Heartbleed wrapped its sinister hands around the neck of every Web site's URL and then seemingly faded <
alt="this_week_in_identity-sm logo.png" src="/blogs/content/dam/pic/images/blog/pingtalk/this_week_in_identity-sm%20logo.png" width="200" height="76" class="mt-image-right" style="float: right; margin: 0 0 20px 20px;"> into the background. But don't be fooled, the danger still exists for those ignoring remediation. And the list of remediation is long. The OpenSSL Project, which oversees the desire of the Heartbleed attack, issued its first report card and a roadmap of tasks to complete. It is overwhelming to say the least. Problems exist not only at a technical level but also in the organization itself. Larry Seltzer over at ZDNet summed up the sad state of affairs.
Klint Finley: Online Security Is a Total Pain, But That May Soon Change Staying secure online is a pain. If you really want to protect yourself, you have to create unique passwords for every web service you use, turn on two-factor authentication at every site that supports it, and then encrypt all your files, e-mails, and instant messages. At the very least, these are tedious tasks. As many internet users seek to improve their security in the wake of ex-government contractor Edward Snowden exposing the NSA's online surveillance programs, these difficulties remain a huge issue.
Mauricio Estrella: How a Password Changed My Life Back in 2011, when everything had gradients, iOS icons made sense, and people used deodorants, I was stuck in middle of a pretty bad depression due to my divorce. Thankfully, I think I was smart enough (and had great people around me) so I managed my way out.
Data breaches in 2013 exposed 14% of all debit cards Financial institutions weathered the Target data breach and are looking for solutions to enhance security, with many issuers now planning to implement EMV debit, according to PULSE. Overall, 14 percent of all debit cards were exposed in data breaches in 2013, compared to 5 percent in 2012. The resulting 2013 fraud losses to financial institutions amounted to 5.7 basis points for signature debit and 0.7 basis points for PIN debit.
Danny Yadron: Corporate Boards Race to Shore Up Cybersecurity After a series of high-profile data breaches and warnings, corporate boards are waking to cyberthreats, grappling with security issues they once relegated to technology experts. Computer hacking is on the agenda these days when Kellogg Co. 's directors meet, alongside more conventional topics like cereal trends and the company's reliance on Wal-Mart Stores Inc. Kellogg's management is especially worried that cyberattackers might try to steal the company's know-how, like the way it puts the "Snap, Crackle and Pop" in Rice Krispies or the curve in Pringles potato chips, according to two people briefed on its computer defenses.
Mikey Campbell: Apple invention changes iPhone user authentication settings based on location A patent application published on Thursday reveals an Apple solution that dynamically changes a mobile device's user interface, security levels and other behaviors based on its location, whether it be at the office or in a user's home. In a filing with the U.S. Patent and Trademark Office titled "Location-sensitive security levels and setting profiles based on detected location," Apple describes a system in which the hardware and software of a mobile device work together to automatically adjust various UI and device behavior settings.
Joe McKendrick: It turns out not everyone wants BYOD Based on all the analyst reports, articles, and conference chatter out there, one can be forgiven for assuming that bring your own device (BYOD) is an unstoppable wave that needs to be accommodated and supported in enterprises. In fact, a conscientious, business-minded CIO would like to see BYOD as the ultimate expression of user desires, and work at ways to design systems that are open and accommodating to any and all smartphones or tablets. Some IT leaders are bucking the trend, however. In fact, there may even be a growing backlash against BYOD.
Natasha Lomas: Forget.me Puts Out Early Data On What Europeans Want To Vanish From Google An online service called Forget.me, launched last week to quickly capitalize on a European court ruling from late May that requires Google to process requests by private individuals to de-index outdated or irrelevant personal information, has put out some early data on the kind of requests individual Europeans are submitting via its (for now) free service. The invasion of privacy category looks like this:
Cloud Identity Summit 2014 July 19-22; Monterey, Calif. The modern identity revolution is upon us. CIS converges the brightest minds across the identity and security industry on redefining identity management in an era of cloud, virtualization and mobile devices.
Gartner Catalyst - USA Aug. 11-14; San Diego, CA A focus on mobile, cloud, and big data with separate tracks on identity-specific IT content as it relates to the three core conference themes.
Application Security Forum Nov. 4-6; Yverdon-les-Bains, Switzerland The conference is a well-established annual event dedicated to information, application and software security that features a full-day of training sessions and two days of conference sessions.