Archive | Identity and Access Management RSS feed for this section

Changing 40+ Passwords: Thanks Heartbleed

13 May

Following the Heartbleed revelations, the security advice from the great and good was to change all passwords. To support World Password Day, I changed over 40 other them – quite an interesting exercise. Alarmingly, it appears I am still vulnerable.
Continue reading

Heartbleed – Can CRLs cope?

14 Apr

It has been shown that Heartbleed can be used to leak SSL private keys (if the attackers are lucky). So now many experts are recommending that you revoke and re-issue SSL certificates for your web server. Can the certificate revocation mechanism cope?
Continue reading

Heartbleed: Biometrics are not the answer

12 Apr

Following on from Heartbleed, there have been poorly judged calls from many to change all your passwords.
Continue reading

Heartbleed hype – Password killer

11 Apr

There are a huge number of news items, tweets and posts running around the Internet at the moment. I don’t pretend to know the details about Heartbleed, but I do not some of the expert opinion offered just adds to the general public’s confusion, and does not really help matters.
Continue reading

De-provisioning a user in a delegated identity federation model

26 Nov

Wow, that’s a mouthful of a subject. However, an interesting question was posed on exactly that topic by a delegate at a recent identity management conference I attended.
Continue reading

S/MIME on Trial

17 Oct

For the last 3 months I have, by default, digitally signed my email. Well that was the plan…

Continue reading

Paradise Lost?

20 Aug

During the late 1980’s and early 1990’s I spent a great deal of my time, and European Research funding, working on the Paradise project. Was it worth the effort?

Continue reading

Test Your Password Here – Or Maybe Don’t

6 Jul

Is the tweet below good advice from @GetSafeOnline?

Continue reading

Search for Outlook email contacts in Twitter, via iPad

14 May

I have a lot of email addresses of people I send and receive email from in Microsoft Outlook. I was certain many of these folk would be on Twitter, and wanted to find out who – this would seem to be an easy thing to do in concept, but I could not find a quick and easy way – here is how I did it using Outlook & Twitter iPad.

Continue reading

Your Password is Obsolete

23 Apr

Following on from my blog article Logging on is becoming too hard to do securely here is a good info graphic about the state of passwords:

Continue reading