PINDROP BLOG

Category: Authentication

April 4, 2016
Attackers Target Medical Devices, But Do Nothing Once They’re In
ORLANDO–Medical devices have become the new go-to example whenever someone wants to illustrate just how bad security is. And for good reason. These devices often run on Windows XP, have hardcodes passwords, haven’t been patched since the George W. Bush administration, and are reachable over the Internet. That’s not how any of this is supposed…
Read More →
April 4, 2016
How the Focus on Technology is Undermining Security
ORLANDO–It’s accepted as fact that many of the compromises and data breaches that make headlines and cost CSOs their jobs are accomplished through the use of known vulnerabilities and old techniques. These problems are fixable, but throwing money and technology at them is not the right answer, experts say. The security industry is experiencing an…
Read More →
March 31, 2016
Wyden: ‘Plans to Weaken Strong Encryption Are a Double Loser’
Sen. Ron Wyden, who has been perhaps the most outspoken legislator on the topic of encryption, privacy, and government intervention in technology, said he will “use every power I have as senator” to prevent lawmakers from passing laws that weaken encryption. Wyden (D-Ore.) spoke Tuesday at RightsCon, a conference on digital rights and privacy, and…
Read More →
March 30, 2016
1,418 Bugs in Medical Devices, Zero Patches
There are vulnerability reports, and there are Vulnerability Reports. The latest and perhaps best entry in the latter category is a disclosure of more than 1,400 vulnerabilities in a variety of medication-supply devices manufactured by CareFusion. The affected devices are CareFusion’s Pyxis SupplyStation systems, automated cabinets that allow medical personnel to dispense medication and monitor…
Read More →
March 28, 2016
Facebook Testing Anti-Impersonation Feature
Phishing and account takeover attacks take many forms, especially on massive platforms such as Twitter or Facebook, and defending against them is a tall order. Facebook has tried a number of tactics over the years, and now the company is testing a new feature that will detect and warn users when someone else is trying…
Read More →
March 17, 2016
On the Wire Podcast: David Dewey
Apple has been touting its Apple Pay app as a secure, convenient alternative to other payment systems. It has been adopted by a number of major retailers and card issuers, but David Dewey, research director at Pindrop Labs, ran several experiments on the system’s card enrollment and authentication flow and found some serious problems. Using social engineering…
Read More →
March 15, 2016
Amazon Plans Move to Facial Recognition for Purchases
Amazon is planning to join a growing list of major companies that are working to make facial recognition the authentication method of choice. The retailer has filed a patent claim for a method it hopes will enable customers to complete purchases using their faces rather than passwords. The Amazon application shows that the company is working…
Read More →
March 11, 2016
More Android Malware Bypassing Mobile Banking 2FA
The kind of features that once were reserved solely for top-shelf malware is becoming standard equipment for mobile malware. The latest must-have feature is the ability to bypass two-factor authentication and it is showing up in more and more malicious apps, especially those that impersonate banking apps. A couple months ago a new version of…
Read More →
March 9, 2016
Home Depot Pays $19.5 Million to Settle Data Breach Suits
The Home Depot has agreed to pay more than $19 million to settle a massive lass-action lawsuit stemming from its 2014 data breach, one of the larger incidents in United States history. The settlement brings to a close what has been a long and ugly tale. The data breach came to light in late 2014…
Read More →
March 8, 2016
FTC Demands Info From PCI Auditors
The Federal Trade Commission has sent an order to nine of the larger companies that do PCI DSS assessments, demanding that the organizations turn over detailed information on how they conduct those audits, how often they actually declare a company non-compliant, and many other details. The PCI standard was created by the major payment card…
Read More →