Skip Links

Identity Management Research Center

Your source for identity management news, opinion, product comparisons and reviews.

Identity Management News
Oracle identifies products affected by Heartbleed, but work remains on fixes
Oracle has issued a comprehensive list of its software that may or may not be affected by the OpenSSL (secure sockets layer) vulnerability known as...
VMware promises Heartbleed patches for affected products by the weekend
VMware started patching its products against the critical Heartbleed flaw that puts encrypted communications at risk, and plans to have updates ready...
TrueCrypt source code audit finds no critical flaws or intentional backdoors
The source code of TrueCrypt, a popular disk encryption tool, is not the most polished work of programming, but it has no critical flaws or...
Jetpack for WordPress pushes patch for two year-old flaw
The developers behind Jetpack, one of WordPress' most popular plugins, have patched a serious flaw introduced in 2012 that would enable an...
AT&T hacker Weev released from prison after appeals court overturns conviction
Andrew Auernheimer, known online as "weev," has won an appeal against his conviction for exploiting a vulnerability in AT&T's...
Tests confirm Heartbleed bug can expose server's private key
Four researchers working separately have demonstrated a server's private encryption key can be obtained using the Heartbleed bug, an attack...
US charges nine with distributing Zeus malware
The U.S. Department of Justice has brought charges against nine alleged members of a criminal organization that distributed the Zeus Trojan used to...
Users face serious threat as hackers take aim at routers, embedded devices
Home routers and other consumer embedded devices are plagued by basic vulnerabilities and can't be easily secured by non-technical users, which...
Sality malware, growing old, takes on a new trick
A botnet that was slowly shrinking has taken on a new trick: brute-forcing routers set to easy-to-guess credentials.
Researchers publicly disclose vulnerabilities in Oracle Java Cloud Service
Security researchers released technical details and proof-of-concept code for 30 security issues affecting Oracle's Java Cloud Service, some of...
Hacked passwords can enable remote unlocking, tracking of Tesla cars
Tesla Motors accounts are protected only by simple passwords, making it easy for hackers to potentially track and unlock cars, according to a...
Security vendor Trustwave named in Target-related suit
Security vendor Trustwave was accused in a class-action suit of failing to detect the attack that led to Target's data breach, one of the largest...
EA Games site hacked to steal Apple IDs
An Electronic Arts website was hacked in a phishing scheme aimed at the acquisition of Apple IDs and credit card numbers, security researchers...
Some Samsung Galaxy devices contain a file access backdoor, Replicant developers say
The developers of Replicant, a mobile OS based on Android, claim to have found a backdoor vulnerability in a software component shipped with some...
Lawmakers fail to ask NSA chief about agency's malware plans
U.S. lawmakers had a chance to pose questions to the director of the National Security Agency on Wednesday but declined to ask him about reports that...
Joomla receives patches for zero-day SQL injection vulnerability, other flaws
Recently released security updates for the popular Joomla content management system (CMS) address a SQL injection vulnerability that poses a high...
Cisco patches vulnerabilities in small business routers and wireless LAN controllers
Cisco Systems released new firmware versions for some of its small business routers and wireless LAN controllers in order to address vulnerabilities...
Tracking with metadata: It's not all bad
Metadata has had a bad rap lately, with disclosures tying its collection to government spying programs. But those bits of information lurking behind...
Withdrawal vulnerabilities enabled bitcoin theft from Flexcoin and Poloniex
Hackers found security weaknesses that allowed them to overdraw accounts with Flexcoin and Poloniex, two websites that facilitate bitcoin...
Gameover malware tougher to kill with new rootkit component
A new variant of the Gameover malware that steals online banking credentials comes with a kernel-level rootkit that makes it significantly harder to...