In This Section

PINDROP BLOG

Category: Authentication

September 9, 2016
Large Database of Device Certificates, SSH Keys Published
Let’s say you’re a manufacturer of embedded device, maybe routers or wireless access points. Cool. And let’s also say that you want to offer encrypted connections to those devices. Great. So you grab a server certificate online, throw it in the device’s firmware and ship it. Not cool at all. But that’s what a number…
Read More →
September 2, 2016
Here’s an Adult Conversation About Crypto
Earlier this week, FBI Director James Comey said that the country needed to have an “adult conversation” about encryption and how it’s used. To get the ball rolling, here’s what we thought that conversation might sound like. Alice: Bob, I need to talk to you about something. Have a seat. Bob: Uh, ok. Sounds serious. Alice:…
Read More →
September 1, 2016
Employee Password Compromise Leads to Breach at OneLogin
A password compromise of an employee at OneLogin, the identity and access management company, has led to a breach at the company that affected stored customer data that was supposed to be encrypted but was actually available in plaintext. The attack happened earlier this summer, and OneLogin officials say the attacker may have been on their…
Read More →
August 31, 2016
Fake Ransomware Targets Redis Instances
UPDATE–Researchers have found that more than 18,000 instances of the Redis data store service are exposed to the Internet and open to complete compromise by remote attackers using simple commands. Duo Labs researchers set up a Redis honeypot and ran it for a month, looking for attack patterns and quickly found that attackers are actively…
Read More →
August 31, 2016
68 Million Hashed Dropbox Passwords Dumped Online
The scope of a compromise of Dropbox four years ago that the company initially said only involved customer email addresses being stolen has now expanded, with more than 68 million user passwords dumped online. The cache comprises passwords that are hashed with either SHA-1 or bcrypt and none of them are in plaintext. When Dropbox…
Read More →
August 30, 2016
L0phtCrack 7 Shows Windows Passwords Easier to Crack Now Than 20 Years Ago
Time waits for no man, and neither does L0phtCrack. Nearly 20 years after the first version of the password auditing and cracking tool was released, L0phtCrack 7, released Tuesday, shows that Windows passwords are even easier to crack now than they were in 1997. L0phtCrack was the first password auditing tool released for Windows and its…
Read More →
August 30, 2016
Google Login Issue Allows Credential Theft
Attackers can add an arbitrary page to the end of a Google login flow that can steal users’ credentials. or alternatively, send users an arbitrary file any time a login form is submitted, due to a bug in the login process. A researcher in the UK identified the vulnerability recently and notified Google of it,…
Read More →
August 29, 2016
Opera Warns of Compromise of Password Sync Service
The makers of the Opera browser said attackers have compromised the servers that are used to house the data from users of Opera’s sync system, which synchronizes data between mobile and desktop installations. The attack was discovered last week, and officials at Opera Software said that they have sent an email to all of the sync…
Read More →
August 25, 2016
On the Wire Podcast: Jon Oberheide and Mikhail Davidov
It’s not often that we get to talk to someone who has launched something into space, but this week we had the chance to speak to Mikhail Davidov and Jon Oberheide of Duo Security about the company’s Duo in Space project. Using a large latex balloon, the company launched a small-ish device into near space…
Read More →
August 24, 2016
New Sweet32 Attack Hits Blowfish, 3DES
Researchers have developed a practical, relatively fast attack on 64-bit block ciphers that can allow attackers to recover authentication cookies as well as other credentials from some HTTPS-protected sessions. The attack, known as SWEET32, specifically affected TripleDES and Blowfish, two of the more popular such ciphers, and their implementations in TLS and the OpenVPN protocols.…
Read More →
Forbes highlights Deep Voice™ Biometric Engine