A reporter used an AI synthesis of his own voice to fool the voice authentication system for Lloyd’s Bank.
Read moreSecurity Analysis of Threema
January 19 2023A group of Swiss researchers have published an impressive security analysis of Threema.
We provide an extensive cryptographic analysis of Threema, a Swiss-based encrypted messaging application with more than...
Read more
The Decoupling Principle
December 7 2022This is a really interesting paper that discusses what the authors call the Decoupling Principle:
The idea is simple, yet previously not clearly articulated: to ensure privacy, information should...
Read more
Failures in Twitter’s Two-Factor Authentication System
November 17 2022Twitter is having intermittent problems with its two-factor authentication system:
Not all users are having problems receiving SMS authentication codes, and those who rely on an authenticator app or...
Read more
Defeating Phishing-Resistant Multifactor Authentication
November 9 2022CISA is now pushing phishing-resistant multifactor authentication. Roger Grimes has an excellent post reminding everyone that “phishing-resistant” is not “phishing proof,” and that everyone needs to stop pretending otherwise. Hi...
Read moreMan-in-the-Middle Phishing Attack
August 25 2022Here’s a phishing campaign that uses a man-in-the-middle attack to defeat multi-factor authentication:
Microsoft observed a campaign that inserted an attacker-controlled proxy site between the account users and the...
Read more
When Security Locks You Out of Everything
June 28 2022Thought experiment story of someone who lost everything in a house fire, and now can’t log into anything:
But to get into my cloud, I need my password and...
Read more
Twitter was fined $150 million for using phone numbers and email addresses collected for two-factor authentication for ad targeting.
Read moreRemember the good old days when security patches rarely needed patches? Because security patches themlelves were rare enough anyway?
Read more
Recent Comments