Since inception, I had been following MITRE’s ATT&CK Navigator knowledge base for studying (threat modeling) pre and post-exploit techniques on Web, Mobile and Enterprise applications more particularly running on Windows and Linux systems. Indeed, it is a great resource for understanding the devil in the details of attack techniques and simulate it from simple hacking credentials from the initial access… Read more »
It’s been a while I had been following the “HyperLedger” project initiatives under Linux foundation – it is growing faster than I thought (Not sure, when Oracle will join HyperLedger..probably they are annoyed by HyperLedger use of RockDB, CouchDB)! I attempted to test drive HyperLedger 0.6 before — it didn’t get me anywhere with too many dependencies. That said, a couple… Read more »
First, I am not a BitCoin investor or miner (perhaps in the future)…but it’s been a while I had been following BitCoin’s underlying technology called “Blockchain”! In fact, Bitcoins value hangs on the trust provided by Blockchain technology! Quite fascinating – Blockchain facilitates a way where multiple parties who remain anonymous can trust and collaborate each other using a consensus-based protocol… Read more »
In a typical Single Sign-On (SSO)/Federation scenario using SAML, the Service Provider (SP) initiates the user authentication request using SAML AuthnRequest assertion with an Identity Provider (IDP). The IDP authenticates the principal and returns a SAML AuthnStatement assertion response confirming the user authentication. If the user is successfully authenticated, the SP is required to have the subject’s profile attributes of the authenticated… Read more »
With increasing incidents of online frauds through username/password compromises and stolen/forged identity credentials – Strong authentication using multi-factor credentials is often considered as a defensive solution for ensuring high-degree of identity assurance to accessing Web applications. Adopting multi-factor credentials based authentication has also become a most common security requirement for enabling access control to critical online banking transactions and to safeguard online customer information (Mandated by FFIEC… Read more »
Last night, CBS ran a 60 Minutes report on “Sabotaging the System” highlighting the potential dangers associated with the security vulnerabilities of critical government IT systems. More than news, CBS presented this story with special insights from cybersecurity experts and disclosed some scary facts…serious stuff and hard to ignore ! I am sure this story will raise the heat on some who… Read more »
I admit that I am not a SOA expert or pretend to be one ! Lately, I had a chance to explore few security features intended for securing XML Web Services and Java EE applications. With my little knowledge to SOA, I found that XML Web services play a vital role in SOA to enable loosely-coupled services and ensuring interoperability. From a security perspective, the core foundation… Read more »
Looks like convergence projects are in the limelight… lately I noticed a lot of interests on enabling the use of common credentials for securely accessing physical and logical resources. Although we find most convergence projects are targeted at the enterprise level but there are serious minds working on using smartcard based PKI credentials for supporting citizen-scale projects (I regret that… Read more »
Java Card technology has been a passion of mine for so long and I always tried my best to keep updated on Smart card technologies…… not just because of my role at Sun, I did get several opportunities to work closely with citizen-scale Java Card deployments with multiple National ID, eID/ICAO, US DoD/CAC, PIV/FIPS-201 cards and related Identity management projects. It is always been quite adventurous everytime to experience a card issuance… Read more »
Just came across this interesting web site – NationalIDWatch.org a consumer protection web site by Liberty Coalition, which provides a registry of personalized data breach reports… that reports whether your personal identity information has been stolen or publicly exposed or not ! If your identity information is compromised, it indicates the size of exposure, sensitivity and how it is distributed and so… Read more »