Leave it to Brian Krebs to break the big security story. They collect all our data and then let the spies and the crooks take it. Somehow, something seems wrong here:
Brian Krebs: Experian Sold Consumer Data to ID Theft Service An identity theft service that sold Social Security and drivers license numbers -- as well as bank account and credit card data on millions of Americans -- purchased much of its data from Experian, one of the three major credit bureaus, according to a lengthy investigation by KrebsOnSecurity.
Brian Krebs: Senator Demands More Info From Experian In the wake of revelations that credit bureau Experian sold consumer data to the proprietors of an underground identity theft service, a powerful U.S. senator is calling on the company to divulge more information on the extent of the potential damage to consumers.
Read on for more identity news:
Mike Schwartz: Two-factor authentication is not the answer. Why are most websites insecure? Many years ago, I heard that the best "bang for your buck" was to adopt two-factor authentication. Why is two-factor authentication not the answer? And does implementing two factor authentication actually have a high ROI?
Andras Cser: Forrester Expects a Wave of Acquisitions of Cloud IAM Providers With 1) SalesForce and other large SaaS vendors announcing grandiose plans for cloud IAM, not just for access control but also provisioning and 2) long-standing IAM 'arms suppliers' extending into the cloud (CA CloudMinder, SailPoint) we are already seeing pureplay cloud IAM players (Okta, OneLogin, Ping, etc.) starting to scratch their heads as to how to deal with the pressure. Forrester expects that we will see the following in the next 12-18 months:
Anil John: Why Protocol Profiles are Critical for Interoperability Standards development is a long, painful process and often results in a compromise everyone involved can live with. Implementations claiming compliance to the standard are not assured of interoperability, especially when integrations are between implementations done by different vendors or organizations. This in turn highlights the need for, and value of, protocol profiles.
Nancy Gohring: Microsoft makes it harder to avoid Azure Creating Azure Active Directory accounts for all Azure users invites all Azure customers to use Azure Active Directory. Once the forthcoming features become available, those customers may see little reason to try one of the startups. The result is that Microsoft has made Azure stickier.
Gunnar Peterson: Security Metrics Crying Need In Infosec, we think of the biggest influencers as the people who give talks at conferences, I disagree. Here is my list of the top five influencers on your security, these are the people who will impact security, positively and/or negatively.
IBM develops two-factor security for mobile devices Applying a combination of NFC technology and contactless bank cards, IBM has developed a simple two-factor authentication protocol for users conducting mobile transactions. [This looks like son of ZTIC, which would be good.]
Jim Reno, CA: The Evolution of 'Bring Your Own': How Far Will it Go? I'm old enough to remember when the three words "bring your own" were only ever followed by the word "bottle," and as Dorothy Parker said, "I'd rather have a bottle in front of me than a frontal lobotomy." But now we're racing ahead to see how many different things we can make the responsibility of the user, and I'm wondering how far this will go.
Heather Schlegel: Neux for You I've talked about using Kickstarter as an experiment in crowd-funding The Future of Money TV Series. But there's another experiment hidden inside the Kickstarter...
Identity Woman: Interesting events in 2013 This is a calendar of events that I know in 2013 (and beyond). I think they're interesting, I'm currently planning on attending all the events in BLACK, I'm helping co-organize all the events with RED headlines. Some events will change from interesting to attending as they approach.
eID & ePass 5th edition National eID & ePassport Conference - the Global Forum on the drivers behind the digitalization of citizen ID documents proudly announce the 5th edition in BERLIN 2013, 28th & 29th of October @Intercontinental Berlin.
Defrag 2013 Nov. 4-6, Broomfield, Colo. Accelerating the 'AHA' Moment
IDM 2013 Conference and Exhibition 6 Nov., Russell/London The IDM 2013 Conference and Exhibition is the UKs largest and premier gathering for IT and Business professionals responsible for IDM Infrastructure and Deployment.
InCommon Advance CAMP: Identity Services Summit Nov. 12-13, 2013 San Jose, CA. https://spaces.internet2.edu/display/ACAMP2013/Home Part of the 2013 Identity Week (www.incommon.org/idweek) Join leading identity architects and developers from U.S. research and higher education and international and commercial identerati. Explore the state of the art in identity services and discuss the leading edge work that's taking us there. Join us and get involved!
InCommon: CAMP Cloud: Identity and Access in an Era of Outsourced Services Nov. 14-15, 2013 - San Jose, CA. Part of the 2013 Identity Week (www.incommon.org/idweek) Are your campus stakeholders looking at cloud-based solutions? Are you experiencing challenges or do you have concerns with outsourcing email, storage, or other essential services? Are you concerned about the management and maintenance of an accurate, accountable identity inventory?
Gartner Identity & Access Management Summit 18 - 20 Nov. 2013 | Los Angeles, CA. Gartner Identity & Access Management Summit 2013 shows you how to develop your IAM strategy while advising on tactical IAM issues, challenges by BYOD or SaaS adoption, integration of social platforms, and more.
KuppingerCole Information Risk & Security Summit 2014 Nov. 27-28, 2013, Frankfurt, Germany The Information Risk & Security Summit at the Frankfurter Innovationszentrum FIZ Conference Lab, offers an unseen combination of thought leadership and interactive session formats, tackling the most demanding questions IT professionals are confronted with: How to support the extended & connected enterprise with brilliant services without taking too many big risks.
Cloud Security Alliance Congress Dec. 4-5, The Rosen Centre Hotel, Orlando, FL. The CSA Congress is the industry's premier gathering for IT security professionals and executives who must further educate themselves on the rapidly evolving subject of cloud security.