PINDROP BLOG

Category: Authentication

November 9, 2016
Tesco Bank Refunds £2.5 Million, Restores Online Service After Attack
Two days after suspending all online payments following an attack, Tesco Bank in the U.K. has resumed full service and bank officials say they have refunded about £2.5 million to customers affected by the incident. The exact nature of the attack on the bank’s customers still isn’t clear, but last weekend many Tesco customers reported that significant amounts of…
Read More →
November 8, 2016
Audit of Signal Protocol Finds it Secure and Trustworthy
A group of academic security researchers has reviewed the security of the Signal protocol, which is used in the Signal encrypted messaging app as well as in many third-party apps, and found that it is both secure and resistant to attack. The review, conducted by researchers from universities in the U.K., Canada, and Australia, looked at…
Read More →
November 7, 2016
Tesco Bank Halts Online Payments After Attack
A day after thousands of customers noticed money missing from their accounts with no explanation, Tesco Bank in the U.K. has halted all online payments from customer accounts as it struggles to contain and find the root cause of the incident. Bank officials on Monday said that they were aware of the missing money, which…
Read More →
October 25, 2016
Visa and Intel Collaborate on IoT Payment Security
As the security of IoT devices has become more and more of a problem, Visa and Intel are forming an alliance to make payments from those devices more secure and trustworthy. The partnership has two separate components: adding Visa’s encryption technology to devices that use Intel’s chipsets, and hardware-level device authentication to ensure that payments are…
Read More →
October 17, 2016
DHS Warns Mirai Malware is Targeting Sierra Wireless Gateways
DHS is warning users that the Mirai malware is infecting wireless gateways sold by Sierra Wireless and using the compromised devices as part of a botnet for DDoS attacks. The Mirai malware has been targeting a variety of embedded devices, especially CCTV cameras, that have default telnet credentials enabled and compromising them. The attackers deploying…
Read More →
October 11, 2016
There’s Another Hacking Team Going After SWIFT Banks
Security researchers have uncovered evidence that there is a second group of attackers who have been targeting banks in the SWIFT network, using a new Trojan that hides SWIFT message records and overwrites the master boot record of some hard drives. The newly discovered group is using a piece of malware known as Odinaff, which…
Read More →
October 3, 2016
Apple to Remove Trust for Chinese CA WoSign
The infrastructure upon which the Internet’s encryption system is built is fragile and prone to random, sometimes catastrophic, failures. The latest evidence of this weakness in the network is an incident involving a Chinese certificate authority WoSign, which was caught back-dating certificates and allowing customers to add arbitrary domains to their certificates. The problems have…
Read More →
October 3, 2016
Your Body is a Wonderland–For Transmitting Passwords
Credential theft is one of the more persistent and troubling threats in security, and researchers have been trying to come up with answers to it for decades. A team at the University of Washington has developed a system that can prevent attackers from intercepting passwords and keys sent over the air by sending them through users’ bodies…
Read More →
September 30, 2016
On the Wire Podcast: Jessy Irwin
Jessy Irwin makes her triumphant return to the podcast to help us work through our feelings about the Yahoo data breach, the NIST guidance on SMS two-factor authentication, and why we’re still giving terrible security advice to users. Dennis Fisher and Jessy also talk about what kind of breaches could be lurking on the horizon…
Read More →
September 23, 2016
Researchers Say iOS 10 Backup Passwords Easy to Crack
Apple seems to have made a curious security choice in iOS 10, one that enables attackers to brute force the password for a user’s local backup 2,500 times faster than was possible on iOS 9. Researchers at Elcomsoft, a Russian security company, discovered the issue, which is related to the choice of hashing algorithm in…
Read More →