Author

Mike Grady (ISG)

Can you see the real me – can you?

Usernames and passwords are being stolen by ‘bad actors’ every day.  Via human engineering exploits, the ‘bad actor’ lures legitimate users into unwittingly surrendering their usernames and passwords. One of the more popular exploits is the well-crafted e-mail messages that warns of service interruption for the recipient’s e-mail service – just click the link and […]

Dangerous SAML SSO vulnerability?

Several sources have recently reported the discovery of a ‘flaw’ in certain SAML implementations that could allow a ‘bad actor’ to alter the identity carried in a Single Sign-On SAML assertion and legitimately log in as a different user as reported by TechTarget. Wow – that’s bad!  That was my initial reaction, and I envisioned […]

Triangulating and closing security compromises

              But the CEO told me to wire $60K to the Caymans! We’ve seen a recent rash of e-mail exploits that blend “social engineering” with e-mail technology. These exploits use e-mail to impersonate respected leaders and authorities of an enterprise giving direction to subordinates or delivering malware payloads and […]

SSO with Azure – some considerations

Microsoft Windows Azure Active Directory can be used as your Identity Provider (IdP) in the cloud just as you would Active Directory Federation Services (ADFS) on premises.   There is a growing set of features and services available for Authentication and Federation services in Azure.  The easiest and most direct method is to add Applications to […]

Contact Us Close