PINDROP BLOG

Category: Authentication

March 23, 2017
Android Trojan Spreads Through Fake Cell Towers
Attackers in China are using rogue cell base stations to spread versions of an Android banking Trojan that steals user credentials and has the ability to bypass two-factor authentication. The malware, known as the Swearing Trojan for some impolite language found in the Chinese code, has been in circulation for several months and uses a…
Read More →
March 13, 2017
Google Steps Up Security on G Suite and Cloud Platform
Google has rolled out several new security features for its G Suite and Google Cloud Platform, including a DLP system that finds and redacts sensitive data, and a service that allows organizations to manage the lifecycle of encryption keys. Users of Google’s hosted apps are reliant on the company for the security and privacy controls,…
Read More →
March 7, 2017
Nest Adds Two-Step Verification for Users
Nest, maker of smart home thermostats and other devices, is adding two-step verification to its authentication process, making it more difficult for attackers to take over users’ devices. The company said on Tuesday that it is implementing the ability for users to require a short code sent by SMS as part of the sign-in process…
Read More →
February 14, 2017
Cryptographers Question the Promise of AI, Machine Learning in Security
SAN FRANCISCO–Artificial intelligence and machine learning are the two dominant buzzphrases at the RSA Conference this year, but some of the founding fathers of the security community are questioning how much use those technologies will be for security. “I’m actually skeptical that there will be much impact on security from AI,” Ron Rivest, a professor…
Read More →
February 2, 2017
Google Adds New Protections to G Suite
OAKLAND–Google is making a pair of changes to its hosted G Suite Gmail service for enterprises to enhance the security of the service. The most significant change is the addition of hosted S/MIME encryption. This will allow enterprise customers to get the benefits of secure email without having to deal with all of the challenges…
Read More →
February 1, 2017
How WhatsApp Rolled Out Encryption While Still Killing Spam
OAKLAND–WhatsApp has enjoyed tremendous growth in the last couple of years, a trend that accelerated even further when the company announced it was implementing end-to-end encryption on its messaging service. But that rollout also raised a serious issue for the company: how to identify spammers without access to the contents of users’ messages. Like most messaging services,…
Read More →
January 31, 2017
‘We Need to Embrace the Mundane’ in Security
OAKLAND–The security industry as a whole is really good at identifying interesting new problems and coming up with fancy products to solve them. But there is still a long list of boring, known problems that no one has fixed yet, and those are the ones that need the most attention, experts say. One of those boring problems…
Read More →
January 30, 2017
Facebook Unveils Delegated Recovery Account Security System
OAKLAND–Facebook has developed a new account-recovery system that eschews the typical communications channels used for this process, and instead relies on a user’s connections with other services. The scheme allows users to regain access to accounts without providing any identifiable information to other services. The Delegated Recovery system, which Facebook introduced at the Enigma conference here…
Read More →
January 24, 2017
Lavabit Launches New Encrypted Email System
Lavabit, the secure email service that shut down in 2013 rather than turn over the encryption key for a user account to the federal government, has reemerged with a new encrypted mail offering based on a standard developed by the company. It’s been more than three years since Lavabit founder Ladar Levison decided to end the…
Read More →
January 6, 2017
FTC Files Complaint Against D-Link Over Router, Camera Security
D-Link didn’t “take reasonable software testing and remediation measures” to protect users of its routers and IP-enabled cameras, failed to protect the private keys that sign the software on those devices, and put thousands of consumers at risk of attack, according to a new complaint brought against the technology vendor by the Federal Trade Commission. In…
Read More →