Microsoft Ships Urgent Fixes for Critical Flaws in Windows Kerberos, Hyper-V

Patch Tuesday: Redmond patches critical, remote code execution vulnerabilities haunting Windows Kerberos and Windows Hyper-V.
The post Microsoft Ships Urgent Fixes for Critical Flaws in Windows Kerberos, Hyper-V appeared first on SecurityWeek.
Continue reading Microsoft Ships Urgent Fixes for Critical Flaws in Windows Kerberos, Hyper-V

SPNEGO-based Kerberos authentication: Should I create a new security context using `gss_init_sec_context` for every request?

I’m implementing SPNEGO-based Kerberos authentication for a Linux client application for authenticating requests to a Windows IIS server.
I’ve read RFC4559, which describes how authentication should be performed:
https://datatracker.ietf.o… Continue reading SPNEGO-based Kerberos authentication: Should I create a new security context using `gss_init_sec_context` for every request?

Microsoft Improves Windows Security with a Path to Move Off NTLM

It’s time to stop relying on the insecure authentication protocol built into Windows. Microsoft is making it easier to switch to secure modern options. Continue reading Microsoft Improves Windows Security with a Path to Move Off NTLM

How to mitigate spoofing, keylogging password, stealing public key with smart card with external/internal smart card reader?

Here is my thought process:
I want to use smartcards without passwords for my setup. We don’t want to use Iris or fingerprint or voice. I only want to put in the card whenever something needs to authenticate and when I take out the card wh… Continue reading How to mitigate spoofing, keylogging password, stealing public key with smart card with external/internal smart card reader?