Home Tags Access Control

Tag: Access Control

NSA had NFI about opsec: 2016 audit found laughably bad security

Unlocked racks. No 2FA. No access control lists. No wonder Snowden got away with it Second-rate opsec remained pervasive at the United States' National Security Agency, according to an August 2016 review now released under Freedom of Information laws.…

Honeypots and the Internet of Things

According to Gartner, there are currently over 6 billion IoT devices on the planet. Such a huge number of potentially vulnerable gadgets could not possibly go unnoticed by cybercriminals. As of May 2017, Kaspersky Lab’s collections included several thousand different malware samples for IoT devices, about half of which were detected in 2017.

Vidder Now Protects Applications from Compromised Devices and Backdoors

New Capabilities Enhance Access Control Security While Reducing ComplexityCAMPBELL, Calif. – June 13, 2017 – Vidder, Inc., the pioneer and market leader in Trusted Access Control, today announced the addition of endpoint trust assessment to its PrecisionAccesstrade; solution. With trust assessment, PrecisionAccess allows only trusted clients to access enterprise applications – isolating compromised devices from accessing them – a first for access control solutions. PrecisionAccess already protects applications and servers from unauthorized users, unregistered devices,... Source: RealWire

VU#491375: Intel Active Management Technology (AMT) does not properly enforce access...

Technologies based on Intel Active Management Technology may be vulnerable to remote privilege escalation,which may allow a remote,unauthenticated attacker to execute arbitrary code on the system.

Open source JavaScript, Node.js devs get NPM Orgs for free

NPM Inc.'s NPM Orgs tool, which has been available as a paid service for JavaScript and Node.js development teams collaborating on private code, is now available for free use by teams working on open source code.The SaaS-based tool, which features capabilities like role-based access control, semantic versioning, and package discovery, now can be used on public code on the NPM registry, NPM Inc. said on Wednesday.

Developers can transition between solo projects, public group projects, and commercial projects, and users with private registries can use Orgs to combine code from public and private packages into a single project. [ Use JavaScript in your dev shop? InfoWorld looks at 17 JavaScript editors and IDEs and 22 JavaScript frameworks ready for adoption. | Keep up with hot topics in programming with InfoWorld's App Dev Report newsletter. ]"The only difference in functionality [between private and open source use] is that you can mark packages as private if you're a paid organization," NPM Inc.

CEO Isaac Schlueter, said.

For developers collaborating with a team of people on private packages, Orgs costs $7 per user.To read this article in full or to leave a comment, please click here

Build your own sharing system, with help from Google engineers

Engineers at Google have unveiled Upspin, an experimental open source project for creating file-sharing infrastructure that works "securely, uniformly, and globally." It isn't yet competition for the likes Box or Dropbox.

But in time, its creators hope it could serve as the underpinnings for just such an offering.[ Docker, Amazon, TensorFlow, Windows 10, and more: See InfoWorld's 2017 Technology of the Year Award winners. | Cut to the key news in technology trends and IT breakthroughs with the InfoWorld Daily newsletter, our summary of the top tech happenings. ]A place for everyone's stuff From the outside, Upspin -- not an official Google offering, just one created by some of its employees -- looks like a shared file system with namespaces for each user.

But its real value, according to its creators, is "a set of interfaces, protocols, and components from which an information management system can be built, with properties such as security and access control suited to a modern, networked world."To read this article in full or to leave a comment, please click here

Google Upspin Secure File-Sharing Released to Open Source

New file-sharing protocols and interfaces called Upspin have been released to open source.

Built by Google, Upspin returns access control and data security to the user.

Cisco Secure Access Control System Information Disclosure Vulnerability

A vulnerability in the web interface of the Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to disclose sensitive information. The vulnerability is due to the inclusion of sensitive informa...

Cisco Secure Access Control System Open Redirect Vulnerability

A vulnerability in the web interface of the Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to redirect a user to a malicious web page.   The vulnerability is due to improper input vali...

Cisco Secure Access Control System XML External Entity Vulnerability

A vulnerability in the web-based user interface of the Cisco Secure Access Control System (ACS) could allow an authenticated, remote attacker to have read access to part of the information stored in the affected system. The vulner...

Cisco Secure Access Control System Cross-Site Scripting Vulnerability

A vulnerability in Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to conduct a DOM-based cross-site scripting (XSS) attack against the user of the web interface of the affected system. The...

Features of secure OS realization

There are generally accepted principles that developers of all secure operating systems strive to apply, but there can be completely different approaches to implementing these principles.