// archives

Web Access Management

RSS feed for this section
This category contains 3 posts

Web Access Management: Does Hotmail trust you?

By September 29, 2010 Post a comment

Hot on the heels of Google’s web access management announcements, Microsoft have made changes to the way Hotmail handles forgotten passwords. Users will be able to nominate “Trusted” PCs, from which password resets can be processed, and opt to register a mobile phone four SMS 2FA. “Rather than rely on an alternate e-mail address and [...]

Web Access Management: Google ups the ante

By September 28, 2010 Post a comment

Its been an interesting 2 weeks for Google and web access management. Last week they announced SMS 2FA support for google apps. Today they announced support for OAuth as well as the protocol to authorise 3rd party applications. Up until now you would have received a redirect to a Google login page where you had to put [...]

Web Access Management: Security Hack Exposes ASP.NET Forms Authentication

By September 15, 2010 One comment

ASP.NET Forms are a pretty common mechanism for web access management (when combined with NTFS permissions) for .NET web applications. Security researchers, Thai Duong and Juliano Rizzo have discovered a technique to compromise an ASP.NET Forms Authentication cookie when using AES encryption. It’s worth noting that the attack is 100% reliable, i.e. one can be [...]