In This Section

PINDROP BLOG

Category: Authentication

August 1, 2016
Google Turns on Forced Secure Connections for Search
Google has made a major change in the security if its main search page, turning on a feature that forces encrypted connections between Google’s servers and visitors. The move ensures that users will only communicate with Google.com over an SSL connection, even if they initially sent the request over plaintext HTTP. The company on Friday…
Read More →
July 29, 2016
NIST Explains Proposed Ban on SMS for 2FA
A few days after releasing draft authentication guidelines that propose deprecating SMS as a second factor for authentication, NIST officials provided more context on the move, saying it’s a result of advances in attacks and shifts in the threat landscape. Earlier this week, NIST, which sets technical standards for government agencies in the U.S., released…
Read More →
July 28, 2016
Apple to Detail iOS 10 Security at Black Hat
Apple, notoriously closed-mouthed about its security technology, plans to detail three new security features of the upcoming iOS 10 operating system at the Black Hat conference next week. The company’s head of security engineering and architecture will present a talk that outlines the functionality of the mechanisms, including HomeKit, the company’s smart home controller, and…
Read More →
July 28, 2016
LastPass Patches Remote Compromise Flaw
LastPass has patched a remote compromise vulnerability disclosed this week by a Google researcher, a bug that could be used to gain full access to Firefox users’ LastPass data. The vulnerability lies in the LastPass extension for Mozilla Firefox, and researcher Tavis Ormandy of Google, who discovered the bug, found that it could be used…
Read More →
July 27, 2016
Critical Bugs Allow Theft of Credentials in LastPass
It’s a bad week to be an engineer at LastPass. The maker of a popular password manager has just fixed a serious vulnerability that allowed attackers to steal users’ stored passwords, and now another researcher has found a separate bug that he says allows full remote compromise of LastPass. On Wednesday, researcher Mathias Karlsson disclosed…
Read More →
July 26, 2016
Attack Can Steal Keystrokes From Hundreds of Feet Away
Wireless keyboards from several top manufacturers, including HP, Kensington, and Toshiba, are susceptible to an attack that allows anyone within range to eavesdrop and record every keystroke made on the devices. The vulnerability is a result of the manufacturers failing to implement encryption between the keyboard and the computer, and it allows an attacker to intercept…
Read More →
July 26, 2016
NIST Plans to Drop SMS for Two-Factor Authentication
UPDATED–The move toward two-factor authentication and two-step verification for high-value services has been a positive one for user security, but many of those services use SMS as the channel for the second step in the authentication process, a method that the United States government is preparing to recommend against using. The National Institute of Standards and Technology…
Read More →
July 22, 2016
PayPal, Visa Partner for Improved Payment Security
PayPal is forming a new partnership with Visa for digital payments, a deal that will allow consumers to use their Visa cards as easily as PayPal in electronic transactions. The new agreement will see PayPal avoiding ACH transactions in some cases, a significant change for the company, which historically has used the network. The ACH…
Read More →
July 18, 2016
Making Money by Abusing Phone-Based Two-Step Verification
A security researcher has discovered a method that would have enabled fraudsters to steal thousands of dollars from Facebook, Microsoft, and Google by linking premium-rate numbers to various accounts as part of the two-step verification process. Arne Swinnen discovered the issue several months ago after looking at the way that several of these companies’s services…
Read More →
July 8, 2016
Facebook Messenger Gets End-to-End Encryption
Facebook is planning to begin a test of end-to-end encryption for its Messenger service, which could eventually bring encrypted conversations to the company’s more than 1.5 billion users. The test is due to begin today, according to reports, and will involve a small fraction of the Facebook user base at the beginning. Facebook Messenger is the…
Read More →
Introducing Pindrop® Express – Authenticate without compromise.