Well, we found people with plenty to say so read on
Adam Greenberg: Hacker passwords not much stronger than the average user's, researcher finds Hacker passwords are not all that much stronger than those used by the average user, according to an AVAST researcher. Antonin Hýža, a virus lab analyst with AVAST who analyzed nearly 2,000 passwords this week, told SCMagazine.com that the passwords he studied were used by black hat hackers to gain illegal access to servers. Hýža concluded that the most frequently used password in the English dictionary is 'hack.'
Mary Bates: To Beat a Parasite, Birds Teach Their Young a Secret Password A few years ago, Diane Colombelli-Négrel, Sonia Kleindorfer, and colleagues from Flinders University in Australia discovered a remarkable way one bird fights back against brood parasites who lay their eggs in the nests of other birds, leaving them to raise their chicks. Female superb fairy-wrens teach their embryos a "password" while they're still in their eggs. Each female's incubation call contains a unique acoustic element. After they hatch, fairy-wren chicks incorporate this unique element into their begging calls to ask for food. Colombelli-Négrel, Kleindorfer, and colleagues showed that chicks whose begging calls most resembled their mothers' incubation calls received more food.
Mike Schwartz: What happened at the IRM Summit The schedule featured many great talks, and there was a significant presence of sponsors. Certainly not meant to be a comprehensive summary, but below were some highlights and some snapshopts!
Hans Zandbelt: Federation Babel Fish (or how to upgrade your federation protocol) Over the course of the past 10 years, federated single sign-on (SSO) has been successfully applied across many different business sectors. Today, the majority of federated SSO connections are based on the SAML 2.0 protocol. But what happens when a party wants to start using a new protocol (say OpenID Connect) or wants to upgrade to a newer version of an existing protocol (say SAML 1.1 to SAML 2.0)? In traditional single-protocol implementations, one would have to make sure that all federation partners have deployed that new protocol stack before making a big-bang transition. That is a time consuming and labor intensive process that is likely to break at some point.
John Fontana: CIS Series. Ben Kepes: Context is King Identity happens in the world around you. Define that world and you define your identity. Change that definition, and it changes your identity. For Ben Kepes, a technology evangelist, investor, commentator and business adviser with a global reach, his Cloud Identity Summit keynote in July won't target identity as much as the world around it. He hopes by the end of the conference he has led attendees to uncover new angles on identity that challenge their conventional thinking.
Peter Apps: Upsurge in hacking makes customer data a corporate time bomb With hackers stealing tens of millions of customer details in recent months, firms across the globe are ratcheting up IT security and nervously wondering which of them is next. The reality, cyber security experts say, is that however much they spend, even the largest companies are unlikely to be able to stop their systems being breached. The best defence may simply be either to reduce the data they hold or encrypt it so well that if stolen it will remain useless. "The theft of financial information has a limited lifespan, until we make changes the account details," said Andy Heather, vice president for Europe, Middle East and Africa at Voltage Security. "The personal information that can be obtained by accessing someone's account profile has much broader use and can be used to commit a much wider range of fraud."
Grant Hatchimonji: The use of mobile credentials is on the rise, but can they be secured? Given the current prevalence of mobile devices, especially smartphones, it comes as no surprise that they are becoming more and more entwined with everyday aspects of our lives. We don't just use them to make calls, to text, or to browse the internet anymore. We can use them to do just about anything, and that includes using them as a means to provide our credentials.
Elie Chevignard: OAuth Tutorial - 3 reasons why developers struggle The objective of this OAuth tutorial is to highlight a few pain points and explain why OAuth can be difficult to integrate for a developer. We are not discussing OAuth providing, but the integration of a service that relies on OAuth. Here, our perspective is the developer consuming OAuth for his app or website.
Dominick Baier: Writing an OpenID Connect Web Client from Scratch OIDC is supposed to make things easier, so I thought it would be a good exercise to write a web application that uses OIDC to authenticate users - but without using any OIDC specific libraries. I chose to use the implicit flow with the form post response mode - which is very similar to the WS-Federation or SAML2p POST profiles. Let's see how much code it takes.
Martine Kuppinger: Dynamic Authorization Management and ABAC: The journey is the reward Chinese philosopher Confucius is said to be the originator of the saying "the journey is the reward". What does it mean? In its historic meaning, it says that by moving forward people will benefit, even while they might not reach perfection. Applied to projects, it means that continuous improvements, new understandings and small successes over time are the reward - not the ideal end-state. In IT, a project might never reach its desired end-state, at least not at enterprise scale. One example is what is commonly referred to as Dynamic Authorization Management (as a discipline) or ABAC - Attribute-based Access Control - (as a theoretical concept).
Yossef Oren, Angelos Keromytis: Attacking the Internet using Broadcast Digital Television The Digital Video Broadcasting (DVB) consortium introduced a specification called Hybrid Broadcast-Broadband Television (HbbTV), which allows broadcast streams to include embedded HTML content which is rendered by the television. This system is already in very wide deployment in Europe, and has recently been adopted as part of the American digital television standard. Our analyses of the specifications, and of real systems implementing them, show that the broadband and broadcast systems are combined insecurely. This enables a large-scale exploitation technique with a localized geographical footprint based on radio frequency (RF) injection.
Eric Z: Salesforce targets wearables with enterprise APIs The bulk of today's apps for wearables focuses on fitness, notification management and media. Salesforce.com thinks it's high time the enterprise got involved and today launched Salesforce Wear, what it says is the first business-centric wearable computing initiative.
Doc Searls: VRM early June rundown A sort of "This Week in VRM" put together by Doc Searls, with a number of stories, summaries and links relevant to the VRM and privacy community, and anyone else who wants to protect their data from broadcast by the Internet Circus Barker.
Gartner Catalyst - UK June 17-18; London A focus on mobile, cloud, and big data with separate tracks on identity-specific IT content as it relates to the three core conference themes.
Cloud Identity Summit 2014 July 19-22; Monterey, Calif. The modern identity revolution is upon us. CIS converges the brightest minds across the identity and security industry on redefining identity management in an era of cloud, virtualization and mobile devices.
Gartner Catalyst - USA Aug. 11-14; San Diego, CA A focus on mobile, cloud, and big data with separate tracks on identity-specific IT content as it relates to the three core conference themes.
Application Security Forum Nov. 4-6; Yverdon-les-Bains, Switzerland The conference is a well-established annual event dedicated to information, application and software security that features a full-day of training sessions and two days of conference sessions.