Security Alerts & News
by Tymoteusz A. Góral

#1920 Now there’s a better way to prevent Facebook account takeovers
Facebook is enhancing its existing protection against account takeovers with cryptographically based security keys that can be used as a second factor of authentication, the social network is announcing today.

A handful of online services—including Google, Dropbox, GitHub, and Salesforce—already support security keys based on the open Universal 2nd Factor, or U2F, standard, created by the Fido Alliance. Now Facebook is offering them, too. The inexpensive devices, which plug into users' USB port, were recently shown to beat out smartphones and most other forms of two-factor verification in a two-year study of more than 50,000 Google employees. That assessment was based on the ease of using and deploying keys, the security they provided against phishing and other types of account-takeover attacks, and the lack of privacy trade-offs that accompany some other forms of two-factor authentication.
Read more
#1922 Ransomware app hosted in Google Play infects unsuspecting Android user
#1921 Breach notification website LeakedSource allegedly raided
#1920 Now there’s a better way to prevent Facebook account takeovers
#1919 Gmail will block JS attachments for security reasons starting February 13
#1918 XSS on WebEx domains undoes previous fixes to Cisco WebEx Chrome extension
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12