authentication – Page 5 – SSL and internet security news

Perverse Vulnerability from Interaction between 2-Factor Authentication and iOS AutoFill

June 20, 2018 infossl

apple, authentication, banking, ios, Security technology, sms, twofactorauthentication, usability

Apple is rolling out an iOS security usability feature called Security code AutoFill. The basic idea is that the OS scans incoming SMS messages for security codes and suggests them in AutoFill, so that people can use them without having to memorize or type them. Sounds like a really good idea, but Andreas Gutmann points … Read More “Perverse Vulnerability from Interaction between 2-Factor Authentication and iOS AutoFill” »

Maliciously Changing Someone’s Address

May 18, 2018 infossl

authentication, fraud, identitytheft, mail, Security technology

Someone changed the address of UPS corporate headquarters to his own apartment in Chicago. The company discovered it three months later. The problem, of course, is that in the US there isn’t any authentication of change-of-address submissions: According to the Postal Service, nearly 37 million change-of-address requests known as PS Form 3575 were … Read More “Maliciously Changing Someone’s Address” »

IoT Inspector Tool from Princeton

May 1, 2018 infossl

authentication, encryption, internetofthings, Security technology

Researchers at Princeton University have released IoT Inspector, a tool that analyzes the security and privacy of IoT devices by examining the data they send across the Internet. They’ve already used the tool to study a bunch of different IoT devices. From their blog post: Finding #3: Many IoT Devices Contact a Large and Diverse … Read More “IoT Inspector Tool from Princeton” »

Intimate Partner Threat

March 5, 2018 infossl

authentication, computersecurity, insiders, Security technology, securityquestions, socialmedia, threatmodels

Princeton’s Karen Levy has a good article computer security and the intimate partner threat: When you learn that your privacy has been compromised, the common advice is to prevent additional access — delete your insecure account, open a new one, change your password. This advice is such standard protocol for personal security that it’s almost … Read More “Intimate Partner Threat” »

Apple FaceID Hacked

November 15, 2017 infossl

apple, authentication, biometrics, cellphones, hacking, Security technology

It only took a week: On Friday, Vietnamese security firm Bkav released a blog post and video showing that — by all appearances — they’d cracked FaceID with a composite mask of 3-D-printed plastic, silicone, makeup, and simple paper cutouts, which in combination tricked an iPhone X into unlocking. The article points out that the … Read More “Apple FaceID Hacked” »

Apple’s FaceID

September 19, 2017 infossl

apple, authentication, biometrics, facerecognition, hacking, identification, Security technology

This is a good interview with Apple’s SVP of Software Engineering about FaceID. Honestly, I don’t know what to think. I am confident that Apple is not collecting a photo database, but not optimistic that it can’t be hacked with fake faces. I dislike the fact that the police can point the phone at someone … Read More “Apple’s FaceID” »

More on the NSA’s Use of Traffic Shaping

July 12, 2017 infossl

academicpapers, authentication, eavesdropping, nsa, privacy, Security technology, surveillance, trafficanalysis

“Traffic shaping” — the practice of tricking data to flow through a particular route on the Internet so it can be more easily surveiled — is an NSA technique that has gotten much less attention than it deserves. It’s a powerful technique that allows an eavesdropper to get access to communications channels it would otherwise … Read More “More on the NSA’s Use of Traffic Shaping” »

Forging Voice

May 4, 2017 infossl

authentication, biometrics, forgery, impersonation, Security technology, socialengineering, voicerecognition

LyreBird is a system that can accurately reproduce the voice of someone, given a large amount of sample inputs. It’s pretty good — listen to the demo here — and will only get better over time. The applications for recorded-voice forgeries are obvious, but I think the larger security risk will be real-time forgery. Imagine … Read More “Forging Voice” »

“Proof Mode” for your Smartphone Camera

March 1, 2017 infossl

authentication, cameras, keys, pgp, Security technology, signatures

ProofMode is an app for your smartphone that adds data to the photos you take to prove that they are real and unaltered: On the technical front, what the app is doing is automatically generating an OpenPGP key for this installed instance of the app itself, and using that to automatically sign all photos and … Read More ““Proof Mode” for your Smartphone Camera” »

Duress Codes for Fingerprint Access Control

January 26, 2017 infossl

authentication, biometrics, cellphones, deniability, fingerprints, Security technology

Mike Specter has an interesting idea on how to make biometric access-control systems more secure: add a duress code. For example, you might configure your iPhone so that either thumb or forefinger unlocks the device, but your left middle finger disables the fingerprint mechanism (useful in the US where being compelled to divulge your password … Read More “Duress Codes for Fingerprint Access Control” »