Security Alerts & News
by Tymoteusz A. Góral

History
#1834 This low-cost device may be the world’s best hope against account takeovers
The past five years have witnessed a seemingly unending series of high-profile account take-overs. A growing consensus has emerged among security practitioners: even long, randomly generated passwords aren't sufficient for locking down e-mail and other types of online assets. According to the consensus, these assets need to be augmented with a second factor of authentication.

Now, a two-year study of more than 50,000 Google employees concludes that cryptographically based Security Keys beat out smartphones and most other forms of two-factor verification.

The Security Keys are based on Universal Second Factor, an open standard that's easy for end users to use and straightforward for engineers to stitch into hardware and websites. When plugged into a standard USB port, the keys provide a "cryptographic assertion" that's just about impossible for attackers to guess or phish. Accounts can require that cryptographic key in addition to a normal user password when users log in. Google, Dropbox, GitHub, and other sites have already implemented the standard into their platforms.
Read more
#1840 The 10 biggest security incidents of 2016
#1839 Updated Sundown exploit kit uses steganography
#1838 Android ransomware infects LG SmartTV
#1837 Ransomworm: the next level of cybersecurity nastiness
#1836 Chrome will soon mark some HTTP pages as 'non-secure'
#1835 Switcher: Android joins the ‘attack-the-router’ club
#1834 This low-cost device may be the world’s best hope against account takeovers
#1833 YubiKey for Windows Hello brings hardware-based 2FA to Windows 10
#1832 Security Keys: practical cryptographic second factors for the modern web (PDF)
#1831 Is Mirai really as black as it’s being painted?
#1830 The most dangerous people on the internet in 2016
#1829 Encrypted messaging app Signal uses Google to bypass censorship
#1828 Disclosing the primary email address for each Facebook user
#1827 Danger close: Fancy Bear tracking of Ukrainian field artillery units
#1826 New French law bars work email after hours
#1825 Changing other people's flight bookings is too easy
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12