maging not having to remember long complicated passwords anymore. Mastercard is challenging the password concept by introducing authenticating people using “selfies” aka taking pictures of your face to be used for facial recognition. Authentication can be something you know (password, etc.), something you have (special token, etc.) and something you are (finger print, face recognition, etc) so its interesting to see a commercialized use of something you are since most people are using to passwords. The original post from the telegraph.co.uk can be found HERE.
Mastercard has started rolling out a new technology that could allow customers to make purchases online by taking a selfie rather than entering a password. Continue reading →
Cisco Talos was in the news today for taking down a widely seen use of the malware known as Angler Exploit Kit (50% of computers infected where connecting to this source). The original news article from thestack.com can be found HERE and below. For details on what was done, see the Talos post HERE.
The data has been circulating in various online locations and was reposted here by someone who said it wasn’t immediately possible to confirm the authenticity of the data. Security researcher Troy Hunt has since downloaded the archive file, inspected its contents, and concluded that they almost certainly came from Patreon servers. He said the amount and type of data posted by the hackers suggest the breach was more extensive and potentially damaging to users than he previously assumed. Continue reading →
My buddy Aamir Lakhani and Keith Rayle wrote a funny post about research they did on decrypting Ashley Madison user passwords (original post found HERE). In summary, they took all the passwords that were released, decrypted the weak passwords and tallied up the top weak passwords used by Ashley Madison users. The results are pretty damn funny. Continue reading →
Cisco just announced the intent to acquire Portcullis, a security consultant firm based out of the UK. This would be the 2nd recent services play following the acquisition of Neohapsis earlier this year. More on this announcement can be found below and on the Cisco blog HERE. Continue reading →
I posted about the OPM breach a few weeks ago HERE and the resignation of the director Katherine Archuleta HERE. Well it looks like the original estimates of lost records from this breach were a few million off. The original post from the washingtonpost can be found HERE.
One of the scariest parts of the massive cybersecurity breaches at the Office of Personnel Management just got worse: The agency now says 5.6 million people’s fingerprints were stolen as part of the hacks. Continue reading →
The venturebeat.com posted about special characters that can crash your Google Chrome browser (original post found HERE). Have fun crashing your browser now … just copy http://a/%%30%30 and paste that into your browser, wait for it and CRASH. The image above is what you will see. Below is the post from venturebeat.com. Continue reading →
There has been a lot of recent news about the recent paper from Mandiant on a backdoor malware named SYNful Knock. Some headlines make it seem like this is a major day zero however here is the real story … its not a product vulnerability. See the Cisco blog post on this HERE and PSIRT announcement HERE regarding what is really vulnerable and how to handle it. Continue reading →