Opera Warns of Compromise of Password Sync Service
The makers of the Opera browser said attackers have compromised the servers that are used to house the data from users of Opera’s sync system, which synchronizes data between mobile and desktop installations. The attack was discovered last week, and officials at Opera Software said that they have sent an email to all of the sync […]
On the Wire Podcast: Jon Oberheide and Mikhail Davidov
It’s not often that we get to talk to someone who has launched something into space, but this week we had the chance to speak to Mikhail Davidov and Jon Oberheide of Duo Security about the company’s Duo in Space project. Using a large latex balloon, the company launched a small-ish device into near space […]
Researchers Bypass EMV Card Protections
LAS VEGAS–Chip-and-pin or EMV cards have been touted as a more secure alternative to traditional cards, but security researchers have found several methods for bypassing the security of these systems by abusing flaws in the point of interaction devices. Nir Valtman and Patrick Watson demonstrated several techniques for getting around the security on pinpad devices, […]
Kaminsky: We Need an NIH for Cybersecurity
LAS VEGAS–The security field needs an NIH-like organization for the deep study of defensive and offensive techniques and technology to help fix the systemic problems facing the industry, a prominent security researcher says. Dan Kaminsky, a longtime researcher, said the Internet is plagued by a number of serious issues right now, problems that threaten the […]
Google Turns on Forced Secure Connections for Search
Google has made a major change in the security if its main search page, turning on a feature that forces encrypted connections between Google’s servers and visitors. The move ensures that users will only communicate with Google.com over an SSL connection, even if they initially sent the request over plaintext HTTP. The company on Friday […]
NIST Explains Proposed Ban on SMS for 2FA
A few days after releasing draft authentication guidelines that propose deprecating SMS as a second factor for authentication, NIST officials provided more context on the move, saying it’s a result of advances in attacks and shifts in the threat landscape. Earlier this week, NIST, which sets technical standards for government agencies in the U.S., released […]
LastPass Patches Remote Compromise Flaw
LastPass has patched a remote compromise vulnerability disclosed this week by a Google researcher, a bug that could be used to gain full access to Firefox users’ LastPass data. The vulnerability lies in the LastPass extension for Mozilla Firefox, and researcher Tavis Ormandy of Google, who discovered the bug, found that it could be used […]
Critical Bugs Allow Theft of Credentials in LastPass
It’s a bad week to be an engineer at LastPass. The maker of a popular password manager has just fixed a serious vulnerability that allowed attackers to steal users’ stored passwords, and now another researcher has found a separate bug that he says allows full remote compromise of LastPass. On Wednesday, researcher Mathias Karlsson disclosed […]
NIST Plans to Drop SMS for Two-Factor Authentication
UPDATED–The move toward two-factor authentication and two-step verification for high-value services has been a positive one for user security, but many of those services use SMS as the channel for the second step in the authentication process, a method that the United States government is preparing to recommend against using. The National Institute of Standards and Technology […]