When Security Locks You Out of Everything
June 28 2022Thought experiment story of someone who lost everything in a house fire, and now can’t log into anything:
But to get into my cloud, I need my password and...
Read more
Thought experiment story of someone who lost everything in a house fire, and now can’t log into anything:
But to get into my cloud, I need my password and...
Read more
Twitter was fined $150 million for using phone numbers and email addresses collected for two-factor authentication for ad targeting.
Read moreRemember the good old days when security patches rarely needed patches? Because security patches themlelves were rare enough anyway?
Read moreRoger Grimes on why multifactor authentication isn’t a panacea:
The first time I heard of this issue was from a Midwest CEO. His organization had been hit by ransomware...
Read more
Fascinating research: “Generating Master Faces for Dictionary Attacks with a Network-Assisted Latent Space Evolution.”
Abstract: A master face is a face image that passes face-based identity-authentication for a large...
Read more
Unknown hackers attempted to add a backdoor to the PHP source code. It was two malicious commits, with the subject “fix typo” and the names of known PHP developers...
Read more
Vice is reporting on a cell phone vulnerability caused by commercial SMS services. One of the things these services permit is text message forwarding. It turns out that...
Read more
Andrew Appel and Susan Greenhalgh have a blog post on the insecurity of ES&S’s software authentication system:
It turns out that ES&S has bugs in their hash-code checker: ...
Read more
Sonja Drummer describes (with photographs) two medieval security techniques. The first is a for authentication: a document has been cut in half with an irregular pattern, so that the...
Read more
The NSA has published an advisory outlining how “malicious cyber actors” are “are manipulating trust in federated authentication environments to access protected data in the cloud.” This is...
Read more
Recent Comments