- Recent
- Popular
- Tags (0)
- Subscribers (1)
- Dick Hardt joins Microsoft’s Identity TeamDecember 11 2008
-
John Fontana from Network World has picked up on one of the big deals in my life recently - Dick Hardt is joining our team at Microsoft. John Fontana posted this in Network World
Noted identity innovator Dick Hardt has agreed to join Microsoft to help the company shape its identity platform.
Hardt, one of the unique personalities in the busy identity community and a vocal Identity 2.0 advocate, will have the title “partner architect” and will be working on consumer, enterprise and government identity problems, he said on his blog.
Hardt said he was recruited by Microsoft because he is an “independent thinker.” Microsoft has benefited greatly from the work of other independent thinkers notably identity architect Kim Cameron, who has been instrumental in evolving the company’s identity platform and its integration with other vendors, protocols and tools.
“I think the hiring of Dick Hardt is another proof point that Microsoft is serious about identity,” said Jackson Shaw, senior director of product management for Active Directory and integration solutions at Quest Software. “I believe it is also a further sign that Microsoft wants to avoid a Microsoft-centric ‘Passport’ t
- My dog ate my homeworkNovember 30 2008
-
Am I the only one, or is this a strange email from Facebook?
I mean, “lost”?? No backups?
I hear you. This must be fake - a phishing email, right?
No https on the page I’m directed to, either… The average user doesn’t have a chance when figuring out whether this is legit or not. So guess what. He or she won’t even try.
I’ll forget and forgive the “loss”, but following it up by putting all their users through a sequence of steps that teaches them how to be phished really stinks.
Seems to drive home the main premise of Information Cards set forth in the Laws of Identity:
Hundreds of millions of people have been trained to accept anything any site wants to throw at them as being the “normal way” to conduct business online. They have been taught to type their names,
secret passwords and personal identifying information into almost any input form that appears on their screen.There is no consistent and comprehensible framework allowing them to evaluate the authenticity of the sites they visit, and they don’t have a reliable way of knowing when t
- The economics of vulnerabilities…November 21 2008
-
Gunnar Peterson of 1 Raindrop has blogged his Keynote at the recent Quality of Protection conference. It is a great read - and a defense in depth against the binary “secure / not secure” polarity that characterizes the thinking of those new to security matters.
His argument riffs on Dan Geer’s famous Risk Management is Where the Money Is. He turns to Warren Buffet as someone who knows something about this kind of thing, writing:
“Of course, saying that you are managing risk and actually managing risk are two different things. Warren Buffett started off his 2007 shareholder letter talking about financial institutions’ ability to deal with the subprime mess in the housing market saying, “You don’t know who is swimming naked until the tide goes out.” In our world, we don’t know whose systems are running naked, with no controls, until they are attacked. Of course, by then it is too late.
“So the security industry understands enough about risk management that the language of risk has permeated almost every product, presentation, and security project for the last ten years. Ho
- My Twitterank is 101.54November 18 2008
-
In case you need mind-stretching with regard to credulity, try out this piece from Sprout Marketing:
Madness erupted on Twitter last night, as the latest cool “app,” Twitterank, was suddenly accused of being a simple password swiping scheme. Over the past 48 hours, thousands of people were Tweeting the same message:
my Twitterank is 101.54!Each one of those thousands of users freely gave out their username and password to the site. In exchange, the site uses some complicated algorithm (or not, maybe it’s entirely random) and out pops a rating.
Then around 3 p.m. or so, Mountain Time, PANIC broke out.
Within minutes, similar messages were everywhere. This is the online equivalent of an angry, confused mob [FOLLOW the incredible link - Kim] . ZDnet jumped in, along with dozens of other legitimate news sources.
News is breaking out this morning that it really isn’t a scam at all. Regardless, I think there are a couple lesson
- Security and ContactPoint: perception is allNovember 18 2008
-
Given the recent theft of my identity while it was being “stewarded” by CountryWide, I feel especially motivated to share with you this important piece on ContactPoint by Sir Bonar Neville-Kingdom GCMG KCVO that appeared in Britain’s Ideal Government. Sir Bonar writes:
I’m facing a blizzard of Freedom of Information requests from the self-appointed (and frankly self-righteous) civil liberties brigade about releasing details of the ContactPoint security review. Of course we’re all in favour of Freedom of Information to a point but there is a limit.
Perhaps I might point out:
The decision not to release any information about the ContactPoint security review was taken by an independent panel. I personally chaired ths panel to ensure its independence from any outside interests. I was of course not directly involved in the original requests, which were handled by a junior staff member.
The security of ContactPoint relies on nobody knowing how it works. If nobody knows what the security measures are, how can they possibly circumvent them? This is simply common sense. Details of the security measures will be shared only with the 330,000 accredited and vetted public servants