WhatsApp May Be Next Front in Crypto Battle
The United States government, still entangled with Apple in the battle over an encrypted iPhone, has taken on another big opponent in its efforts to access encrypted communications: WhatsApp. The hyper-popular mobile messaging app is, in some parts of the world with poor phone coverage, the default communications mechanism. Now owned by Facebook, WhatsApp employs end-to-end […]
More Android Malware Bypassing Mobile Banking 2FA
The kind of features that once were reserved solely for top-shelf malware is becoming standard equipment for mobile malware. The latest must-have feature is the ability to bypass two-factor authentication and it is showing up in more and more malicious apps, especially those that impersonate banking apps. A couple months ago a new version of […]
Apple-FBI Case Gets Nasty
The federal government and Apple both have dropped any semblance of civility in their battle over an encrypted iPhone, with the Department of Justice calling Apple’s arguments “corrosive” and threatening to demand the iOS source code and its master signing key for the operating system, and Apple’s lawyers calling the government “desperate”. The government on […]
On the Wire Podcast: Rich Mogull
In this episode, Dennis Fisher brings on Rich Mogull of Securosis to talk about the FTC demanding information from PCI assessors. The PCI standard has been in place for more than a decade now and while it has contributed to raising the level of security, the assessment industry has long been fraught with problems. Rich […]
EFF Says Bills Requiring Vendor Decryption of Phones Could be Unconstitutional
The Electronic Frontier Foundation has come out in opposition of a proposed California bill that would require Apple and other phone manufacturers to be able to decrypt the contents of any device they sell in the state. The California bill was introduced in January by Assemblyman Jim Cooper and it is designed to force vendors […]
Home Depot Pays $19.5 Million to Settle Data Breach Suits
The Home Depot has agreed to pay more than $19 million to settle a massive lass-action lawsuit stemming from its 2014 data breach, one of the larger incidents in United States history. The settlement brings to a close what has been a long and ugly tale. The data breach came to light in late 2014 […]
FTC Demands Info From PCI Auditors
The Federal Trade Commission has sent an order to nine of the larger companies that do PCI DSS assessments, demanding that the organizations turn over detailed information on how they conduct those audits, how often they actually declare a company non-compliant, and many other details. The PCI standard was created by the major payment card […]
Facebook Fixes Account-Takeover Bug
Facebook has fixed a simple yet potentially dangerous bug in its beta platform that could allow an attacker to take over another user’s account by brute-forcing the passcode that Facebook sends to users who forget their passwords. When a Facebook user forgets her password, she is directed to a form to enter either an email […]
On the Wire Podcast: RSA Conference Roundtable
In this episode of the podcast, Dennis Fisher is joined by a large cast of characters live at last week’s RSA Conference, including Jessy Irwin of 1Password, Chris Gonsales of IANS, Mike Mimosa of Threatpost, Fahmida Rashid of InfoWorld, and Chris Brook of Threatpost. The discussion touches on good and bad RSA talks, what we’ve […]