In This Section


Category: Authentication

January 19, 2016
Serious Yahoo Mail XSS Bug Fixed
Yahoo has fixed a serious cross-site scripting vulnerability in its webmail product that could’ve allowed an attacker to take over a victim’s email account with one malicious email. The bug is a specific kind of cross-site scripting vulnerability known as stored XSS. In order to trigger it, an attacker would only need to send a…
Read More →
January 15, 2016
On the Wire Podcast: Mike Hanley
Mike Hanley is the program manager for research and development in Duo Security‘s Labs division, and is a former senior member of the technical staff at the CERT/CC at Carnegie Mellon University. In today’s podcast, Dennis Fisher talks to Mike about the ways in which two-factor authentication is deployed right now, how 2FA use has changed,…
Read More →
January 15, 2016
Hyatt Data Breach Caused by Payment System Malware
A data breach at hundreds of Hyatt hotels that was revealed in December was caused by point-of-sale device malware that stole victims’ payment card information in transactions in hotel restaurants, spas, golf shops, and other locations. The malware was on PoS systems in more than 300 Hyatt hotels around the world, including dozens in the…
Read More →
January 13, 2016
Bankosy Android Trojan Defeats Voice 2FA
Bad guys are always looking for ways to up their game and find ways around the defenses that security companies and users put in their way. To wit, an Android banking Trojan called Bankosy that has added a new capability that allows attackers to bypass voice-based two-factor authentication. The malware has been around for a…
Read More →
January 12, 2016
Bug in Trend Micro Password Manager Allows Password Theft
A Google security researcher has discovered a serious, easily exploitable vulnerability in a password manager installed by default with some Trend Micro antivirus products. The bug allows an attacker not only to run arbitrary commands but also to download all of the passwords stored by the manager. The vulnerability was discovered by Tavis Ormandy, a…
Read More →
December 29, 2015
Payment Card Protocols Wide Open to Fraud
Researchers have discovered serious security vulnerabilities in a pair of protocols used by software in some point-of-sale terminals, bugs that could lead to easy theft of money from customers or retailers. The vulnerabilities lie in two separate protocols that are used in PoS systems, mainly in Germany, but also in some other European countries. Karsten Nohl, a…
Read More →
December 23, 2015
Google Testing New Account Authentication System
Authentication is one of the tougher problems in security, and a lot of companies have thrown a lot of money at it for a long time. Google is one of those companies, and the company is testing a new scheme that allows users to access their accounts without using a password. The system relies on…
Read More →
December 18, 2015
On the Wire Podcast: Jessy Irwin
In the premiere episode of the On the Wire podcast, Dennis Fisher talks with Jessy Irwin of 1Password about the state of authentication on the Internet, why it’s so difficult to use passwords securely, whether passwords will ever go away completely, and the difficulty of educating users about security. Podcast music by Chris Gonsalves and…
Read More →
December 3, 2015
Your Voice Is Not Your Own
The security industry has been trying to replace usernames and passwords since, well, forever, and with little success. The rush to employ biometrics has produced plenty of options, some of which can be defeated by Gummy bears, and no clear winner. Voice recognition recently has emerged as one of the leaders in the clubhouse in…
Read More →
Introducing Pindrop® Express – Authenticate without compromise.