Last month, IBM released a report (PDF) identifying the security challenges facing enterprises in the next two to five years. The survey is based on data collected internally by IBM.

One theme is that as the pace of globalization picks up, traditional boundaries continue to disappear. In this new global

In this week's Security Bites podcast, CNET's Robert Vamosi talks about user authentication with Kim Cameron, chief architect with the Identity and Security group at Microsoft.

At this year's PDC and again at WinHec, Microsoft certainly talked up its new Windows Azure cloud-based services, along with Windows 7. It has also been talking about Geneva, the code name for the next version of CardSpace, the Microsoft user authentication system. One goal of Geneva is to extend the reach of its predecessor, Active Directory Federation Services.

To help developers, Microsoft unveiled at PDC and WinHec the Geneva Server and the Geneva Framework. To play well with other system, Geneva accepts industry standards WS-Trust and WS-Federation, as well as the SAML 2.0 protocol.

(Credit: Microsoft)

Windows CardSpace Geneva releases digitally signed security tokens to Web sites, and allows multiple sites to accept the same tokens, so users don't have to be authenticated for various related sites. On the other hand, if a phishing site lures a user to accidentally use a card and submit a token, that token would not be "redeemable" at any other site and therefore is not useful for impersonating the user in any other context.

Another example of its use might be that an enterprise could have its employees use their Windows Live ID to access various assets within the company.

In addition to working on Geneva at Microsoft, Cameron is part of the Identify Card Foundation, a group that is advocating open standards around the use of ID cards for authentication.

Listen now: Download today's podcast


View Detail

In this week's Security Bites podcast, Robert Vamosi speaks with Ryan Naraine, security evangelist for Kaspersky and Zero Day blogger for ZDNet, about malicious software.

Naraine recently spoke at a conference on emerging security threats sponsored by the Georgia Tech Information Security Center about the increasing risks of malware ...

Voting--it's the cornerstone of our democracy. But in recent years, both the systems we use and the trust we have in the accuracy of our votes have been challenged.

A new report (PDF) looks at all the systems currently in use--from paper ballots to Direct-Recording Electronic machines--and the issues ...

Criminals may have found a way to get you to click on malware without you even knowing. Worse, they might also be able to open the microphone or Webcam on your PC to eavesdrop.

Called Clickjacking, the process allows the attacker to trick you the user into clicking on something

According to a report this week from Verizon Business, risk factors for data breaches vary industry to industry and defy a "cookie cutter" approach to security, which is why Verizon has revisited an earlier report. The goal of both the new and the prior report is to offer detailed insight

This week Tom Rusin, president and chief executive officer of Affinion's North America operation, is Robert Vamosi's guest. His company monitors the criminal underground for several thousand banking institutions by lurking in carder chat rooms.

"Carders" are the people who buy, sell, and trade online the credit card ...

It may seem trivial to you what applications are on your desktop, but from a business or organization's perspective, it can be a serious matter. If an application provides unfiltered access to the outside world, this could create regulatory issues. Certain desktop applications can also indirectly or directly introduce

Google has entered the browser space. Chrome, its browser still in beta, is based on the open source Webkit project. Some will recognize Webkit as the foundation for another browser, Apple Safari. But Chrome also borrows heavily from Mozilla Firefox and Microsoft Internet Explorer, giving this new browser an old