Sunday, August 26, 2012

SAML - Vulnerable

German university publishes white paper that shows significant vulnerabilities in the SAML usage of large Internet businesses. SAML is used to authenticate users across security domains e.g. Using your Facebook credential to authenticate to another website.

Read more: https://www.usenix.org/conference/usenixsecurity12/breaking-saml-be-whoever-you-want-be

Sunday, February 19, 2012

No stop to the "Ueber Breaches"

Latest member in the club of breached high profile companies: Symantec or to be fair, Verisign which now belongs to the Symantec empire. According to press releases Verising had a serious security breach back in 2010. According to Verisign no unauthorized access to critical servers has taken place. The question comes up how can Verisign, RSA and all those other companies be so sure about that no access to critical servers has taken place?!

Looking at the amount of data that those breaches potentially have exposed we might soon see the ultimate hack, using all that information gathered so far.


1SSA - Security Consulting, Training and Products

Friday, February 17, 2012

Where are the clouds moving to...

...to every one's IT environment and not the outsourcing companies or at least not in the public cloud. The still sceptical industry is more and more leaning to the private cloud. The outsourcing industry that mainly benefited from the public cloud movement is still predicted to get a big slice of the market. However outages (Some hosting providers do not count outages less than 5 minutes), the still unresolved questions around privacy, the sometimes "interesting" SLAs that basically leave customers in the rain when things go wrong, do not necessary increase the trust in the public cloud and the outsourcing organizations offering public cloud services. The cloud technology will have its place in the IT universe without question, however it won't be the quantum jump that some cloud fanatics predicted. On the other hand probably up to the last second of cloud computing existence, assuming there is something else coming after it, vendors, hosting providers and software companies will fight over what cloud really is.

1SSA - Security Consulting, Training and Products