http://blogs.hitachi-id.com/blogs/idan Hitachi ID Systems, Inc. Thu, 26 Aug 2010 15:55:43 +0000 http://backend.userland.com/rss092 en Interesting post at lifehacker.com about how John Pozadzides would go about hacking someone's password. While it's nothing new, it does revisit good advice that everyone should follow: avoid passwords that are based on names of people close to you, don't think that sticking a digit at the end of your password makes it secure, etc. What it does ... http://blogs.hitachi-id.com/blogs/idan/2010/08/26/how-to-guess-your-password/ Interesting blog entry on serverfault.com about whether and when to grant developer access to production systems. It's a good read - if you're a developer or an admin - go read it. The one thing I can add to the discussion is simply this: it's not an all-or-nothing question. It's reasonable, for ... http://blogs.hitachi-id.com/blogs/idan/2010/08/25/developer-access-to-production-systems-sure-sometimes/ A couple of unrelated but similarly themed stories making the rounds: Seems that someone is trying to intimidate Julian Asange (of wikileaks fame) by fabricating and quickly withdrawing criminal charges: skunkpost.com. Seems like the Elections Commission of India is trying to muzzle a security researcher who pointed out that ... http://blogs.hitachi-id.com/blogs/idan/2010/08/22/the-unpleasant-intersection-of-government-security-and-privacy/ An interesting write-up at technology-science.newsvine.com and elsewhere. The original content for this appears to be here: www.gtri.gatech.edu. Sounds like the good folks at Georgia Tech have worked out how fast they can crack passwords (i.e., validate whether a guessed password matches the hash from a password database) using a GPU. They don't seem to ... http://blogs.hitachi-id.com/blogs/idan/2010/08/19/12-character-passwords-required/ Wow - we used to think of Microsoft as a scary company. In just one week Oracle has promised to eliminate live source code repositories for OpenSolaris, effectively making it "not quite open" (blogspot.com) and filed a lawsuit against Google over its use of the Java programming language (www.computerworld.com). Nice to see ... http://blogs.hitachi-id.com/blogs/idan/2010/08/17/good-corporate-citizenship/ Two blog posts in one day - that's a first! :-) Interesting read at securityweek.com (OK, I first found it on slashdot). The gist of it is that many users have the same password on social media sites and web-based public e-mail systems. My first impression is .... so? Those are ... http://blogs.hitachi-id.com/blogs/idan/2010/08/16/e-mail-social-media-passwords-the-same-who-cares/ A nice write-up about deploying full disk encryption to client devices: computerworld.com A couple of interesting tidbits: Key recovery is key (pun intended) Deployment rate seems to be about 10-25 PCs/IT staff/day. Brutal for enterprises. A good read, in any case! http://blogs.hitachi-id.com/blogs/idan/2010/08/16/full-disk-encryption-costs-and-benefits/ Seems like everyone is talking about moving everything to "the cloud" these days. Increasingly, the conversation is turning to moving IAM systems from an internally hosted platform (i.e., on a physical or virtual server) within the corporate perimeter, to an externally hosted platform, run by a service provider and connected over ... http://blogs.hitachi-id.com/blogs/idan/2010/03/18/iam-in-the-cloud/ I just read Jackson Shaw's post responding to Oracle's announcement about what they intend to do with the various Sun identity and access management products. (Read Jackson's post here) Quite funny - and I concur. Having looked at both the Sun and Oracle identity manager products in the past, ... http://blogs.hitachi-id.com/blogs/idan/2010/01/29/sun-idm-officially-dead/ Interesting reading: networkworld.com/news/2010/011510-financial-firm-notifies-12m-after.html Sounds like Lincoln National had a bunch of shared, static admin passwords and after 10 years (!!) someone was tipped off that ex-employees still had access and may have compromised customer privacy. Wow. Can you imagine leaving admin passwords the same for that long, presumably spanning the departure of IT admin staff? That's ... http://blogs.hitachi-id.com/blogs/idan/2010/01/17/bad-pr-x-12-million-customers/