It's not a positive from a security standpoint without two-factor authentication, if you are thinking about security on the endpoint. I was thinking more about the security of the company holding the data at the back-end. But yes, without proper two-factor authentication those golden credentials are going to be at the mercy of malware/unsecured wifi/shoulder surfers and all the rest. User education would be one of the keys in getting around that, but as we all know, users don't want security - unless they've already been got at.
On 27 April 2011 14:32, Ziots, Edward <[email protected]> wrote: > IAM Nice idea, but think, when I can trick the user out of their > credentials ( Social Engineering, Malware, Keylogger) then I have 10X more > access to systems on the target network than I would have had before in a > non-IAM type of environment. So how is this a net positive? > > > > I just don’t see strong authentication ( 2X factor) in the initial > authentication mechanisms of SSO/IAM that could help with this, in > implementations, therefore can you really trust a person/entity is who they > claim to be just by a username and password? ( Nope) > > > > Z > > > > Edward E. Ziots > > CISSP, Network +, Security + > > Network Engineer > > Lifespan Organization > > Email:[email protected] > > Cell:401-639-3505 > > > > *From:* Rod Trent [mailto:[email protected]] > *Sent:* Wednesday, April 27, 2011 9:27 AM > > *To:* NT System Admin Issues > *Subject:* RE: Massive Databreach of Sony Playstation Database, > > > > Facebook rules the day already when it comes to single sign-on. They have > quietly taken the lead on that. > > > > *From:* James Rankin [mailto:[email protected]] > *Sent:* Wednesday, April 27, 2011 9:24 AM > > *To:* NT System Admin Issues > *Subject:* Re: Massive Databreach of Sony Playstation Database, > > > > I think these sort of things will power a drive towards more centralised > identity management in general. At the moment, it is nothing but a risk to > store a username and password and possibly financial data on hundreds of > different websites with differing levels of security. Even for the > intelligent, managing these vast arrays of logins and data presents a > challenge which can often only be managed by third-party software. > > I wouldn't be surprised to see the likes of Google and Facebook trying to > move in on this - using your login for Google, for example, to log on to > myriad different websites, therefore only worrying about whether Google get > hacked or not. Although I also see a move towards more federated ways of > accessing different systems coming out from the likes of Citrix and VMWare > as well, I think things like OpenCloud and Project Horizon also have started > to encompass some form of identity management. > > On 27 April 2011 14:19, Ziots, Edward <[email protected]> wrote: > > More food for thought, I am sure that other devices ( WII, Xbox, etc > etc) could also be exploitable, it underlies a bigger problem with database > security in general. > > If you have provided information from your playstations to Sony to download > content, you might want to be watching your CC Card information and other > accounts very carefully, since your information is probably in the > possession of unauthorized parties atm. > > > http://www.ibtimes.com/articles/138557/20110427/sony-playstation-suffers > -massive-data-breach-criticized.htm > > Sincerely, > EZ > > Edward E. Ziots > CISSP, Network +, Security + > Network Engineer > Lifespan Organization > Email:[email protected] > Cell:401-639-3505 > > > unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > > > > -- > "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into > the machine wrong figures, will the right answers come out?' I am not able > rightly to apprehend the kind of confusion of ideas that could provoke such > a question." > > *IMPORTANT: This email is intended for the use of the individual > addressee(s) named above and may contain information that is confidential, > privileged or unsuitable for overly sensitive persons with low self-esteem, > no sense of humour or irrational religious beliefs. If you are not the > intended recipient, any dissemination, distribution or copying of this email > is not authorised (either explicitly or implicitly) and constitutes an > irritating social faux pas. > > Unless the word absquatulation has been used in its correct context > somewhere other than in this warning, it does not have any legal or no > grammatical use and may be ignored. No animals were harmed in the > transmission of this email, although the kelpie next door is living on > borrowed time, let me tell you. Those of you with an overwhelming fear of > the unknown will be gratified to learn that there is no hidden message > revealed by reading this warning backwards, so just ignore that Alert Notice > from Microsoft. > > However, by pouring a complete circle of salt around yourself and your > computer you can ensure that no harm befalls you and your pets. If you have > received this email in error, please add some nutmeg and egg whites, whisk > and place in a warm oven for 40 minutes.* > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > -- "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question." *IMPORTANT: This email is intended for the use of the individual addressee(s) named above and may contain information that is confidential, privileged or unsuitable for overly sensitive persons with low self-esteem, no sense of humour or irrational religious beliefs. If you are not the intended recipient, any dissemination, distribution or copying of this email is not authorised (either explicitly or implicitly) and constitutes an irritating social faux pas. Unless the word absquatulation has been used in its correct context somewhere other than in this warning, it does not have any legal or no grammatical use and may be ignored. No animals were harmed in the transmission of this email, although the kelpie next door is living on borrowed time, let me tell you. Those of you with an overwhelming fear of the unknown will be gratified to learn that there is no hidden message revealed by reading this warning backwards, so just ignore that Alert Notice from Microsoft. However, by pouring a complete circle of salt around yourself and your computer you can ensure that no harm befalls you and your pets. If you have received this email in error, please add some nutmeg and egg whites, whisk and place in a warm oven for 40 minutes.* ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
