OpenID Connect enables online identity
Identity standards aren’t sexy. Biometrics, encryption apps and systems that enable high-assurance authentication get much of the attention but standards that make all these technologies work across the Internet are a necessity. OpenID is one of these underlying technologies and the latest version of the standard – OpenID Connect – has been ratified as an official standard by the OpenID Foundation members. Internet and mobile companies have implemented OpenID Connect worldwide, including Google, Microsoft, Deutsche Telekom, Salesforce, Ping Identity, Nomura Research Institute, mobile network operators, and other companies and organizations. The standard will be built into commercial products and implemented in open-source libraries for global deployments. The team that has helped create OpenID Connect is one composed of rivals. Google, Microsoft and others, all competitors working to try and solve the digital identity problem, says Don Thibeau, executive director of the OpenID Foundation. The mobile operators are also on board with the GSMA and its 650 mobile network operators endorsing OpenID Connect. – Source -secureidnews-2014.
Heartbleed bug creates confusion on internet
The Heartbleed bug exploits a vulnerability in a version of the OpenSSL security software code that is installed on two-thirds of the active servers connected to the internet
This week it has emerged that a major security flaw at the heart of the internet may have been exposing users’ personal information and passwords to hackers for the past two years.
It is not known how widely the bug has been exploited, if at all, but what is clear is that it is one of the biggest security issues to have faced the internet to date.
Security experts warn there is little Internet users can do to protect themselves from the recently uncovered “Heartbleed” bug that exposes data to hackers, at least not until exploitable websites upgrade their software.
Researchers have observed sophisticated hacking groups conducting automated scans of the Internet in search of Web servers running a widely used web encryption program known as OpenSSL that makes them vulnerable to the theft of data, including passwords, confidential communications and credit card numbers.
OpenSSL is used on about two-thirds of all web servers, but the issue has gone undetected for about two years.