Lateral Movement: There’s No Patch for Privilege Escalation
In the soft underbelly of IT security I discussed what Sanjay Tandon of Paramount Defense calls the “#1 cybersecurity risk,” or privilege escalation. However, sometime after finishing the post, I realized that I hadn’t emphasized sufficiently the following key point:… Continue reading
The Soft Underbelly of IT Security
Last Thursday CEO Sanjay Tandon “declassified” the “#1 cyber security risk to Active Directory.” When Sanjay contacted me, I wondered if he’d found a new code vulnerability in Windows and whether this was going to be a responsible disclosure… Continue reading
Federated Identity: Broad or Strong?
Broad deployments of federated identity have arrived in the form of social login. But in 2013 we find federation on the horns of a dilemma; can it be both broad and strong?
Federated identity, especially in the form OAuth… Continue reading
Piling On OAuth
For those who’ve read my previous OAuth posts, the title for this article is a double entendre. I mean to convey both the idea that I’m piling on OAuth assurance AND that the entire industry seems to be piling on… Continue reading