This wired.com blog article explains how a 18 year old hacker who’s been hacking for 3 years now was able to hack into a twitter admin account (using a pw guessing tool/dictionary hack) and then use and admin PW reset feature to give away passwords for 33 accounts including the accounts of President Elect Barack Obama, Britney Spears, and Fox News. This incident goes to show that:
read more from "Password Guess and Reset hacking"

Check out the new Identropy Identity Management Blog. Or subscribe to the rss feed.

I recommend this resource to anyone who would like to learn about Identity Management. It is particularly geared towards those who want to learn about the basics of Identity Management. The Identity 101 series is particularly insightful. The various aspects of Identity Management (provisioning, single sign on etc) are covered and use cases are given to help illustrate the need for finding solutions.

Ash asked for Idm one-liners so here’s one for you: Your Manual processes are as good as the errors they produce. Recently I was working with a client that had various rules in place concerning employee Identities. The problem was they were relying on manual processes to enforce them thus opening themselves up to human error. One example would be their username naming convention which consisted of a combination of characters from the first name, middle name and last name. There are also special cases involving exceptions (if a username was already taken). While working on the IdentityMap for this client they decided they wanted to do some data cleansing as well. So I starting writing rules for excluding problem records. Hundreds of records were out of compliance with their various rules.

So the lesson to learn here is:

read more from "Manual processes are as good as…"

Image via Wikipedia

I found this LDAP browser/editor to be really good! If you use this on a client and have write privileges be careful about not overwriting anything. Another cross platform browser suggested by Eric is LDAPSoft’s browser.

read more from "What’s your favorite LDAP browser?"

Image via Wikipedia

Gartner puts out its Magic Quadrant for User Provisioning report Annually. This report identifies the leading players in the Market and provides alot of data on the adoption of Provisioning Identity Products.

the usual suspects: Sun, Novell, Microsoft, IBM are mentioned. Although there areothers major players as well i.e. Courion. The company I work for Identropy gets a mention, in relation to being an innovating force with as a Courion partner.  Understanding these products may give you a practical feel for what role Identity is playng at this point in time.

Read the full report here:
http://mediaproducts.gartner.com/reprints/novell/159740.html

Related articles by Zemanta

• Notes on Presenting to Gartner…and That Magic Quadrant Thing
• Connect Pro a “Leader” Once Again In Gartner’s Magic Quadrant

Image via CrunchBase

I was at a client doing some Identity mapping. They have TIM Tivoli, which had to be mapped against their people soft data. I needed to pull their usernames (eruid), employeeIDs (eradEmployeeID) from objectclass eradaccount (AD stuff), I also had to get their email accounts (which are under a custom objectClass (did not come from AD originally). I was trying to write a VBScript to pull everything. But Unfortunately all the code that’s out there on the web is very AD specific (AD Provider, adspath etc) and was not able to properly run a query from a VBscript to hit LDAP.

So I emailed Charles Ahart a blogger who blogs about his Tivoli experiences. And I tell him about my problem. I mentioned I was trying to pull this data into SSIS to map against their PeopleSoft Employee ID. So VBScript or Vb.net code would work. I was also given access to their DB2 database. That thing is crazy I could connect from SSIS to it, but the data is just all over the place. While I needed just 3 attributes It was so difficult to track them down. Even the Client’s TIM dba couldn’t figure it out. So I thought if I can’t do this with a script, I will have to do it through running a query against the DB2. I think the script would be an easier route to take.

Charles Responded:
read more from "Mapping Tivoli- Lessons Learnt"

Image via Wikipedia

If you want to understand identity Management, you have to first be able to analyze the problems surrounding coorporate identities today. Courion, an identity software vendor (I recently completed training on their product), held an event where they presented their product. An attendee wrote:

Observations from Converge:

- The main industry vertical customers attending were financial and health care.   User provisioning is a key issue and it is very expensive to do manually

- RoleCourier is gaining traction as customers are using it to avoid complexity, excessive roles, and political situations that arise when doing role-based provisioning

- ComplianceCourier is getting a lot of interest for its capability to enable business managers to periodically review and verify employee access rights

- There was a great customer presentation from Goodyear Tire and Rubber Corporation, where they discussed a previous failed attempt at implementing IAM, followed by their project with Courion, which is rolling out very smoothly.  One interesting note: a focus on educating and motivating users to appreciate the new system really pays off.

read more from "Understanding Identity Part 1"

Image by FHKE via Flickr

When doing Identity Management integrations its very important to properly train consultants/integrators. While shadowing is a good way to get someone aquainted, its even more important to provide hands on training. Dedicating an entire machine for each employees testing purposes becomes difficult quickly.

Virtualization helps eliminate the resource intensive requirements of having all that hardware. Plus it allows you to deal with multiple environments and makes reusing an entire insallation as easy as copy and paste.

In an earlier post I had mentioned that you can setup a VMWare test server using VMWare on Linux as a Development Sever for multiple users.

I followed this link to recently install VMWare 1.0.7 on OpenSUSE 11. Before doing anything update your linux installation from Yast or run the following command in terminal: apt-get update . Run all updates (and do this frequently). Then grab the latest version of VMWare Server from Vmware.com. After unzipping the file these are the commands you should run in terminal and these are the results you should get. The trick is getting your dependencies right. If you get an error along the way just search for that library in yast, or do a google search on the library that is missing and find out how to install it from the terminal. After installing the libraries start the process again. I had to install the latest version of gcc to make this work.

read more from "Installing VMWare on Linux"

Image via CrunchBase

I wonder how virtualization will tie into Identity Management in the future? I believe Ash once said these virtual components and appliances may take on identities of their own.

At work, I was asked to setup a VMWare Server for testing. We decided to test out VMWare’s Hypervisor Esxi Server which we heard was now FREE.

So what’s a hypervisor? Think of it as an operating system which does nothing but run virtual machines. It directly utilizes the hardware resources of your server and does not run on top of an operating system. So the idea is to maximize performance of your VMs, and possibly being able to run more VMs on a server than before simultaneously.

Microsoft has their own hypervisor. I recently received an email about an event they are doing to push their virtualization products. VMWare is of course a major player and there are others as well.

So we were interested in VMWare’s hypervisor but our major concern was connectivity, both onsite and offsite.

read more from "Review of VMWare’s free Hypervisor Esxi Server"