Didn’t think I’d be writing back-to-back posts regarding breaches, but that’s the world we live in now. And the LastPass breach is interesting on many levels. In warning users of the breach, LastPass disclosed that their investigation into the breach showed “that LastPass account email addresses, password reminders, server per user salts, and authentication hashes were
Kaspersky Labs has revealed this week that their corporate network was subject to a sophisticated cyber-intrusion that leveraged a new malware platform. Their investigation is ongoing, and they have found the malware to have been used against other victims as well. So while I am sure there are more details that they will reveal, I
Algorithms. Algorithms. Algorithms. If Steve Ballmer were still running the show at Microsoft, I’m pretty sure that would have been his chant at the next conference. The abundance of data being generated, collected and analyzed now is so vast that it has been a completely logical progression to move away from human analysis to algorithmic
It all started with a tweet I sent regarding the position on passwords and password managers that a member of Microsoft Research was taking in an NPR article (I’ll expand on my viewpoint in a later blog post). But one of the resulting responses I received sent me down a very interesting rabbit hole. Faux 2FA? Of course I
Ever since the Snowden revelations broke, there has been a lot of interest in metadata, with a lot of ink (or should that be bytes?) devoted to defining exactly what it is, where it can be gathered from, who is capable (and how) of doing said gathering, and most importantly of all, if it is
If you managed to catch my talk at this years Cloud Identity Summit, either in-person or using the video recording I posted (and if you haven’t, what are you waiting for?), then you know that I relied on humor to engage my audience while presenting a serious vision of how IAM needs to evolve for the better. That
Another Cloud Identity Summit has come and gone, and even though it only happens once a year, the effect of being at “the top event on the identity calendar” (as Stephen Wilson puts it) always lingers. You leave trying to process all the great content and ideas you got exposed to, thinking about the wonderful
It would be pretty funny if the next ad for Apple’s iDevices touting TouchID happened to make the point using Google Glass (“In a world, where Glassholes are everywhere – behind you in line at Starbucks, sitting next to you on the BART, even lying in bed next to you – no passcode is safe!”).
In developing SCUID, we’ve been taking a very deep look at how the very nature of online identity (mostly enterprise identity, but a lot of it extends equally well to the broader definition of online identity) is changing in terms of how it is managed and what it needs to support. And in addition to
So, this wasn’t planned. But Slideshare, where I have been posting all of my talks, announced that they are discontinuing their excellent Slidecast feature. I’ve relied on that feature almost exclusively over the last few years for posting my slides along with their accompanying audio. Most of my presentations are highly visual, featuring imagery, humor