PINDROP BLOG

Category: Identity

May 18, 2016
Sites Turn to Audio Fingerprinting to Track Users
Researchers from Princeton University, conducting a privacy survey of the top one million web sites, discovered a variety of tracking and identification techniques in use, including a novel tactic that uses audio signals to fingerprint machines and browsers. The Princeton study measured a slew of different stateful and stateless tracking techniques, with the goal of measuring…
Read More →
May 12, 2016
Walmart Sues Visa Over Chip-and-PIN Security
In what may be a sign of things to come, Walmart, the world’s largest retailer, has filed a lawsuit against Visa USA over the payment card brand’s refusal to allow consumers to use PINs, rather than signatures, to verify their identities during transactions with chip cards. The suit, filed this week in New York State…
Read More →
May 2, 2016
Serious Flaw Allows Takeover of FreedomPop Mobile Phone Accounts
Attackers are always looking for new ways to get access to users’ bank accounts and mobile devices, but sometimes the old ways are best. A researcher has discovered a serious security flaw in mobile provider FreedomPop’s site that allow an attacker to take complete control of a victim’s mobile account. Paul Moore, a security researcher and consultant in…
Read More →
April 29, 2016
Researchers Find Private Slack Tokens Posted on GitHub
Developers building bots for Slack are including their personal access tokens in code posted on GitHub, researchers have found, a problem that could give anyone who finds the tokens access to internal Slack conversations and files. Slack is a team communications app used in many organizations to share information, files, and other data. Developers can…
Read More →
April 26, 2016
Verizon DBIR Shows Focus on Credential Theft in Breaches
Attackers are continuing to refine their tactics and develop new tools, but in a lot of cases they still rely on tried-and-true methods such as phishing, social engineering, malware, keyloggers, and credential theft to achieve their goals. The 2016 Verizon Data Breach Incident Report shows that these tactics and tools are still among the most-used by…
Read More →
April 18, 2016
GitLab Fixes Authentication Bypass Flaw
GitLab has patched a serious authentication vulnerability that enabled any user to take over another user’s account with two-factor authentication enabled. The vulnerability was a result of the way that GitLab’s authentication flow produced one-time passwords for accounts with 2FA enabled. An attacker who knows a victim’s username and can capture network traffic could sign in…
Read More →
April 15, 2016
U.S. Firm Hit For Nearly $100M in Email Scam
Fraudsters employing an increasingly common scheme known as business email compromise victimized a United States company for more than $98 million, according to a suit filed by the U.S. Attorney’s office in Manhattan Thursday. The civil forfeiture lawsuit is an attempt to recover $25 million in funds held in a variety of overseas accounts, money…
Read More →
April 13, 2016
Facebook Releases Account Kit SDK for Authentication Without Passwords
Facebook has released a new SDK called Account Kit that enables app developers and site owners to provide a login experience without passwords. The new system, which the company announced at its developers’ conference yesterday, uses Facebook’s own infrastructure to perform authentication via SMS and email. Account Kit doesn’t require that users have a Facebook…
Read More →
April 8, 2016
FBI Says Fake CEO Email Scam Losses Hit $2.3 Billion
The FBI says it has seen a huge increase in the volume of business email compromise scams hitting enterprises in the last year, and estimates that losses from the scheme have hit $2.3 billion now. Like normal phishing scams, these kinds of attacks rely on highly believable messages and a healthy dose of social engineering…
Read More →
March 29, 2016
New Florida Law Exempts Agencies From Reporting Some Breach Details
Florida’s governor has signed a bill that allows state agencies not to release details of data breaches and security audits if that information would “facilitate the unauthorized access, modification, disclosure or destruction of data”. The new law, which went into effect on Friday, requires that agencies still release details of breaches to a group of state law…
Read More →