Vulnerability Management

As the head of security for DEF CON, I’ve seen a lot of articles (and a bit of scaremongering) around the threats at the event. While DEF CON is a technically hostile environment, I promise, it is not a dystopian wasteland. A little common sense goes a LONG way. Here’s your basic guide for how to stay safe: Don’t bring your work devices. Use…

When was the last time you heard about a data breach? It wouldn’t be surprising if you said “just recently” or “last week”. According to the IBM-sponsored 2017 Cost of a Data Breach Study by Ponemon, one out of four organizations will experience a breach. As companies move to the cloud, so does sensitive data. It’s now more important than ever to…

The ability to reset your password is an essential system requirement. With so many online services available, it’s common to have multiple user accounts for the various apps and services you interact with every day. Security doctrine dictates that you need a different password for each account, and that you update each one regularly. With so many…

If you do a little research to try and define millennials by date or age range, you will find many competing definitions. Some measure this generational category from the mid-1970s to 2000, others state 1996 is the end date, and few only consider someone to be a millennial if they were born after the mid-1980s. However, the one underlying…

Social login gives application users the ability to apply existing login information from their social media accounts to register and sign into third-party sites. But before we jump into the topic of whether social login is secure or not, let’s answer the question below. Do users really want social login? (Spoiler alert: Yes!) From a user’s point…

Trust is the cornerstone of any successful customer relationship and organizations now have more opportunities than ever to gain that trust. In today’s interconnected world, companies are constantly handling sensitive customer data—and how they use and secure that data plays a huge role in determining the trust customers place in them. A breach…

Biometric authentication — using the unique biological characteristics of an individual to verify their identity — has been around since the dawn of humankind. Think about it: humans use facial and voice recognition every day to identify each other. Signature recognition came about when the first contracts were originally created, and fingerprints…

In recent years, the threat of cyber attacks has grown steadily. Many large enterprises have suffered devastating attacks, despite having security resources in place. Why are so many falling prey to attacks? The answers are manifold, but one of the leading causes is the misuse and abuse of privileges, opening up an easy path for attackers to…

Defense in depth, the coordinated use of multiple security layers to protect system and data integrity, is a multi-layered strategic approach which is deployed to minimize the risk of compromise. The basic premise is that if one security countermeasure is defeated, there is another to ensure your systems remain secure. MFA – Defense in Depth for…

Several weeks ago a new critical vulnerability was discovered that affects many SAML implementations. This vulnerability was first reported by Kelby Ludwig of Duo Security and is particularly interesting to us (as a user management company) as it can be used to bypass authentication in a sinisterly simplistic way. In this post, we’ll take an in…