New vulnerability allows attackers to trick single sign on systems

Single sign on (SSO) is popular with businesses as it allows control of access to multiple resources without the need for lots of different credentials. But researchers at Duo Security have uncovered a vulnerability that can allow attackers to trick systems based on the commonly used SAML (Security Assertion Markup Language) into giving them a higher level of access. Armed with an existing ID and password an attacker with only moderate technical skill can fool the SAML system into authenticating as another user without needing to know that user's password. Since most corporate systems have a standard pattern for user… [Continue Reading]

65 percent of organizations unable to comply with GDPR 'right to be forgotten'

One of the key planks of the upcoming GDPR legislation is the right to removal or personal data, the so-called, 'right to be forgotten'. But a new study from big data application provider Solix Technologies reveals that 65 percent of organizations are unsure if an individual's personal information can be purged from all their systems. Among other findings are that 22 percent of organizations are unaware that they must comply with GDPR, even if they are based outside of the European Union but hold data of EU citizens. 38 percent say that all their personal data under the new GDPR… [Continue Reading]

We win, you lose: How shareholder value screwed the middle class

The American Dream changed somehow in the 1970s when real wages for most of us began to stagnate when corrected for inflation and worker age. My best financial year ever was 2000 -- 18 years ago -- when was yours? This wasn’t a matter of productivity, either: workers were more productive every year, we just stopped being rewarded for it. There are many explanations of how this sad fact came to be and I am sure it’s a problem with several causes. But this column concerns one factor that generally isn’t touched-on by labor economists -- Wall Street greed. Lawyers… [Continue Reading]

Coinbase is about to give the IRS details of 13,000 users

Cryptocurrency exchange Coinbase has contacted 13,000 of its users to inform them that it is going to hand over their details to the IRS. The tax collection agency originally asked for the details of everyone buying Bitcoin between 2013 and 2015 in a bid to weed out tax evaders. Coinbase did not give in without a fight. Since the summons in November 2016, it put up some resistance, ultimately reducing the number of affected customers from 500,000 to 13,000. The exchange will be handing over the details within three weeks. See also: The European Union says it is ready to… [Continue Reading]

More than half of IT pros believe their organization was breached at least once in 2017

A new study of 165 IT and security professionals at medium-sized companies across the US reveals that 53 percent believe their organization was breached one or more times in 2017. The report from security-as-a-service company Cygilant shows a lack of confidence in respondents ability to protect customer data, with only 16.6 percent very confident that they can successfully protect customer data. In addition 68 percent of those surveyed cite a lack of company resources, including budget and time, as a top cyber security challenge. 80.5 percent say they have underfunded IT security budgets or no budget at all. Among other… [Continue Reading]

Quickly toggle on/off Windows security with new SysHardener

Most users seem to think Windows is locked down after installation, where it makes it almost impossible for anyone to gain access to your computer. It’s only after you install malicious software are security concerns raised, but these are typically intercepted by third-party security software. Problem is Windows ships with a middle ground configuration where it is forced to compromise between security and compliance. As an example, the geolocation service is switched on by default so applications can determine where you are located. For the security conscious, users might not want to allow applications to know where they are. Alternatively,… [Continue Reading]

Securing corporate WANs is top challenge for network pros

Growing complexity is a major issue in securing and managing corporate wide area networks according to a new survey. The study by software-based networking and security specialist Versa Networks  shows 68 percent of respondents think deploying and managing network security devices at branch locations is the most challenging aspect of WAN management, followed by increasing costs (53 percent) and information security risks at branch locations (49 percent). 74 percent of organizations surveyed say they utilize a direct internet connection for branch offices and simultaneously must deploy more devices to combat threats and other risks. This growing number of devices increases… [Continue Reading]