720-891-1663

The Future of Authentication – More Secure but More Difficult

The IRS is changing from using a homegrown userid and password based authentication system to a third party single signon type of system run by ID.ME. Given that the IRS doesn’t have a great track record for security, your first inclination might be “can’t be any worse than what they had before”. The short version […]

Continue reading → [DISPLAY_ACURAX_ICONS]

Governments Struggle to Deliver Secure Online Services to Citizens

As times change and as a function of the pandemic response, governments are trying to deliver more services online. Unfortunately, governments rarely get to hire the best or the brightest software developers or security architects because they cannot match what the private sector can offer. Auth0 recently released the findings of its Public Sector Identity […]

Continue reading → [DISPLAY_ACURAX_ICONS]

It’s To Protect The Children

Law enforcement has been trying since at least the 1990’s when they jailed and tried to convict Phil Zimmerman for creating an open source encryption program called PGP, to put the encryption genie back in the bottle. The problem is that encryption is math and math doesn’t care about politics. If some governments were to […]

Continue reading → [DISPLAY_ACURAX_ICONS]

The Latest Supply Chain Risk – Your Desk Phone

Senator Chris Van Hollen (Maryland) wrote a letter to Commerce Secretary Raimondo asking what she planned to do about this security vulnerability – the first we are hearing about it. Raimondo could ban the equipment, just like equipment made by Huawai and others. Chinese electronics maker Yealink is not a household word like Huawei, but […]

Continue reading → [DISPLAY_ACURAX_ICONS]

Security News for the Week Ending December 24, 2021

Russian Hackers Make Millions by Stealing SEC Earning Reports A Russian hacker working for a cybersecurity company has been extradited to the U.S. for hacking into the computer networks of two SEC filing agents used by multiple companies to file their quarterly and annual SEC reports. Using that insider information, the hacker traded stock in […]

Continue reading → [DISPLAY_ACURAX_ICONS]