authentication

(get it in RSS or Atom)

Anatomy of an exploit - Linksys router remote password change hole

by Paul Ducklin on April 11, 2013 | 7 Comments
li-placard-250

A security researcher from California has published a how-to guide detailing a number of exploits against various Linksys routers.

Paul Ducklin looks at the ominous sounding "EA2700 Password Change Insufficient Authentication and CSRF Vulnerability"...

Apple introduces two-factor verification for Apple IDs

by Paul Ducklin on March 22, 2013 | 13 Comments
apple-id-icons-250

After celebrity Web 2.0 journalist Mat Honan had all his iDevices remote-wiped by a cybercrook last year, Apple's login security has been under scrutiny.

Good news! Apple has finally bitten the bullet and started offering two-factor verification for Apple ID users...

Google says it is winning the war against Gmail account hijackers

by Lisa Vaas on February 21, 2013 | 4 Comments
Gmail_thumb

Account takeovers are down a mammoth 99.7% compared with what they were at the height of the spear-phishing plague of 2011, the company (rightfully) brags.

Do not relax: such success doesn't let us users off the hook when it comes to account security beef-up.

Email: the forgotten security problem

by Julian Bhardwaj on November 7, 2012 | 10 Comments
emialatsign

When you read a message in your inbox, should you trust that the information hasn't been tampered with or that it even comes from who it claims?

Facebook to exclude phone numbers from reverse lookup - for users of two-factor authentication, anyway

by Paul Ducklin on October 16, 2012 | 3 Comments
Facebook to exclude phone numbers from reverse search - for users of two-factor SMS authentication, anyway

Facebook's SMS-based login security was a Catch-22. You had to give Facebook your phone number to improve security. But that exposed your phone number to the vagaries of the Facebook search system.

That's now changed, but apparently only temporarily, while Facebook decides what happens next.

Microsoft RDP - Remote Desktop Protocol or Routine Darkside Probe?

by Paul Ducklin on September 7, 2012 | 21 Comments
rdp-client-250

Leaving RDP open to the internet is a little bit like giving a visitor a seat in the corner of your server room and saying, "I'll just leave you here while I go for lunch. Don't touch anything, will you?"

What could possibly go wrong?

Blizzard owns up to data haemorrhage - painful but probably not too bad

by Paul Ducklin on August 10, 2012 | 2 Comments
Blizzard owns up to data haemorrhage - painful but probably not too bad

Big-time online entertainment outfit Blizzard has just owned up to a data haemorrhage.

Blizzard strongly suggests - but manfully doesn't pretend to guarantee - that financial data such as credit cards, billing addresses, and real names weren't got at.

"One in 256 times *any* password might get you in" - MySQL authentication disaster

by Paul Ducklin on June 13, 2012 | 7 Comments
"One in 256 times *any* password might get you in" - MySQL authentication disaster

What if your authentication system itself were at fault? You could have the hardest-to-guess password, salted and hashed thousands of times, and still be at risk.

That's what happened to MySQL and MariaDB.

Practical IT: how to assess a third-party provider's security (part 2)

by Ross McKerchar on April 18, 2012 | 4 Comments
security_thumb

In the second part of his article on how to assess the security of a third-party provider, Ross McKerchar takes a look at security functionality.

DMARC: Microsoft, Facebook and Google unite to fight phishing - but will it work?

by Paul Ducklin on February 2, 2012 | 9 Comments
DMARC: Microsoft, Facebook and Google unite to fight phishing - but will it work?

If the newswires are to be believed, the death of spam is imminent. Again!

The saviour this time round is DMARC, which is backed by Microsoft, Google, Facebook, PayPal, LinkedIn, Bank Of America and more. Find out what it's all about.

Dropbox lets anyone log in as anyone - so check your files now!

by Paul Ducklin on June 21, 2011 | 11 Comments
dropbox-square

Customers of cloud-based file storing-and-sharing company Dropbox should check on the data they've entrusted to the service, following the company's admission that it messed up its access controls for several hours.

How to stop your Gmail account being hacked

by Graham Cluley on June 2, 2011 | 38 Comments
How to stop your Gmail account being hacked

Graham Cluley describes what steps you should take to reduce the chances of your Gmail account being hacked.

Facebook's two-factor authentication announcement raises questions

by Graham Cluley on April 21, 2011 | 22 Comments
text-message-thumb

Amid rising concern about its attitude to privacy and safety, Facebook has announced that it is introducing a two-factor authentication system in an attempt to prevent unauthorised account logins.