In This Section


Category: Authentication

March 1, 2016
Sidestepping Apple Pay Enrollment Authentication
SAN FRANCISCO–Apple has touted its Apple Pay system as a convenient, simple, and secure alternative to using physical debit or credit cards. But researchers have identified some weaknesses in the enrollment and authentication flow of the system that could have allowed attackers to add stolen cards to their own Apple Pay accounts and use them…
Read More →
February 23, 2016
The Selfie is the New Payment Biometric
Banks, credit card companies, and other financial companies are turning over every rock in an effort to fight fraud, including trying out novel authentication techniques. The latest move in this area is toward facial recognition via smartphones as a way to ensure the person making a purchase is who he claims to be. After decades…
Read More →
February 3, 2016
FDIC Releases Cybersecurity Framework for Banks
The FDIC has released a cybersecurity framework for banks that describes a long list of threats to financial institutions and includes recommendations for how they can defend against those threats. The framework doesn’t contain any surprises or novel threats, but provides a broad outline of the problems banks and other financial institutions face, such as…
Read More →
January 29, 2016
On the Wire Podcast: Vijay Balasubramaniyan
Dennis Fisher talks with Vijay Balasubramaniyan, CEO of Pindrop, about the company’s $75 million funding announcement with investments from Google Capital and Google Ventures, the future direction of the company, and the role that voice authentication and security is playing in the emerging Internet of Things era.
Read More →
January 28, 2016
GCHQ Says Voice Crypto Protocol Not Backdoored
A week after a researcher published a detailed analysis of the MIKEY-SAKKE voice encryption standard that broke down how it could enable key escrow and mass surveillance, the U.K.’s GCHQ, which designed the standard, has come out in defense of its security and integrity. CESG, the information security group at GCHQ, developed the MIKEY-SAKKE standard several…
Read More →
January 28, 2016
New Version of CenterPOS Malware Emerges
Researchers have discovered a new version of the CenterPOS malware that is capable of scraping memory and finding credit card data in running processes on infected devices. The malware is the latest iteration of CenterPOS, a family of point-of-sale malware that researchers have been tracking for several months. CenterPOS has been seen infecting PoS devices…
Read More →
January 25, 2016
UVA Hit With Another Data Breach
A mistake by an employee who clicked on a link in a phishing email and unwittingly granted access to an attacker has resulted in a data breach at the University of Virginia that dates back to late 2014 and exposed personal information of about 1,400 people. The breach includes allowed attackers to get access to some…
Read More →
January 22, 2016
On the Wire Podcast: Steven Murdoch
Steven Murdoch is a researcher at University College London and this week published a detailed technical analysis of the MIKEY-SAKKE protocol that is implemented in the U.K.’s Secure Chorus standard for voice encryption. Secure Chorus is set up for key escrow by design, a fact that Murdoch explains in his analysis. In this podcast, Dennis…
Read More →
January 20, 2016
LostPass Allows Easy Phishing to Defeat Password Manager
A security researcher has developed a phishing attack against the LastPass password manager app that is virtually impossible to detect and has the ability to mimic the LastPass login sequence perfectly. The technique takes advantage of several weaknesses in the way that LastPass handles user logout notifications and the resulting authentication sequence. Sean Cassidy, the…
Read More →
January 19, 2016
UK Government Voice Encryption Standard Built for Key Escrow, Surveillance
The U.K. government’s standard for encrypted voice communications, which already is in use in intelligence and other sectors and could be mandated for use in critical infrastructure applications, is set up to enable easy key escrow, according to new research. The standard is known as Secure Chorus, which implements an encryption protocol called MIKEY-SAKKE. The protocol was…
Read More →
Introducing Pindrop® Express – Authenticate without compromise.