In This Section

PINDROP BLOG

Category: Authentication

August 22, 2016
Critical RNG Flaw Fixed in GnuPG
Researchers have uncovered a critical vulnerability in the GnuPG and Libgcrypt encryption apps that has been around since 1998 and allows an attacker to predict output from the software’s random number generator under some conditions. The vulnerability was discovered by a team from Karlsruhe Institute of Technology in Germany, and the people behind the GnuPG…
Read More →
August 16, 2016
Big Chunk of Android Devices Vulnerable to TCP Hijacking Bug
The TCP hijacking vulnerability in Linux disclosed last week also affects about 80 percent of Android phones in use right now, researchers said. The bug in question lies in the Linux kernel and has been there since version 3.6 of the kernel. It allows an attacker to hijack a TCP session by inferring the TCP sequence…
Read More →
August 15, 2016
Breach at Hotel Operator HEI Targeted Payment Card System
Customers of 20 hotels from a variety of operators are being warned about a compromise of payment card systems at HEI Hotels and Resorts that resulted in the theft of a wide range of card data. The attack on HEI, which owns and operates hotels from a number of chains, including Marriott, Westin, Sheraton, and…
Read More →
August 10, 2016
Widespread Linux Flaw Allows TCP Session Hijacking, Termination
The TCP implementation in all Linux systems built since 2012 has a serious flaw that can allow an attacker to terminate or inject data into a session between any two vulnerable machines on the Internet. The bug could also be used to end encrypted connections or downgrade the privacy of connections run through Tor or…
Read More →
August 3, 2016
Researchers Bypass EMV Card Protections
LAS VEGAS–Chip-and-pin or EMV cards have been touted as a more secure alternative to traditional cards, but security researchers have found several methods for bypassing the security of these systems by abusing flaws in the point of interaction devices. Nir Valtman and Patrick Watson demonstrated several techniques for getting around the security on pinpad devices,…
Read More →
August 3, 2016
Kaminsky: We Need an NIH for Cybersecurity
LAS VEGAS–The security field needs an NIH-like organization for the deep study of defensive and offensive techniques and technology to help fix the systemic problems facing the industry, a prominent security researcher says. Dan Kaminsky, a longtime researcher, said the Internet is plagued by a number of serious issues right now, problems that threaten the…
Read More →
August 1, 2016
Google Turns on Forced Secure Connections for Search
Google has made a major change in the security if its main search page, turning on a feature that forces encrypted connections between Google’s servers and visitors. The move ensures that users will only communicate with Google.com over an SSL connection, even if they initially sent the request over plaintext HTTP. The company on Friday…
Read More →
July 29, 2016
NIST Explains Proposed Ban on SMS for 2FA
A few days after releasing draft authentication guidelines that propose deprecating SMS as a second factor for authentication, NIST officials provided more context on the move, saying it’s a result of advances in attacks and shifts in the threat landscape. Earlier this week, NIST, which sets technical standards for government agencies in the U.S., released…
Read More →
July 28, 2016
Apple to Detail iOS 10 Security at Black Hat
Apple, notoriously closed-mouthed about its security technology, plans to detail three new security features of the upcoming iOS 10 operating system at the Black Hat conference next week. The company’s head of security engineering and architecture will present a talk that outlines the functionality of the mechanisms, including HomeKit, the company’s smart home controller, and…
Read More →
July 28, 2016
LastPass Patches Remote Compromise Flaw
LastPass has patched a remote compromise vulnerability disclosed this week by a Google researcher, a bug that could be used to gain full access to Firefox users’ LastPass data. The vulnerability lies in the LastPass extension for Mozilla Firefox, and researcher Tavis Ormandy of Google, who discovered the bug, found that it could be used…
Read More →
Forbes highlights Deep Voice™ Biometric Engine