In This Section

PINDROP BLOG

Category: Authentication

August 30, 2016
Google Login Issue Allows Credential Theft
Attackers can add an arbitrary page to the end of a Google login flow that can steal users’ credentials. or alternatively, send users an arbitrary file any time a login form is submitted, due to a bug in the login process. A researcher in the UK identified the vulnerability recently and notified Google of it,…
Read More →
August 29, 2016
Opera Warns of Compromise of Password Sync Service
The makers of the Opera browser said attackers have compromised the servers that are used to house the data from users of Opera’s sync system, which synchronizes data between mobile and desktop installations. The attack was discovered last week, and officials at Opera Software said that they have sent an email to all of the sync…
Read More →
August 25, 2016
On the Wire Podcast: Jon Oberheide and Mikhail Davidov
It’s not often that we get to talk to someone who has launched something into space, but this week we had the chance to speak to Mikhail Davidov and Jon Oberheide of Duo Security about the company’s Duo in Space project. Using a large latex balloon, the company launched a small-ish device into near space…
Read More →
August 24, 2016
New Sweet32 Attack Hits Blowfish, 3DES
Researchers have developed a practical, relatively fast attack on 64-bit block ciphers that can allow attackers to recover authentication cookies as well as other credentials from some HTTPS-protected sessions. The attack, known as SWEET32, specifically affected TripleDES and Blowfish, two of the more popular such ciphers, and their implementations in TLS and the OpenVPN protocols.…
Read More →
August 22, 2016
Critical RNG Flaw Fixed in GnuPG
Researchers have uncovered a critical vulnerability in the GnuPG and Libgcrypt encryption apps that has been around since 1998 and allows an attacker to predict output from the software’s random number generator under some conditions. The vulnerability was discovered by a team from Karlsruhe Institute of Technology in Germany, and the people behind the GnuPG…
Read More →
August 16, 2016
Big Chunk of Android Devices Vulnerable to TCP Hijacking Bug
The TCP hijacking vulnerability in Linux disclosed last week also affects about 80 percent of Android phones in use right now, researchers said. The bug in question lies in the Linux kernel and has been there since version 3.6 of the kernel. It allows an attacker to hijack a TCP session by inferring the TCP sequence…
Read More →
August 15, 2016
Breach at Hotel Operator HEI Targeted Payment Card System
Customers of 20 hotels from a variety of operators are being warned about a compromise of payment card systems at HEI Hotels and Resorts that resulted in the theft of a wide range of card data. The attack on HEI, which owns and operates hotels from a number of chains, including Marriott, Westin, Sheraton, and…
Read More →
August 10, 2016
Widespread Linux Flaw Allows TCP Session Hijacking, Termination
The TCP implementation in all Linux systems built since 2012 has a serious flaw that can allow an attacker to terminate or inject data into a session between any two vulnerable machines on the Internet. The bug could also be used to end encrypted connections or downgrade the privacy of connections run through Tor or…
Read More →
August 3, 2016
Researchers Bypass EMV Card Protections
LAS VEGAS–Chip-and-pin or EMV cards have been touted as a more secure alternative to traditional cards, but security researchers have found several methods for bypassing the security of these systems by abusing flaws in the point of interaction devices. Nir Valtman and Patrick Watson demonstrated several techniques for getting around the security on pinpad devices,…
Read More →
August 3, 2016
Kaminsky: We Need an NIH for Cybersecurity
LAS VEGAS–The security field needs an NIH-like organization for the deep study of defensive and offensive techniques and technology to help fix the systemic problems facing the industry, a prominent security researcher says. Dan Kaminsky, a longtime researcher, said the Internet is plagued by a number of serious issues right now, problems that threaten the…
Read More →
Introducing Pindrop® Express – Authenticate without compromise.