Facebook Releases Account Kit SDK for Authentication Without Passwords
Facebook has released a new SDK called Account Kit that enables app developers and site owners to provide a login experience without passwords. The new system, which the company announced at its developers’ conference yesterday, uses Facebook’s own infrastructure to perform authentication via SMS and email. Account Kit doesn’t require that users have a Facebook […]
WordPress Turns on Encryption for 1 Million Sites
The movement to encrypt as much of the public Web as possible has gotten a major boost, as WordPress has turned on HTTPS connections for all of the more than one million custom domains hosted on WordPress.com. The change happened on Friday and significantly, it doesn’t require any work on the part of the site owners. […]
FBI Says Fake CEO Email Scam Losses Hit $2.3 Billion
The FBI says it has seen a huge increase in the volume of business email compromise scams hitting enterprises in the last year, and estimates that losses from the scheme have hit $2.3 billion now. Like normal phishing scams, these kinds of attacks rely on highly believable messages and a healthy dose of social engineering […]
1,418 Bugs in Medical Devices, Zero Patches
There are vulnerability reports, and there are Vulnerability Reports. The latest and perhaps best entry in the latter category is a disclosure of more than 1,400 vulnerabilities in a variety of medication-supply devices manufactured by CareFusion. The affected devices are CareFusion’s Pyxis SupplyStation systems, automated cabinets that allow medical personnel to dispense medication and monitor […]
More Android Malware Bypassing Mobile Banking 2FA
The kind of features that once were reserved solely for top-shelf malware is becoming standard equipment for mobile malware. The latest must-have feature is the ability to bypass two-factor authentication and it is showing up in more and more malicious apps, especially those that impersonate banking apps. A couple months ago a new version of […]
Home Depot Pays $19.5 Million to Settle Data Breach Suits
The Home Depot has agreed to pay more than $19 million to settle a massive lass-action lawsuit stemming from its 2014 data breach, one of the larger incidents in United States history. The settlement brings to a close what has been a long and ugly tale. The data breach came to light in late 2014 […]
FTC Demands Info From PCI Auditors
The Federal Trade Commission has sent an order to nine of the larger companies that do PCI DSS assessments, demanding that the organizations turn over detailed information on how they conduct those audits, how often they actually declare a company non-compliant, and many other details. The PCI standard was created by the major payment card […]
Facebook Fixes Account-Takeover Bug
Facebook has fixed a simple yet potentially dangerous bug in its beta platform that could allow an attacker to take over another user’s account by brute-forcing the passcode that Facebook sends to users who forget their passwords. When a Facebook user forgets her password, she is directed to a form to enter either an email […]
Bypassing Phone Fingerprint Sensors With an Inkjet Printer
Researchers at Michigan State University have developed a clever hack that allows them to scan and then print a target user’s fingerprint and then use it to unlock a mobile phone via the fingerprint sensor. The method uses an off-the-shelf inkjet printer equipped with some special cartridges with conductive ink to print the fingerprint image […]