authentication

(get it in RSS or Atom)

8 charged in AT&T ID theft fraud case, including outsourced contractor

8 charged in AT&T ID theft fraud case

"Authorized users" were added to customers' bank accounts, allowing the alleged fraudsters to request new cards in their names to make purchases and withdraw cash. As with other recent cases, the weak link was supposedly working for AT&T in an outsourced job function.

Google acquires sound authentication start-up SlickLogin

slicklogin-CC-250

Just five months after the company's launch, SlickLogin has announced its acquisition by Google. The Israeli security start-up has developed a method of authenticating your smartphone using an inaudible sound wave transmitted from your computer.

The power of two - All you need to know about two-factor authentication

2FA

What can we do to protect ourselves from stolen password databases, phishing attacks, keyloggers or credit card skimmers installed in our local ATMs? We can start with two-factor authentication. This article tells you what it is, how it works and where you can use it.

Microsoft joins tech giants and FIDO in the fight for simpler, safer authentication

Microsoft joins tech giants and FIDO in the fight for simpler, safer authentication

Microsoft joins Google, PayPal, Lenovo and other tech giants as a member of the FIDO (Fast IDentity Online) Alliance, a non-profit group working to design better and more standardised methods of checking identity across the internet.

D-Link patches "Joel's Backdoor" security hole in its SoHo routers

dl-524-250

About six weeks ago we wrote about an amusingly alarming security hole in various D-Link routers.

D-Link has now come out with a firmware fix - don't forget to update if you're on the affected list...

Apple's iOS 7.0.4 fixes a "too easy to buy stuff" security flaw

ios704-250

Apple pushed out iOS 7.0.4 last week, the fourth patch in two months.

Is iOS getting buggier, or is Apple simply publishing security fixes more promptly?

Biostamps - freedom from password tyranny, or Hollywood science?

Biostamps - freedom from password tyranny, or Hollywood science?

Last week Motorola execs showed off experimental biostamps - digital "tattoos" capable of authenticating you to your phone. Could this be the ultimate solution to the problem of authentication and passwords, or is it just a sci-fi pipe dream?

Anatomy of an exploit - Linksys router remote password change hole

li-placard-250

A security researcher from California has published a how-to guide detailing a number of exploits against various Linksys routers.

Paul Ducklin looks at the ominous sounding "EA2700 Password Change Insufficient Authentication and CSRF Vulnerability"...

Apple introduces two-factor verification for Apple IDs

apple-id-icons-250

After celebrity Web 2.0 journalist Mat Honan had all his iDevices remote-wiped by a cybercrook last year, Apple's login security has been under scrutiny.

Good news! Apple has finally bitten the bullet and started offering two-factor verification for Apple ID users...

Google says it is winning the war against Gmail account hijackers

Gmail

Account takeovers are down a mammoth 99.7% compared with what they were at the height of the spear-phishing plague of 2011, the company (rightfully) brags.

Do not relax: such success doesn't let us users off the hook when it comes to account security beef-up.

Email: the forgotten security problem

emialatsign

When you read a message in your inbox, should you trust that the information hasn't been tampered with or that it even comes from who it claims?

Facebook to exclude phone numbers from reverse lookup - for users of two-factor authentication, anyway

Facebook to exclude phone numbers from reverse search - for users of two-factor SMS authentication, anyway

Facebook's SMS-based login security was a Catch-22. You had to give Facebook your phone number to improve security. But that exposed your phone number to the vagaries of the Facebook search system.

That's now changed, but apparently only temporarily, while Facebook decides what happens next.

Microsoft RDP - Remote Desktop Protocol or Routine Darkside Probe?

rdp-client-250

Leaving RDP open to the internet is a little bit like giving a visitor a seat in the corner of your server room and saying, "I'll just leave you here while I go for lunch. Don't touch anything, will you?"

What could possibly go wrong?

Blizzard owns up to data haemorrhage - painful but probably not too bad

Blizzard owns up to data haemorrhage - painful but probably not too bad

Big-time online entertainment outfit Blizzard has just owned up to a data haemorrhage.

Blizzard strongly suggests - but manfully doesn't pretend to guarantee - that financial data such as credit cards, billing addresses, and real names weren't got at.

"One in 256 times *any* password might get you in" - MySQL authentication disaster

"One in 256 times *any* password might get you in" - MySQL authentication disaster

What if your authentication system itself were at fault? You could have the hardest-to-guess password, salted and hashed thousands of times, and still be at risk.

That's what happened to MySQL and MariaDB.

Practical IT: how to assess a third-party provider's security (part 2)

security_thumb

In the second part of his article on how to assess the security of a third-party provider, Ross McKerchar takes a look at security functionality.

DMARC: Microsoft, Facebook and Google unite to fight phishing - but will it work?

DMARC: Microsoft, Facebook and Google unite to fight phishing - but will it work?

If the newswires are to be believed, the death of spam is imminent. Again!

The saviour this time round is DMARC, which is backed by Microsoft, Google, Facebook, PayPal, LinkedIn, Bank Of America and more. Find out what it's all about.

Dropbox lets anyone log in as anyone - so check your files now!

Dropbox says it isn't poking around in our stuff

Customers of cloud-based file storing-and-sharing company Dropbox should check on the data they've entrusted to the service, following the company's admission that it messed up its access controls for several hours.

How to stop your Gmail account being hacked

How to stop your Gmail account being hacked

Graham Cluley describes what steps you should take to reduce the chances of your Gmail account being hacked.