitate better adoption of e-signatures in the country, Adobe on Wednesday announced investment on integration of Aadhaar-based authentication in its e-signature solution “Adobe Sign”.
Google updates custom roles for Cloud IAM policies (Google Cloud Platform Blog, Oct 03 2017)
Custom roles offer customers full control of 1,287 public permissions across Google Cloud Platform services. This helps administrators grant users the permissions they need to do their jobs — and only those permissions. Fine-grained access controls help enforce the principle of least privilege for resources and data on GCP.
Developing RESTful APIs with Python and Flask (Auth0 Blog, Sep 28 2017)
This article shows how to use Flask and Python to develop a RESTful API. They start by creating an endpoint that returns static data (dictionaries). After, they create a class with two specializations and a few endpoints to insert and retrieve instances of these classes. Finally, they show how to run the API on a Docker container.
Are you ready for DFARS? (Gemalto blog, Oct 05 2017)
With the Defense Federal Acquisition Regulation Supplement compliance deadline approaching, businesses are scrambling to meet compliance requirements. DFARS addresses the need for strong, two-factor authentication and physical access controls. Are you ready for DFARS?
Closing the Password Security Gap (The LastPass Blog, Oct 05 2017)
Nearly three-quarters of employees want a tool to help them manage their passwords. That’s not surprising knowing that 61 percent of IT executives rely exclusively on employee education to enforce strong passwords.
Fraud Prevention and the Evolving Threats to Online Gambling (ThreatMetrix, Oct 05 2017)
Recently, fraudsters spread fake news using automated bots to pull off a betting scam involving odds-making in professional soccer. Meanwhile, popular gambling site 888 was hit with $7 million in fines over allegations that one customer was somehow allowed to make 850,000 bets worth $1.3 million using money stolen from their employer.