PINDROP BLOG

Category: Authentication

March 7, 2016
Facebook Fixes Account-Takeover Bug
Facebook has fixed a simple yet potentially dangerous bug in its beta platform that could allow an attacker to take over another user’s account by brute-forcing the passcode that Facebook sends to users who forget their passwords. When a Facebook user forgets her password, she is directed to a form to enter either an email…
Read More →
March 7, 2016
On the Wire Podcast: RSA Conference Roundtable
In this episode of the podcast, Dennis Fisher is joined by a large cast of characters live at last week’s RSA Conference, including Jessy Irwin of 1Password, Chris Gonsales of IANS, Mike Mimosa of Threatpost, Fahmida Rashid of InfoWorld, and Chris Brook of Threatpost. The discussion touches on good and bad RSA talks, what we’ve…
Read More →
March 7, 2016
Bypassing Phone Fingerprint Sensors With an Inkjet Printer
Researchers at Michigan State University have developed a clever hack that allows them to scan and then print a target user’s fingerprint and then use it to unlock a mobile phone via the fingerprint sensor. The method uses an off-the-shelf inkjet printer equipped with some special cartridges with conductive ink to print the fingerprint image…
Read More →
March 1, 2016
Sidestepping Apple Pay Enrollment Authentication
SAN FRANCISCO–Apple has touted its Apple Pay system as a convenient, simple, and secure alternative to using physical debit or credit cards. But researchers have identified some weaknesses in the enrollment and authentication flow of the system that could have allowed attackers to add stolen cards to their own Apple Pay accounts and use them…
Read More →
February 23, 2016
The Selfie is the New Payment Biometric
Banks, credit card companies, and other financial companies are turning over every rock in an effort to fight fraud, including trying out novel authentication techniques. The latest move in this area is toward facial recognition via smartphones as a way to ensure the person making a purchase is who he claims to be. After decades…
Read More →
February 3, 2016
FDIC Releases Cybersecurity Framework for Banks
The FDIC has released a cybersecurity framework for banks that describes a long list of threats to financial institutions and includes recommendations for how they can defend against those threats. The framework doesn’t contain any surprises or novel threats, but provides a broad outline of the problems banks and other financial institutions face, such as…
Read More →
January 29, 2016
On the Wire Podcast: Vijay Balasubramaniyan
Dennis Fisher talks with Vijay Balasubramaniyan, CEO of Pindrop, about the company’s $75 million funding announcement with investments from Google Capital and Google Ventures, the future direction of the company, and the role that voice authentication and security is playing in the emerging Internet of Things era.
Read More →
January 28, 2016
GCHQ Says Voice Crypto Protocol Not Backdoored
A week after a researcher published a detailed analysis of the MIKEY-SAKKE voice encryption standard that broke down how it could enable key escrow and mass surveillance, the U.K.’s GCHQ, which designed the standard, has come out in defense of its security and integrity. CESG, the information security group at GCHQ, developed the MIKEY-SAKKE standard several…
Read More →
January 28, 2016
New Version of CenterPOS Malware Emerges
Researchers have discovered a new version of the CenterPOS malware that is capable of scraping memory and finding credit card data in running processes on infected devices. The malware is the latest iteration of CenterPOS, a family of point-of-sale malware that researchers have been tracking for several months. CenterPOS has been seen infecting PoS devices…
Read More →
January 25, 2016
UVA Hit With Another Data Breach
A mistake by an employee who clicked on a link in a phishing email and unwittingly granted access to an attacker has resulted in a data breach at the University of Virginia that dates back to late 2014 and exposed personal information of about 1,400 people. The breach includes allowed attackers to get access to some…
Read More →