Facebook Adds USB Key Two-Factor Authentication

Facebook has added USB key security to it’s two-factor authentication options.  Previously, Facebook users could add the additional security of two-factor authentication to their account by using the Facebook app to receive a six digit one-time passcode, or by having the code sent to their smart phone via SMS text message.  Facebook now supports the open-source Universal 2 Factor (U2F) standard established by the FIDO Alliance, such as the  Yubikey from Yubico.

Continue Reading →

0

Apple Users Get Updates

If you are an Apple user, Apple released a number of updates released late in January that will fix security vulnerabilities in several platforms and services.  It was reported by US-CERT on January 23rd.

The release for Mac OSX Sierra is large, at 105 GB, and fixes many holes that would allow and attacker to remotely execute malware.  This is something you should fix immediately.

The ...

Continue Reading →
0

The Problem With Biometric Authentication

NIST is working on new authentication standards, and there are some surprising changes coming out of this effort.  One of the issues that NIST is dealing with is the use of biometrics for authentication.  But there are problems with biometrics.  Here they are from the NIST Special Publication 800-63b.  Emphasis is mine.

“5.2.3. Use of Biometrics

For a variety of reasons, this ...

Continue Reading →
0

Passwords Are On Life Support

Passwords are not dead – not yet.  But they are on life support.  They are no longer enough to truly secure anything on their own.

I just read an sobering, eye-popping article on NetMux that discussed easy ways to crack passwords that are longer than 12 characters.

What makes this so disheartening for me is that I have been telling everyone to increase their password length ...

Continue Reading →
0

Credential Stealing Malware in PDF Attachments

On Wednesday we talked about a phishing exploit that used malware to provide remote access and steal the personal information of the victims.  Today we continue the story with a similar exploit, called “Fareit” to “ferret out” the user credentials and other personal information the victims.

This exploit uses a phishing email to send the target either a PDF attachment or a Word attachment.  The PDF variant uses Windows Powershell to install.  The ...

Continue Reading →
0

EyePyramid – Data Stealing Trojan Horse

I read a story in Naked Security recently that reported the arrest of a couple of Italian cyber-criminals who have been stealing personal information from Italian mayors, prime ministers, cardinals, and other notables since 2010.   They used a phishing exploit to install a Trojan Horse/keylogger called EyePyramid.  There were a couple of things that caught my eye.

The first is the sheer volume of data stolen – 87 gigabytes!  This information was ...

Continue Reading →
0

Check Out Opera Neon

Opera Neon is an interesting new experimental project from Opera.  They are giving the browser a new look that resembles your computer’s desktop.  There are new controls which makes working with tabs and organizing your windows more natural.  There is a video pop-out feature which lets you view the video in one part of your screen while continuing to use the browser for other things.  The change to visual tabs is supposed ...

Continue Reading →
0

Opera Web Browser Offers Secure VPN

On Wednesday we took a broader look at the web browser.  Today we are going take a deeper look at the Opera web browser, because they are doing some interesting things with privacy, security, and functionality.

As I mentioned towards the end of Wednesday’s post, I am having concerns with my deep relationship with Google.  Google for me has been like a really great girlfriend who anticipated my every need, and has now become just ...

Continue Reading →
0
Page 4 of 33 «...23456...»