«
Expand/Collapse
41 items tagged "identity"
Related tags:
sql [+],
privacy event [+],
privacy [+],
vulnerability [+],
oracle [+],
management [+],
world [+],
pixel [+],
max kilger [+],
digital [+],
demarcation line [+],
vulnerability note [+],
username parameter [+],
usermanagement [+],
talk [+],
sql injection [+],
security [+],
offerings [+],
name [+],
international standardization [+],
injection [+],
identity theft [+],
christoph engemann [+],
audio [+],
arbitrary html [+],
anonymity on the internet [+],
web2 0 [+],
web [+],
van bruggen [+],
udo neitzel [+],
twitter [+],
theft [+],
taking a leak [+],
streamlined application [+],
service [+],
security vulnerability [+],
reporting security [+],
remote security [+],
ralf bendrath [+],
network [+],
leak [+],
laws [+],
john q. newman [+],
john q newman [+],
jan schallabck [+],
intruders [+],
crenshaw [+],
caspar bowden [+],
application server [+],
adrian crenshaw [+],
access [+],
video [+],
usa [+],
technical security [+],
targets [+],
takedown [+],
study [+],
steals [+],
spoof [+],
social engineering [+],
server code [+],
safer use [+],
reveal [+],
read [+],
passport service [+],
passport [+],
paper [+],
orange county [+],
noble has [+],
microsoft targets [+],
microsoft [+],
medical [+],
management event [+],
man [+],
information leaks [+],
holidays [+],
fault [+],
facebook [+],
engines [+],
engine database [+],
engine [+],
economics [+],
day [+],
darknet [+],
credentials [+],
county man [+],
core aim [+],
code execution [+],
cisco [+],
chief ronald k [+],
botnet [+],
boss [+],
black hat [+],
avaya [+],
anonymity [+],
adam shostack [+],
chaos communication congress [+]
-
-
16:00
»
SecuriTeam
Oracle Identity Management is prone to a remote security vulnerability in Application Server Single Sign-On compoenent.
-
-
17:00
»
SecuriTeam
Oracle Identity Management is prone to a remote security vulnerability in Application Server Single Sign-On component; fixes are available.
-
-
20:43
»
Packet Storm Security Exploits
Oracle Identity Management suffers from a reflected cross site scripting POST injection vulnerability when parsing user input to the 'username' parameter via POST method thru '/usermanagement/forgotpassword/index.jsp' script. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user's browser session. Version 10.1.4.0.1 is affected.
-
20:43
»
Packet Storm Security Recent Files
Oracle Identity Management suffers from a reflected cross site scripting POST injection vulnerability when parsing user input to the 'username' parameter via POST method thru '/usermanagement/forgotpassword/index.jsp' script. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user's browser session. Version 10.1.4.0.1 is affected.
-
20:43
»
Packet Storm Security Misc. Files
Oracle Identity Management suffers from a reflected cross site scripting POST injection vulnerability when parsing user input to the 'username' parameter via POST method thru '/usermanagement/forgotpassword/index.jsp' script. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user's browser session. Version 10.1.4.0.1 is affected.
-
-
3:11
»
Packet Storm Security Exploits
Offerings from identity.net.au appear to suffer from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
-
-
21:45
»
SecDocs
Authors:
Max Kilger Tags:
identity management Event:
Chaos Communication Congress 22th (22C3) 2005 Abstract: The demarcation line that used to separate your digital identity from your real world physical identity is rapidly disappearing. More seriously, it is permanently changing the way in which the world sees you and you see yourself. Social identity lies at the very core of our existence as human beings. Without identity we are lost both in the physical and virtual world. Before the coming of the digital revolution, most people struggled to create a single, permanent identity that stayed with them for the remainder of their lives. Digital technology has changed that way of life forever. People are now given digital identities by governmental, business and military organizations, sometimes with their knowledge but often without them knowing. People have also begun to weave multiple digital identities for themselves - using digital technology they can now create their own alternative identities that they can wear and shed like skins for their own personal purposes. In this lecture I will discuss how the digital identities that we create for ourselves and those that others create or us affect both our image of ourselves, our own psychological makeup and well-being as well as how it affects how others see and deal with us.
-
21:45
»
SecDocs
Authors:
Max Kilger Tags:
identity management Event:
Chaos Communication Congress 22th (22C3) 2005 Abstract: The demarcation line that used to separate your digital identity from your real world physical identity is rapidly disappearing. More seriously, it is permanently changing the way in which the world sees you and you see yourself. Social identity lies at the very core of our existence as human beings. Without identity we are lost both in the physical and virtual world. Before the coming of the digital revolution, most people struggled to create a single, permanent identity that stayed with them for the remainder of their lives. Digital technology has changed that way of life forever. People are now given digital identities by governmental, business and military organizations, sometimes with their knowledge but often without them knowing. People have also begun to weave multiple digital identities for themselves - using digital technology they can now create their own alternative identities that they can wear and shed like skins for their own personal purposes. In this lecture I will discuss how the digital identities that we create for ourselves and those that others create or us affect both our image of ourselves, our own psychological makeup and well-being as well as how it affects how others see and deal with us.
-
15:24
»
SecDocs
Authors:
Max Kilger Tags:
identity management Event:
Chaos Communication Congress 22th (22C3) 2005 Abstract: The demarcation line that used to separate your digital identity from your real world physical identity is rapidly disappearing. More seriously, it is permanently changing the way in which the world sees you and you see yourself. Social identity lies at the very core of our existence as human beings. Without identity we are lost both in the physical and virtual world. Before the coming of the digital revolution, most people struggled to create a single, permanent identity that stayed with them for the remainder of their lives. Digital technology has changed that way of life forever. People are now given digital identities by governmental, business and military organizations, sometimes with their knowledge but often without them knowing. People have also begun to weave multiple digital identities for themselves - using digital technology they can now create their own alternative identities that they can wear and shed like skins for their own personal purposes. In this lecture I will discuss how the digital identities that we create for ourselves and those that others create or us affect both our image of ourselves, our own psychological makeup and well-being as well as how it affects how others see and deal with us.
-
15:24
»
SecDocs
Authors:
Max Kilger Tags:
identity management Event:
Chaos Communication Congress 22th (22C3) 2005 Abstract: The demarcation line that used to separate your digital identity from your real world physical identity is rapidly disappearing. More seriously, it is permanently changing the way in which the world sees you and you see yourself. Social identity lies at the very core of our existence as human beings. Without identity we are lost both in the physical and virtual world. Before the coming of the digital revolution, most people struggled to create a single, permanent identity that stayed with them for the remainder of their lives. Digital technology has changed that way of life forever. People are now given digital identities by governmental, business and military organizations, sometimes with their knowledge but often without them knowing. People have also begun to weave multiple digital identities for themselves - using digital technology they can now create their own alternative identities that they can wear and shed like skins for their own personal purposes. In this lecture I will discuss how the digital identities that we create for ourselves and those that others create or us affect both our image of ourselves, our own psychological makeup and well-being as well as how it affects how others see and deal with us.
-
-
21:39
»
SecDocs
Authors:
Caspar Bowden Tags:
privacy Event:
Chaos Communication Congress 23th (23C3) 2006 Abstract: Microsoft has proposed architectural principles ("7 Laws of Identity") to support convergence towards an inter-operable, secure, and privacy-enhancing plurality of identity systems - an "Identity Metasystem". This new concept presupposes that a single monolithic identity system for the Internet is neither practicable nor desirable.
-
21:39
»
SecDocs
Authors:
Caspar Bowden Tags:
privacy Event:
Chaos Communication Congress 23th (23C3) 2006 Abstract: Microsoft has proposed architectural principles ("7 Laws of Identity") to support convergence towards an inter-operable, secure, and privacy-enhancing plurality of identity systems - an "Identity Metasystem". This new concept presupposes that a single monolithic identity system for the Internet is neither practicable nor desirable.
-
-
21:39
»
SecDocs
Authors:
Jan Schallaböck Ralf Bendrath Udo Neitzel Tags:
privacy Event:
Chaos Communication Congress 23th (23C3) 2006 Abstract: The presentation will show the hidden privacy implications of some web2.0 and identity2.0 services, standards and applications and discuss the underlying trend here. Web2.0 has created a new rush towards social networking and collaborative applications. This enables new possibilities, but also is a threat to users' privacy and data. On the surface, many people seem to like giving away their data to others in exchange for building communities or getting their 15 seconds of fame. But below it lie less obvious privacy implications. Some of them are accidential, like publicly marking someone as a "friend" without asking that person before or putting personal data under a creative commons license. But some are more fundamental, as they are based on voluntary surveillance of the users. On the extreme end of the spectrum, the trend towards "identity 2.0" services - from microformats like OpenID and adressing systems like XDI to infrastructures like Cardspace and Higgins - will have far-reaching impacts on the future of privacy and anonymity on the web. The presentation will show the hidden privacy implications of some web2.0 and identity2.0 services, standards and applications and discuss the underlying trend here.
-
21:39
»
SecDocs
Authors:
Jan Schallaböck Ralf Bendrath Udo Neitzel Tags:
privacy Event:
Chaos Communication Congress 23th (23C3) 2006 Abstract: The presentation will show the hidden privacy implications of some web2.0 and identity2.0 services, standards and applications and discuss the underlying trend here. Web2.0 has created a new rush towards social networking and collaborative applications. This enables new possibilities, but also is a threat to users' privacy and data. On the surface, many people seem to like giving away their data to others in exchange for building communities or getting their 15 seconds of fame. But below it lie less obvious privacy implications. Some of them are accidential, like publicly marking someone as a "friend" without asking that person before or putting personal data under a creative commons license. But some are more fundamental, as they are based on voluntary surveillance of the users. On the extreme end of the spectrum, the trend towards "identity 2.0" services - from microformats like OpenID and adressing systems like XDI to infrastructures like Cardspace and Higgins - will have far-reaching impacts on the future of privacy and anonymity on the web. The presentation will show the hidden privacy implications of some web2.0 and identity2.0 services, standards and applications and discuss the underlying trend here.
-
-
21:41
»
SecDocs
Authors:
Christoph Engemann Tags:
biometric identity management Event:
Chaos Communication Congress 28th (28C3) 2011 Abstract: Starting with the history of birth-registration an overview on the historical regimes of naming and identifying people from the 15th to the 20th century is given. the talk will show examples of the different identity media through time and their standardization with the rise of the Westphalian nation state and the subsequent developments after the French Revolution and during the 20th century. The goal of the talk is to show the complexity of the phenomenon of personal names and their media and the need for an informed debate on who and how naming and identification in the digital age is achieved. In July 2011 Google opened the social network named Google+, immediately spawning a fierce debate about its real-name policy barring users from opening accounts with pseudonyms. Just a few days later Facebooks Vice President Randi Zuckerberg echoed Google's sentiment, asserting: “(…) anonymity on the Internet has to go away.” Finally in early August Germanys minister of the interior demanded an end of anonymity on the Internet. My proposed talk is not concerned with the relation of anonymity and pseudonymity and free speech, discrimination and empowerment that dominated the ‘real-name’ “nymwars” on the internet. Instead it seeks to de-familiarize the notion of the ‘real name’ by exposing central aspects of the media-history of names, situating personal names in relation to the development of statehood and capitalism between the 1500 and the 2000s. I thus will outline the history and function of birth-registration as introduced in the wake of the reformation in 1543 and its subsequent secularization during the rise of the Westaphalian nation state. This includes an overview of the international standardization of both identity papers and personal naming regimes during the 19th century in the context of post-1789 development of statehood and colonization. Moving to the 2oth century I will provide examples of the development and standardization of the passport-system after WWI, and conclude my talk with a synopsis of administrative digital identity vision of the early nineties. The goal of the talk is first de-familiarize the notion of the personal-name by showing its complex historical and material background, secondly to contextualize the current developments of digital identity regimes (Neuer Personalausweis, Google+, NSTIC etc) within the larger and longer-term developments of statehood and capitalist societies. Thirdly my talk will show that a name never was ones own but always an intersection of administrative, media-technical and personal interventions and as such is currently becoming a contested phenomenon again, requiring an informed debate about what is in a name. Duration 40 mins, presentation style will be slides and accompanying talk, discussion afterwards.
-
-
21:42
»
SecDocs
Authors:
Christoph Engemann Tags:
biometric identity management Event:
Chaos Communication Congress 28th (28C3) 2011 Abstract: Starting with the history of birth-registration an overview on the historical regimes of naming and identifying people from the 15th to the 20th century is given. the talk will show examples of the different identity media through time and their standardization with the rise of the Westphalian nation state and the subsequent developments after the French Revolution and during the 20th century. The goal of the talk is to show the complexity of the phenomenon of personal names and their media and the need for an informed debate on who and how naming and identification in the digital age is achieved. In July 2011 Google opened the social network named Google+, immediately spawning a fierce debate about its real-name policy barring users from opening accounts with pseudonyms. Just a few days later Facebooks Vice President Randi Zuckerberg echoed Google's sentiment, asserting: “(…) anonymity on the Internet has to go away.” Finally in early August Germanys minister of the interior demanded an end of anonymity on the Internet. My proposed talk is not concerned with the relation of anonymity and pseudonymity and free speech, discrimination and empowerment that dominated the ‘real-name’ “nymwars” on the internet. Instead it seeks to de-familiarize the notion of the ‘real name’ by exposing central aspects of the media-history of names, situating personal names in relation to the development of statehood and capitalism between the 1500 and the 2000s. I thus will outline the history and function of birth-registration as introduced in the wake of the reformation in 1543 and its subsequent secularization during the rise of the Westaphalian nation state. This includes an overview of the international standardization of both identity papers and personal naming regimes during the 19th century in the context of post-1789 development of statehood and colonization. Moving to the 2oth century I will provide examples of the development and standardization of the passport-system after WWI, and conclude my talk with a synopsis of administrative digital identity vision of the early nineties. The goal of the talk is first de-familiarize the notion of the personal-name by showing its complex historical and material background, secondly to contextualize the current developments of digital identity regimes (Neuer Personalausweis, Google+, NSTIC etc) within the larger and longer-term developments of statehood and capitalist societies. Thirdly my talk will show that a name never was ones own but always an intersection of administrative, media-technical and personal interventions and as such is currently becoming a contested phenomenon again, requiring an informed debate about what is in a name. Duration 40 mins, presentation style will be slides and accompanying talk, discussion afterwards.
-
21:42
»
SecDocs
Authors:
Christoph Engemann Tags:
biometric identity management Event:
Chaos Communication Congress 28th (28C3) 2011 Abstract: Starting with the history of birth-registration an overview on the historical regimes of naming and identifying people from the 15th to the 20th century is given. the talk will show examples of the different identity media through time and their standardization with the rise of the Westphalian nation state and the subsequent developments after the French Revolution and during the 20th century. The goal of the talk is to show the complexity of the phenomenon of personal names and their media and the need for an informed debate on who and how naming and identification in the digital age is achieved. In July 2011 Google opened the social network named Google+, immediately spawning a fierce debate about its real-name policy barring users from opening accounts with pseudonyms. Just a few days later Facebooks Vice President Randi Zuckerberg echoed Google's sentiment, asserting: “(…) anonymity on the Internet has to go away.” Finally in early August Germanys minister of the interior demanded an end of anonymity on the Internet. My proposed talk is not concerned with the relation of anonymity and pseudonymity and free speech, discrimination and empowerment that dominated the ‘real-name’ “nymwars” on the internet. Instead it seeks to de-familiarize the notion of the ‘real name’ by exposing central aspects of the media-history of names, situating personal names in relation to the development of statehood and capitalism between the 1500 and the 2000s. I thus will outline the history and function of birth-registration as introduced in the wake of the reformation in 1543 and its subsequent secularization during the rise of the Westaphalian nation state. This includes an overview of the international standardization of both identity papers and personal naming regimes during the 19th century in the context of post-1789 development of statehood and colonization. Moving to the 2oth century I will provide examples of the development and standardization of the passport-system after WWI, and conclude my talk with a synopsis of administrative digital identity vision of the early nineties. The goal of the talk is first de-familiarize the notion of the personal-name by showing its complex historical and material background, secondly to contextualize the current developments of digital identity regimes (Neuer Personalausweis, Google+, NSTIC etc) within the larger and longer-term developments of statehood and capitalist societies. Thirdly my talk will show that a name never was ones own but always an intersection of administrative, media-technical and personal interventions and as such is currently becoming a contested phenomenon again, requiring an informed debate about what is in a name. Duration 40 mins, presentation style will be slides and accompanying talk, discussion afterwards.
-
-
15:49
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Nortel/Avaya Identity Engines Ignition Server.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
8:51
»
SecDocs
Authors:
Rik Van Bruggen Tags:
authentication identity management Event:
Hashdays 2010 Abstract: Strengthened User-Authentication, streamlined Application-Access, enhanced Productivity and simplified Compliance-Reporting - Security Experiences and Live-Demo with Imprivata OneSign.
-
-
13:36
»
SecDocs
Authors:
Adrian Crenshaw Tags:
privacy Event:
Black Hat DC 2011 Abstract: This paper will present research into services hosted internally on the I2P anonymity network, especially I2P hosted websites known as eepSites, and how the true identity of the Internet host providing the service may be identified via information leaks on the application layer. By knowing the identity of the Internet host providing the service, the anonymity set of the person or group that administrates the service can be greatly reduced. The core aim of this paper will be to test the anonymity provided by I2P for hosting eepSites, focusing primarily on the application layer and mistakes administrators and developers may make that could expose a service provider’s identity or reduce the anonymity set they are part of. We will show attacks based on the intersection of I2P users hosting eepSites on public IPs with virtual hosting, the use of common web application vulnerabilities to reveal the IP of an eepSite, as well as general information that can be collected concerning the nodes participating in the I2P anonymity network.
-
-
8:58
»
SecDocs
Authors:
Rik Van Bruggen Tags:
authentication identity management Event:
Hashdays 2010 Abstract: Strengthened User-Authentication, streamlined Application-Access, enhanced Productivity and simplified Compliance-Reporting - Security Experiences and Live-Demo with Imprivata OneSign.
0day.today (was: 1337day, Inj3ct0r, 1337db)
OSVDB Vulnerabilities
Exploit-DB
SecurityFocus Vulnerabilities
Bugtraq
XSSed
Sophos security news
Penetration Testing
BackTrack Linux Forums
Threatpost
carnal0wnage.attackresearch.com
Carnal0wnage
Darknet
The Exploitant
Hack a Day
Wirevolution