Call Centers a Soft Target for Fraudsters
The fraud schemes that consumers and businesses face every day are the end result of a lot of research, work, and planning on the part of the criminals who perpetrate them. There are a lot of moving pieces in the background that victims never see, and often the schemes involve many intermediate steps before a […]
Yahoo Data Breach Highlights Defender’s Disadvantage
For the second time in less than three months, Yahoo has disclosed a massive data breach, and this is one for the record books. The company said more than one billion accounts are affected by the breach, and Yahoo officials still aren’t exactly sure how the attackers got in. On Wednesday evening, Yahoo CISO Bob […]
Bugs in AirDroid App Allow Traffic Interception, Malicious Updates
AirDroid, a popular Android app used for remote management, has a number of security vulnerabilities that could allow an attacker to intercept and decrypt secure traffic and even inject a malicious app update to gain remote code execution on a target device. The main issue with the app is the use of a hard-coded encryption […]
Tesco Bank Refunds £2.5 Million, Restores Online Service After Attack
Two days after suspending all online payments following an attack, Tesco Bank in the U.K. has resumed full service and bank officials say they have refunded about £2.5 million to customers affected by the incident. The exact nature of the attack on the bank’s customers still isn’t clear, but last weekend many Tesco customers reported that significant amounts of […]
Visa and Intel Collaborate on IoT Payment Security
As the security of IoT devices has become more and more of a problem, Visa and Intel are forming an alliance to make payments from those devices more secure and trustworthy. The partnership has two separate components: adding Visa’s encryption technology to devices that use Intel’s chipsets, and hardware-level device authentication to ensure that payments are […]
Apple to Remove Trust for Chinese CA WoSign
The infrastructure upon which the Internet’s encryption system is built is fragile and prone to random, sometimes catastrophic, failures. The latest evidence of this weakness in the network is an incident involving a Chinese certificate authority WoSign, which was caught back-dating certificates and allowing customers to add arbitrary domains to their certificates. The problems have […]
Your Body is a Wonderland–For Transmitting Passwords
Credential theft is one of the more persistent and troubling threats in security, and researchers have been trying to come up with answers to it for decades. A team at the University of Washington has developed a system that can prevent attackers from intercepting passwords and keys sent over the air by sending them through users’ bodies […]
On the Wire Podcast: Jessy Irwin
Jessy Irwin makes her triumphant return to the podcast to help us work through our feelings about the Yahoo data breach, the NIST guidance on SMS two-factor authentication, and why we’re still giving terrible security advice to users. Dennis Fisher and Jessy also talk about what kind of breaches could be lurking on the horizon […]
Researchers Say iOS 10 Backup Passwords Easy to Crack
Apple seems to have made a curious security choice in iOS 10, one that enables attackers to brute force the password for a user’s local backup 2,500 times faster than was possible on iOS 9. Researchers at Elcomsoft, a Russian security company, discovered the issue, which is related to the choice of hashing algorithm in […]