Authentication - Infoworld en Teen arrested in Heartbleed attack against Canadian tax site <p>Canadian police have arrested a 19-year-old man for allegedly using the Heartbleed bug to steal data about taxpayers.</p> <p>Stephen Arthuro Solis-Reyes, of London, Ontario, took advantage of the vulnerability to steal information from the Canada Revenue Agency's website, according to the National Division of the Royal Canadian Mounted Police. They arrested him on Tuesday without incident. Solis-Reyes faces one count of unauthorized use of a computer and one count of "mischief in relation to data."</p> Security Authentication Cyber Crime Data Security Thu, 17 Apr 2014 11:23:07 +0000 admin 240684 at German researchers hack Galaxy S5 fingerprint login <p>It took just four days for German researchers to trick the Samsung Galaxy S5's fingerprint scanner into accepting a mold of a fingerprint instead of a real finger.</p> <p>Despite fingerprint authentication being one of the headline features on Samsung's new flagship model, the company's implementation of it "leaves much to be desired," SRLabs said in a video demonstration of the hack <a href="" target="_blank">posted on Youtube.</a></p> Mobile Technology Security Samsung Android Authentication Mobile Security Hacking Identity Management Smartphones Wed, 16 Apr 2014 13:53:02 +0000 admin 240603 at The right way to secure the Internet of things <div id="blog-edit" style="padding: 8px; background: none no-repeat scroll center top #ffffff; position: relative; float: right; width: 243px; height: 192px;"><img src="" alt="The right way to secure the Internet of things" width="243" height="182" align="right" /><br /><em><p align="right">Credit: VLADGRIN</p> Security Authentication Endpoint Protection Security Tue, 15 Apr 2014 10:00:00 +0000 Roger A. Grimes 240486 at 8 ways to improve wired network security <p>We sometimes focus more on the wireless side of the network when it comes to security because Wi-Fi has no physical fences. After all, a war-driver can detect your SSID and launch an attack while sitting out in the parking lot.</p> <p>But in a world of insider threats, targeted attacks from outside, as well as hackers who use social engineering to gain physical access to corporate networks, the security of the wired portion of the network should also be top of mind.</p> Networking Security Authentication Encryption Network Security Mon, 17 Mar 2014 14:27:27 +0000 admin 238479 at Secusmart puts its BlackBerry encryption chip to work on the desktop <p>At around €2,000 ($2800) each, the secure smartphones that SecuSmart showed at Cebit last year were out of reach of many businesses -- although three governments have since bought them to secure mobile phone calls between senior officials, according to CEO Hans-Christoph Quelle. Now the company has developed a less expensive and more flexible system intended for the enterprise and has extended the reach of its mobile system to secure VOIP calls on desktop phones.</p> Computer Hardware Mobile Technology Security Authentication Mobile Apps Encryption Processors Mobile Security Fri, 14 Mar 2014 18:30:05 +0000 admin 238434 at Some Samsung Galaxy devices contain a file access backdoor, Replicant developers say <p>The developers of Replicant, a mobile OS based on Android, claim to have found a backdoor vulnerability in a software component shipped with some Samsung Galaxy devices that potentially provides remote access to users' private files through the device modem.</p> <p>The problem is located in the proprietary library that handles communications between the Android OS and the firmware running on the modem chipset, also known as the baseband or radio processor.</p> Mobile Technology Security Android Authentication Mobile Security Vulnerability Assessment Thu, 13 Mar 2014 16:20:32 +0000 admin 238332 at Poorly managed SSH keys pose serious risks for most companies <p>Many companies are dangerously exposed to threats like the recently revealed Mask Advanced Persistent Threat because they don't properly manage the Secure Shell (SSH) cryptographic keys used to authenticate access to critical internal systems and services.</p> <p>A Ponemon Institute survey of more than 2,100 systems administrators at Global 2000 companies discovered that three out of four enterprises are vulnerable to root-level attacks against their systems because of their failure to secure SSH keys.</p> Security Authentication Cyber Crime Encryption Vulnerability Assessment Mon, 24 Feb 2014 13:08:43 +0000 admin 236884 at Founders of security startup SlickLogin join Google <p>The team at SlickLogin, a company working on technology for online authentication using sounds from a mobile phone, said it has joined Google.</p> Security Google Authentication M&A Startups Mobile Security Tue, 18 Feb 2014 15:58:27 +0000 admin 236474 at 'TheMoon' worm infects Linksys routers <p>A self-replicating program is infecting Linksys routers by exploiting an authentication bypass vulnerability in various models from the vendor's E-Series product line.</p> Networking Security Authentication Network Router Malware Fri, 14 Feb 2014 13:33:15 +0000 admin 236404 at What ever happened to 'FIDO Alliance' that was going to revolutionize authentication? <p>What ever happened to the "FIDO Alliance," that industry group that first showed up a year ago saying it was going to revolutionize e-commerce online authentication by promoting a new multi-factor authentication protocol? Turns out the revolution in security is slow in coming but they're making some progress.</p> Security Authentication Thu, 13 Feb 2014 13:07:53 +0000 admin 236296 at Microsoft gives multifactor authentication to all Office 365 users <p>Microsoft is offering multifactor authentication free as an option to all users of its Office 365 suite, a hosted set of Microsoft Office tools and applications.</p> Cloud Computing Security Microsoft Microsoft Office 365 Authentication SaaS Office Software Tue, 11 Feb 2014 13:24:05 +0000 admin 236104 at Authentication bug exposes webcams to unauthorized access <p>The software used by many wireless IP cameras manufactured by Foscam Digital Technologies have a vulnerability that allows remote users to access their video streams and take snapshots without proper authentication.</p> <p>The issue <a href="" target="_blank">was reported on the Foscam technical support forum</a> this week by the owner of a Foscam FI8905W Wireless IP Camera that's built for outdoor environments.</p> Security Authentication Internet Privacy Fri, 24 Jan 2014 15:25:26 +0000 admin 234952 at Syrian Electronic Army hacks Microsoft's Office Blogs site <p>After hijacking several of Microsoft's Twitter accounts and compromising its official blog over the past two weeks, the Syrian Electronic Army hacked into the Microsoft Office Blogs site Monday.</p> <p>The SEA (Syrian Electronic Army) <a href="" target="_blank">posted a screenshot on Twitter</a> of the Microsoft Office Blogs site with a rogue article titled "Hacked by the Syrian Electronic Army." The article has since been removed from the site, but is still visible in Google's cache.</p> Security Authentication Hacking Intrusion Detection Tue, 21 Jan 2014 19:03:27 +0000 admin 234679 at Cisco fixes remote access vulnerabilities in Cisco Secure Access Control System <p>Cisco Systems has released software updates for its Cisco Secure Access Control System (ACS) in order to patch three vulnerabilities that could give remote attackers administrative access to the platform and allow them to execute OS-level commands without authorization.</p> <p>Cisco ACS is a server appliance that enforces access control policies for both wireless and wired network clients. It's managed through a Web-based user interface and supports the RADIUS (Remote Access Dial In User Service) and TACACS+ (Terminal Access Controller Access-Control System Plus) protocols.</p> Networking Security Cisco Systems Authentication Intrusion Detection Network Security Patch Management Vulnerability Assessment Thu, 16 Jan 2014 13:13:10 +0000 admin 234354 at Default settings leave external hard drives connected to Asus routers wide open <p>Files on thousands of hard drives connected to broadband routers from Asus are easily accessible over the Internet due to unsecure default settings, according to industry experts and tests conducted by PC World Norway and TechWorld Sweden.</p> <p>Broadband routers with USB ports that allow users to connect external hard drives have become increasingly common. Shared storage that can be remotely accessed via the Internet using protocols such as FTP is convenient, but it also comes with security implications.</p> Security Authentication Network Router Wireless LAN Security Thu, 09 Jan 2014 18:11:50 +0000 admin 233894 at OpenSuse forums hack raises vBulletin zero-day exploit possibility <p>A compromise of the community forums for the OpenSuse Linux distribution Tuesday sparked concern that hackers have access to a previously unknown exploit for the popular vBulletin Internet forum software.</p> <p>The attack resulted in hackers replacing some pages on the <a href="" target="_blank"></a> website and gaining access to the site's user database. The forums had almost 80,000 registered members at the time of the compromise.</p> Open Source Software Security Authentication Data Security Hacking Open Source Software Intrusion Detection Vulnerability Assessment Thu, 09 Jan 2014 13:47:12 +0000 admin 233849 at Lucky 2013: Count these 5 security blessings <div id="blog-edit" style="padding: 8px; background: none no-repeat scroll center top #ffffff; position: relative; float: right; width: 243px; height: 192px;"><img src="" alt="Lucky 2013: Count these 5 security blessings" width="243" height="182" align="right" /><br /><em><p align="right">Credit: iStockphoto</p></em></div> Security Authentication Cyber Crime Encryption Hacking Network Security Security Management Windows Security Security Mon, 23 Dec 2013 11:00:00 +0000 Roger A. Grimes 233003 at Microsoft joins group seeking to replace passwords <p>Microsoft has joined the <a href="" target="_blank">FIDO Alliance</a>, an industry group attempting to craft industry standards that reduce reliance on passwords, long regarded as a weak point in Web security.</p> <p>Launched in July 2012, FIDO, which stands for Fast Identity Online, is hoping its specifications for security devices and browser plugins will be widely adopted across the technology industry.</p> Security Authentication Fri, 13 Dec 2013 17:36:33 +0000 admin 232614 at GitHub bans weak passwords after brute-force attack results in compromised accounts <p>Popular source code repository service GitHub has recently been hit by a brute-force password-guessing attack that successfully compromised some accounts.</p> <p>"We sent an email to users with compromised accounts letting them know what to do," GitHub security engineer Shawn Davenport said in a <a href="" target="_blank">blog post</a>. "Their passwords have been reset and personal access tokens, OAuth authorizations, and SSH keys have all been revoked."</p> Application Development Security Authentication Encryption Password Security Wed, 20 Nov 2013 15:48:15 +0000 admin 231273 at Hackers actively exploiting JBoss vulnerability to compromise servers <p>Attackers are actively exploiting a known vulnerability to compromise JBoss Java EE application servers that expose the HTTP Invoker service to the Internet in an insecure manner.</p> Security Application Servers Authentication Intrusion Detection Vulnerability Assessment Mon, 18 Nov 2013 20:21:32 +0000 admin 231091 at