Collaborate Disseminate
Zoom is doing the right thing: it’s making end-to-end encryption available to all users, paid and unpaid. (This is a change; I wrote about the initial decision here.) …we have identified a path forward that balances the legitimate right of all users … Continue reading Zoom Will Be End-to-End Encrypted for All Users
Zoom is doing the right thing: it’s making end-to-end encryption available to all users, paid and unpaid. (This is a change; I wrote about the initial decision here.) …we have identified a path forward that balances the legitimate right of all users to privacy and the safety of users on our platform. This will enable us to offer E2EE as… Continue reading Zoom Will Be End-to-End Encrypted for All Users
Interesting story of how a Chinese state-sponsored hacking group is bypassing the RSA SecurID two-factor authentication system. How they did it remains unclear; although, the Fox-IT team has their theory. They said APT20 stole an RSA SecurID software t… Continue reading Chinese Hackers Bypassing Two-Factor Authentication
Interesting story of how a Chinese state-sponsored hacking group is bypassing the RSA SecurID two-factor authentication system. How they did it remains unclear; although, the Fox-IT team has their theory. They said APT20 stole an RSA SecurID software token from a hacked system, which the Chinese actor then used on its computers to generate valid one-time codes and bypass 2FA… Continue reading Chinese Hackers Bypassing Two-Factor Authentication
Really interesting first-hand experience from Maciej CegÅ‚owski…. Continue reading Lessons Learned Trying to Secure Congressional Campaigns
Mark Risher of Google extols the virtues of security keys: I’ll say it again for the people in the back: with Security Keys, instead of the *user* needing to verify the site, the *site* has to prove itself to the key. Good security these days is about … Continue reading On Security Tokens
Mark Risher of Google extols the virtues of security keys: I’ll say it again for the people in the back: with Security Keys, instead of the *user* needing to verify the site, the *site* has to prove itself to the key. Good security these days is about human factors; we have to take the onus off of the user as… Continue reading On Security Tokens
This is clever: How the attack works: Attacker added tens of malicious servers to the Electrum wallet network. Users of legitimate Electrum wallets initiate a Bitcoin transaction. If the transaction reaches one of the malicious servers, these servers reply with an error message that urges users to download a wallet app update from a malicious website (GitHub repo).User clicks the… Continue reading New Attack Against Electrum Bitcoin Wallets
Attackers are targeting two-factor authentication systems: Attackers working on behalf of the Iranian government collected detailed information on targets and used that knowledge to write spear-phishing emails that were tailored to the targets’ level of operational security, researchers with security firm Certfa Lab said in a blog post. The emails contained a hidden image that alerted the attackers in real… Continue reading Real-Time Attacks Against Two-Factor Authentication
Stuart Schechter published a good primer on the security issues surrounding two-factor authentication. While it’s often an important security measure, it’s not a panacea. Stuart discusses the usability and security issues that you have to think about before deploying the system…. Continue reading Good Primer on Two-Factor Authentication Security