twofactorauthentication – SSL and internet security news

Zoom Will Be End-to-End Encrypted for All Users

June 17, 2020 infossl

cybersecurity, encryption, Security technology, securityengineering, twofactorauthentication, videoconferencing

Zoom is doing the right thing: it’s making end-to-end encryption available to all users, paid and unpaid. (This is a change; I wrote about the initial decision here.) …we have identified a path forward that balances the legitimate right of all users to privacy and the safety of users on our platform. This will enable … Read More “Zoom Will Be End-to-End Encrypted for All Users” »

Chinese Hackers Bypassing Two-Factor Authentication

December 26, 2019 infossl

china, hacking, rsa, Security technology, twofactorauthentication

Interesting story of how a Chinese state-sponsored hacking group is bypassing the RSA SecurID two-factor authentication system. How they did it remains unclear; although, the Fox-IT team has their theory. They said APT20 stole an RSA SecurID software token from a hacked system, which the Chinese actor then used on its computers to generate valid … Read More “Chinese Hackers Bypassing Two-Factor Authentication” »

Lessons Learned Trying to Secure Congressional Campaigns

June 5, 2019 infossl

computersecurity, riskassessment, risks, Security technology, securityawareness, securityeducation, socialmedia, twofactorauthentication, usability, voting

Really interesting first-hand experience from Maciej Cegłowski. Powered by WPeMatico

On Security Tokens

May 1, 2019 infossl

backups, keys, Security technology, securitytokens, twofactorauthentication

Mark Risher of Google extols the virtues of security keys: I’ll say it again for the people in the back: with Security Keys, instead of the *user* needing to verify the site, the *site* has to prove itself to the key. Good security these days is about human factors; we have to take the onus … Read More “On Security Tokens” »

New Attack Against Electrum Bitcoin Wallets

January 7, 2019 infossl

bitcoin, cryptocurrency, fraud, hacking, Security technology, twofactorauthentication

This is clever: How the attack works: Attacker added tens of malicious servers to the Electrum wallet network. Users of legitimate Electrum wallets initiate a Bitcoin transaction. If the transaction reaches one of the malicious servers, these servers reply with an error message that urges users to download a wallet app update from a malicious … Read More “New Attack Against Electrum Bitcoin Wallets” »

Real-Time Attacks Against Two-Factor Authentication

December 14, 2018 infossl

authentication, email, maninthemiddleattacks, phishing, Security technology, twofactorauthentication

Attackers are targeting two-factor authentication systems: Attackers working on behalf of the Iranian government collected detailed information on targets and used that knowledge to write spear-phishing emails that were tailored to the targets’ level of operational security, researchers with security firm Certfa Lab said in a blog post. The emails contained a hidden image that … Read More “Real-Time Attacks Against Two-Factor Authentication” »

Good Primer on Two-Factor Authentication Security

August 22, 2018 infossl

authentication, Security technology, twofactorauthentication, usability

Stuart Schechter published a good primer on the security issues surrounding two-factor authentication. While it’s often an important security measure, it’s not a panacea. Stuart discusses the usability and security issues that you have to think about before deploying the system. Powered by WPeMatico

Google Employees Use a Physical Token as Their Second Authentication Factor

July 26, 2018 infossl

google, keys, phishing, Security technology, twofactorauthentication

Krebs on Security is reporting that all 85,000 Google employees use two-factor authentication with a physical token. A Google spokesperson said Security Keys now form the basis of all account access at Google. “We have had no reported or confirmed account takeovers since implementing security keys at Google,” the spokesperson said. “Users might be asked … Read More “Google Employees Use a Physical Token as Their Second Authentication Factor” »

Perverse Vulnerability from Interaction between 2-Factor Authentication and iOS AutoFill

June 20, 2018 infossl

apple, authentication, banking, ios, Security technology, sms, twofactorauthentication, usability

Apple is rolling out an iOS security usability feature called Security code AutoFill. The basic idea is that the OS scans incoming SMS messages for security codes and suggests them in AutoFill, so that people can use them without having to memorize or type them. Sounds like a really good idea, but Andreas Gutmann points … Read More “Perverse Vulnerability from Interaction between 2-Factor Authentication and iOS AutoFill” »

New Technique to Hijack Social Media Accounts

June 19, 2017 infossl

fakenews, hacking, impersonation, phishing, Security technology, socialmedia, twitter, twofactorauthentication

Access Now has documented it being used against a Twitter user, but it also works against other social media accounts: With the Doubleswitch attack, a hijacker takes control of a victim’s account through one of several attack vectors. People who have not enabled an app-based form of multifactor authentication for their accounts are especially vulnerable. … Read More “New Technique to Hijack Social Media Accounts” »