authentication – Page 3 – SSL and internet security news

On the Insecurity of ES&S Voting Machines’ Hash Code

March 16, 2021 infossl

authentication, certifications, hashes, Security technology, Uncategorized, voting

Andrew Appel and Susan Greenhalgh have a blog post on the insecurity of ES&S’s software authentication system: It turns out that ES&S has bugs in their hash-code checker: if the “reference hashcode” is completely missing, then it’ll say “yes, boss, everything is fine” instead of reporting an error. It’s simultaneously shocking and unsurprising that ES&S’s … Read More “On the Insecurity of ES&S Voting Machines’ Hash Code” »

Bluetooth Vulnerability: BIAS

May 26, 2020 infossl

authentication, bluetooth, impersonation, Security technology, securityengineering, vulnerabilities, wireless

This is new research on a Bluetooth vulnerability (called BIAS) that allows someone to impersonate a trusted device: Abstract: Bluetooth (BR/EDR) is a pervasive technology for wireless communication used by billions of devices. The Bluetooth standard includes a legacy authentication procedure and a secure authentication procedure, allowing devices to authenticate to each other using a … Read More “Bluetooth Vulnerability: BIAS” »

Emotat Malware Causes Physical Damage

April 6, 2020 infossl

authentication, credentials, malware, microsoft, phishing, Security technology

Microsoft is reporting that an Emotat malware infection shut down a network by causing computers to overheat and then crash. The Emotet payload was delivered and executed on the systems of Fabrikam — a fake name Microsoft gave the victim in their case study — five days after the employee’s user credentials were exfiltrated to … Read More “Emotat Malware Causes Physical Damage” »

Internet Voting in Puerto Rico

March 24, 2020 infossl

aclu, authentication, cybersecurity, internet, secrecy, Security technology, voting

Puerto Rico is considered allowing for Internet voting. I have joined a group of security experts in a letter opposing the bill. Cybersecurity experts agree that under current technology, no practically proven method exists to securely, verifiably, or privately return voted materials over the internet. That means that votes could be manipulated or deleted on … Read More “Internet Voting in Puerto Rico” »

Hacking McDonald’s for Free Food

February 18, 2020 infossl

authentication, hacking, Security technology, vulnerabilities

This hack was possible because the McDonald’s app didn’t authenticate the server, and just did whatever the server told it to do: McDonald’s receipts in Germany end with a link to a survey page. Once you take the survey, you receive a coupon code for a free small beverage, redeemable within a month. One day, … Read More “Hacking McDonald’s for Free Food” »

Smartphone Election in Washington State

January 27, 2020 infossl

auditing, authentication, Security technology, smartphones, voting

This year: King County voters will be able to use their name and birthdate to log in to a Web portal through the Internet browser on their phones, says Bryan Finney, the CEO of Democracy Live, the Seattle-based voting company providing the technology. Once voters have completed their ballots, they must verify their submissions and … Read More “Smartphone Election in Washington State” »

SIM Hijacking

January 21, 2020 infossl

academicpapers, authentication, cellphones, fraud, Security technology, simcards, smartphones, usability

SIM hijacking — or SIM swapping — is an attack where a fraudster contacts your cell phone provider and convinces them to switch your account to a phone that they control. Since your smartphone often serves as a security measure or backup verification system, this allows the fraudster to take over other accounts of yours. … Read More “SIM Hijacking” »

Fooling Voice Assistants with Lasers

November 11, 2019 infossl

amazon, apple, authentication, google, hacking, Security technology

Interesting: Siri, Alexa, and Google Assistant are vulnerable to attacks that use lasers to inject inaudible — and sometimes invisible — commands into the devices and surreptitiously cause them to unlock doors, visit websites, and locate, unlock, and start vehicles, researchers report in a research paper published on Monday. Dubbed Light Commands, the attack works … Read More “Fooling Voice Assistants with Lasers” »

New Biometrics

September 20, 2019 infossl

authentication, biometrics, identification, Security technology

This article discusses new types of biometrics under development, including gait, scent, heartbeat, microbiome, and butt shape (no, really). Powered by WPeMatico

MongoDB Offers Field Level Encryption

June 26, 2019 infossl

authentication, cryptography, encryption, hacking, keys, Security technology

MongoDB now has the ability to encrypt data by field: MongoDB calls the new feature Field Level Encryption. It works kind of like end-to-end encrypted messaging, which scrambles data as it moves across the internet, revealing it only to the sender and the recipient. In such a “client-side” encryption scheme, databases utilizing Field Level Encryption … Read More “MongoDB Offers Field Level Encryption” »