Category: authentication

Auto Added by WPeMatico

Security Analysis of Threema

Posted on By infossl
academic papers, authentication, cryptanalysis, encryption, Security technology, side-channel attacks, threat models, Uncategorized, vulnerabilities

A group of Swiss researchers have published an impressive security analysis of Threema. We provide an extensive cryptographic analysis of Threema, a Swiss-based encrypted messaging application with more than 10 million users and 7000 corporate customers. We present seven different attacks against the protocol in three different threat models. As one example, we present a … Read More “Security Analysis of Threema” »

The Decoupling Principle

Posted on By infossl
academic papers, anonymity, authentication, privacy, pseudonymity, Security technology, Uncategorized

This is a really interesting paper that discusses what the authors call the Decoupling Principle: The idea is simple, yet previously not clearly articulated: to ensure privacy, information should be divided architecturally and institutionally such that each entity has only the information they need to perform their relevant function. Architectural decoupling entails splitting functionality for … Read More “The Decoupling Principle” »

Failures in Twitter’s Two-Factor Authentication System

Posted on By infossl
authentication, cybersecurity, passwords, Security technology, sms, twitter, two-factor authentication, Uncategorized, vulnerabilities

Twitter is having intermittent problems with its two-factor authentication system: Not all users are having problems receiving SMS authentication codes, and those who rely on an authenticator app or physical authentication token to secure their Twitter account may not have reason to test the mechanism. But users have been self-reporting issues on Twitter since the … Read More “Failures in Twitter’s Two-Factor Authentication System” »

When Security Locks You Out of Everything

Posted on By infossl
authentication, cybersecurity, passwords, Security technology, two-factor authentication, Uncategorized

Thought experiment story of someone who lost everything in a house fire, and now can’t log into anything: But to get into my cloud, I need my password and 2FA. And even if I could convince the cloud provider to bypass that and let me in, the backup is secured with a password which is … Read More “When Security Locks You Out of Everything” »

Problems with Multifactor Authentication

Posted on By infossl
authentication, phishing, ransomware, Security technology, social engineering, two-factor authentication, Uncategorized

Roger Grimes on why multifactor authentication isn’t a panacea: The first time I heard of this issue was from a Midwest CEO. His organization had been hit by ransomware to the tune of $10M. Operationally, they were still recovering nearly a year later. And, embarrassingly, it was his most trusted VP who let the attackers … Read More “Problems with Multifactor Authentication” »

Using “Master Faces” to Bypass Face-Recognition Authenticating Systems

Posted on By infossl
academic papers, authentication, face recognition, Security technology, Uncategorized

Fascinating research: “Generating Master Faces for Dictionary Attacks with a Network-Assisted Latent Space Evolution.” Abstract: A master face is a face image that passes face-based identity-authentication for a large portion of the population. These faces can be used to impersonate, with a high probability of success, any user, without having access to any user-information. We … Read More “Using “Master Faces” to Bypass Face-Recognition Authenticating Systems” »

Backdoor Added — But Found — in PHP

Posted on By infossl
authentication, backdoors, hacking, open source, Security technology, supply chain, Uncategorized

Unknown hackers attempted to add a backdoor to the PHP source code. It was two malicious commits, with the subject “fix typo” and the names of known PHP developers and maintainers. They were discovered and removed before being pushed out to any users. But since 79% of the Internet’s websites use PHP, it’s scary. Developers … Read More “Backdoor Added — But Found — in PHP” »

Easy SMS Hijacking

Posted on By infossl
authentication, cell phones, cybercrime, Security technology, sms, Uncategorized, vulnerabilities

Vice is reporting on a cell phone vulnerability caused by commercial SMS services. One of the things these services permit is text message forwarding. It turns out that with a little bit of anonymous money — in this case, $16 off an anonymous prepaid credit card — and a few lies, you can forward the … Read More “Easy SMS Hijacking” »