Google Comes Down on Ad Fraud
There are a lot of terrible, terrible things on the Internet and much of that garbage is related to or contained in ads. Malware, phishing links, scams, and other forms of badness all have strong connections to the online ad world, and new data from Google shows just how tight those ties are. In 2015, the […]
On the Wire Podcast: Steven Murdoch
Steven Murdoch is a researcher at University College London and this week published a detailed technical analysis of the MIKEY-SAKKE protocol that is implemented in the U.K.’s Secure Chorus standard for voice encryption. Secure Chorus is set up for key escrow by design, a fact that Murdoch explains in his analysis. In this podcast, Dennis […]
California Bill Seeks Phone Crypto Backdoor
A week after a New York legislator introduced a bill that would require smartphone vendors to be able to decrypt users’ phones on demand from law enforcement, a California bill with the same intent has been introduced in that state’s assembly. On Wednesday, California Assemblyman Jim Cooper submitted a bill that has remarkably similar language […]
LostPass Allows Easy Phishing to Defeat Password Manager
A security researcher has developed a phishing attack against the LastPass password manager app that is virtually impossible to detect and has the ability to mimic the LastPass login sequence perfectly. The technique takes advantage of several weaknesses in the way that LastPass handles user logout notifications and the resulting authentication sequence. Sean Cassidy, the […]
By the Numbers: Online Bot Fraud to Cost $7.2B
Fraud, in all its forms, is a major drain on businesses. And most of the time that fraud is committed by human people. But what about robot fraud? Or, more accurately, fraud from Internet bots. These little automated programs can perform a lot of interesting and useful jobs online, but they also can use their powers for […]
UK Government Voice Encryption Standard Built for Key Escrow, Surveillance
The U.K. government’s standard for encrypted voice communications, which already is in use in intelligence and other sectors and could be mandated for use in critical infrastructure applications, is set up to enable easy key escrow, according to new research. The standard is known as Secure Chorus, which implements an encryption protocol called MIKEY-SAKKE. The protocol was […]
Serious Yahoo Mail XSS Bug Fixed
Yahoo has fixed a serious cross-site scripting vulnerability in its webmail product that could’ve allowed an attacker to take over a victim’s email account with one malicious email. The bug is a specific kind of cross-site scripting vulnerability known as stored XSS. In order to trigger it, an attacker would only need to send a […]
On the Wire Podcast: Mike Hanley
Mike Hanley is the program manager for research and development in Duo Security‘s Labs division, and is a former senior member of the technical staff at the CERT/CC at Carnegie Mellon University. In today’s podcast, Dennis Fisher talks to Mike about the ways in which two-factor authentication is deployed right now, how 2FA use has changed, […]
Hyatt Data Breach Caused by Payment System Malware
A data breach at hundreds of Hyatt hotels that was revealed in December was caused by point-of-sale device malware that stole victims’ payment card information in transactions in hotel restaurants, spas, golf shops, and other locations. The malware was on PoS systems in more than 300 Hyatt hotels around the world, including dozens in the […]