authentication
Password management done right
David Sancho, senior threat researcher with Trend Micro, has recently written a short but good post in which he pointed out the reasons why despite their inherent insecurity, …
Windows flaw allows access to data after accounts are revoked
A disabled account in Windows’ network does not take effect immediately, according to Aorato. In fact, due to design considerations disabled accounts – and the …
Researchers debunk severity of OAuth “Covert Redirect” bug
Late last week, a Ph.D. student at the Nanyang Technological University in Singapore made the information security world pause for a moment by claiming that he had found a …
Passwords: Real-world issues, tips and alternatives
Per Thorsheim is an independent information security adviser based in Norway. He is the founder and main organizer of PasswordsCon, the first and only international conference …
Heartbleed attacker hijacked VPN active user sessions
As the number of the most popular websites that still haven’t patched their servers against the Heartbleed exploit continues to diminish (go here for an up-to-date list …
Supposedly patched router backdoor was simply hidden
When security systems’ engineer and researcher Eloi Vanderbeken discovered the existence of a backdoor in his own Linksys router last Christmas, he spurred other hackers …
Samsung Galaxy S5 fingerprint scanner can be tricked
Samsung’s newly released Galaxy S5 phone sports a fingerprint scanner embedded in the home button that works well but unfortunately, like iPhone 5S’ TouchID before …
Identifying security innovation strategies
Tom Quillin is the Director of Cyber Security Technology and Initiatives at Intel Corporation. In this interview he talks about security innovation, current and future …
Heartbleed bug: What regular users need to do
As the news of the existence of the Heartbleed bug in OpenSSL and the implications of its existence trickles down into mainstream media, users are trying to figure out what …
German police finds 18M stolen and misused account logins
Police in northwestern German city of Verden have discovered a collection of 18 million stolen email addresses and corresponding passwords that are being actively used to send …
LastPass adds two-factor authentication from Duo Security
LastPass integrated Duo’s mobile-based two-factor authentication solution to the LastPass password management platform to provide an additional layer of credential …
Retailers urge adoption of PIN-based credit cards
The National Retail Federation told the Senate that it’s time for an overhaul of the nation’s fraud-prone credit and debit card system, saying banks’ …