Only 24 hours left to save $100 on TC Sessions: Enterprise 2019

Heads up all you enterprising enterprise software startuppers. You have only 24 hours before the price goes up on tickets to TC Sessions: Enterprise 2019. Save $100 and join us in San Francisco on September 5 — along with some of the industry’s top founders, CEOs, investors and technologists. Buy your early-bird ticket before 11:59 […] Continue reading Only 24 hours left to save $100 on TC Sessions: Enterprise 2019

What Is Your Bank’s Security Banking On?

A large number of banks, credit unions and other financial institutions just pushed customers onto new e-banking platforms that asked them to reset their account passwords by entering a username plus some other static identifier — such as the first six digits of their Social Security number, or a mix of partial SSN, date of birth or surname. Here’s a closer look at what may be going on (spoiler: small, regional banks and credit unions have grown far too reliant on the whims of just a few major online banking platform providers).

You might think it odd that any self-respecting financial institution would seek to authenticate customers via static data like partial SSN for passwords, and you’d be justified for thinking that, too. Nobody has any business using these static identifiers for authentication because it’s all for sale on most Americans quite easily and cheaply in the cybercrime underground. The Equifax breach might have “refreshed” some of those data stores for identity thieves, but most U.S. adults have had their static details on sale for years now.

On Feb. 16, KrebsOnSecurity reader Brent Hoeft shared a copy of an email he’d just received from his financial institution Associated Bank, which at $30+ billion in assets happens to be Wisconsin’s largest by asset size. Continue reading What Is Your Bank’s Security Banking On?

Why It’s Still A Bad Idea to Post or Trash Your Airline Boarding Pass

An October 2015 piece published here about the potential dangers of tossing out or posting online your airline boarding pass remains one of the most-read stories on this site. One reason may be that the advice remains timely and relevant: A talk recently given at a Czech security conference advances that research and offers several reminders of how being careless with your boarding pass could jeopardize your security or even cause trip disruptions down the road. Continue reading Why It’s Still A Bad Idea to Post or Trash Your Airline Boarding Pass

Student cybervandal earns $300,000 for hacking US Airlines

The student who formerly hacked a rival school is now getting $300,000 worth of air miles from United Airlines’ Bug Bounty Program. Continue reading Student cybervandal earns $300,000 for hacking US Airlines

United Airlines Sets Minimum Bar on Security

United Airlines has rolled out a series of updates to its Web site that the company claims will help beef up the security of customer accounts. But at first glance, the core changes — moving from a 4-digit PINs to password and requiring customers to pick five different security questions and answers — may seem like a security playbook copied from Yahoo.com, circa 2009. Here’s a closer look at what’s changed in how United authenticates customers, and hopefully a bit of insight into what the nation’s fourth-largest airline is trying to accomplish with its new system. Continue reading United Airlines Sets Minimum Bar on Security

2 Hackers Win Over 1 Million Air Miles each for Reporting Bugs in United Airlines

Two computer hackers have earned more than 1 Million frequent-flyer miles each from United Airlines for finding and reporting multiple security vulnerabilities in the Airline’s website.

Olivier Beg, a 19-year-old security researcher from the Netherlan… Continue reading 2 Hackers Win Over 1 Million Air Miles each for Reporting Bugs in United Airlines

19-year-old wins one million airmiles after finding United Airlines bugs

Vulnerability researcher Olivier Beg from Amsterdam has been handsomely rewarded with one million airmiles by United Airlines, after finding some 20 security holes in the company’s software.
As the Dutch Broadcast Foundation reports, the 19-year-old ha… Continue reading 19-year-old wins one million airmiles after finding United Airlines bugs