authentication – SSL and internet security news

Device Code Phishing

February 19, 2025 infossl

authentication, authorization, phishing, russia, Security technology, Uncategorized

This isn’t new, but it’s increasingly popular: The technique is known as device code phishing. It exploits “device code flow,” a form of authentication formalized in the industry-wide OAuth standard. Authentication through device code flow is designed for logging printers, smart TVs, and similar devices into accounts. These devices typically don’t support browsers, making it … Read More “Device Code Phishing” »

RADIUS Vulnerability

July 10, 2024 infossl

academic papers, authentication, man-in-the-middle attacks, protocols, Security technology, Uncategorized, vulnerabilities

New attack against the RADIUS authentication protocol: The Blast-RADIUS attack allows a man-in-the-middle attacker between the RADIUS client and server to forge a valid protocol accept message in response to a failed authentication request. This forgery could give the attacker access to network devices and services without the attacker guessing or brute forcing passwords or … Read More “RADIUS Vulnerability” »

New Bluetooth Attack

December 8, 2023 infossl

authentication, bluetooth, cyberattack, man-in-the-middle attacks, secrecy, Security technology, Uncategorized, vulnerabilities

New attack breaks forward secrecy in Bluetooth. Three news articles: BLUFFS is a series of exploits targeting Bluetooth, aiming to break Bluetooth sessions’ forward and future secrecy, compromising the confidentiality of past and future communications between devices. This is achieved by exploiting four flaws in the session key derivation process, two of which are new, … Read More “New Bluetooth Attack” »

Breaking Laptop Fingerprint Sensors

November 29, 2023 infossl

authentication, biometrics, fingerprints, identification, reports, Security technology, sensors, Uncategorized, vulnerabilities

They’re not that good: Security researchers Jesse D’Aguanno and Timo Teräs write that, with varying degrees of reverse-engineering and using some external hardware, they were able to fool the Goodix fingerprint sensor in a Dell Inspiron 15, the Synaptic sensor in a Lenovo ThinkPad T14, and the ELAN sensor in one of Microsoft’s own Surface … Read More “Breaking Laptop Fingerprint Sensors” »

Apple to Add Manual Authentication to iMessage

November 22, 2023 infossl

apple, authentication, iphone, Security technology, Uncategorized

Signal has had the ability to manually authenticate another account for years. iMessage is getting it: The feature is called Contact Key Verification, and it does just what its name says: it lets you add a manual verification step in an iMessage conversation to confirm that the other person is who their device says they … Read More “Apple to Add Manual Authentication to iMessage” »

Parmesan Anti-Forgery Protection

August 24, 2023 infossl

authentication, forgery, Security technology, Uncategorized

The Guardian is reporting about microchips in wheels of Parmesan cheese as an anti-forgery measure. Powered by WPeMatico

Microsoft Signing Key Stolen by Chinese

August 7, 2023 infossl

authentication, backdoors, china, cybersecurity, hacking, keys, microsoft, Security technology, Uncategorized

A bunch of networks, including US Government networks, have been hacked by the Chinese. The hackers used forged authentication tokens to access user email, using a stolen Microsoft Azure account consumer signing key. Congress wants answers. The phrase “negligent security practices” is being tossed about—and with good reason. Master signing keys are not supposed to … Read More “Microsoft Signing Key Stolen by Chinese” »

Brute-Forcing a Fingerprint Reader

May 30, 2023 infossl

academic papers, authentication, cracking, fingerprints, Security technology, smartphones, Uncategorized

It’s neither hard nor expensive: Unlike password authentication, which requires a direct match between what is inputted and what’s stored in a database, fingerprint authentication determines a match using a reference threshold. As a result, a successful fingerprint brute-force attack requires only that an inputted image provides an acceptable approximation of an image in the … Read More “Brute-Forcing a Fingerprint Reader” »

The Security Vulnerabilities of Message Interoperability

March 29, 2023 infossl

academic papers, authentication, economics of security, privacy, psychology of security, Security technology, Uncategorized

Jenny Blessing and Ross Anderson have evaluated the security of systems designed to allow the various Internet messaging platforms to interoperate with each other: The Digital Markets Act ruled that users on different platforms should be able to exchange messages with each other. This opens up a real Pandora’s box. How will the networks manage … Read More “The Security Vulnerabilities of Message Interoperability” »

Fooling a Voice Authentication System with an AI-Generated Voice

March 1, 2023 infossl

artificial intelligence, authentication, banking, biometrics, deep fake, fraud, identification, Security technology, spoofing, Uncategorized, voice recognition

A reporter used an AI synthesis of his own voice to fool the voice authentication system for Lloyd’s Bank. Powered by WPeMatico