Articles about authentication

Container ship docked at port with crystal blue waters.

Container ship loading plans are 'easily hackable'

Security researchers have warned that it might be possible to destabilise a container ship by manipulating the vessel stowage plan or "Bay Plan". The issue stems from the absence of security in BAPLIE EDIFACT, a messaging system used to create ship loading and container stowage plans – for example which locations are occupied …
John Leyden, 20 Nov 2017
Image by beccarra http://www.shutterstock.com/gallery-1124891p1.html

Privacy Pass protocol promises private perusing

Boffins have harnessed privacy-preserving crypto to create a browser extension that allows users to authenticate to services without being tracked. The extension, Privacy Pass, offers people another way to authenticate themselves without having to repeatedly solve internet challenge-response tests like CAPTCHAs. Alex Davidson …
Rebecca Hill, 14 Nov 2017
password

How did someone hijack your Gmail? Phishing, keylogger or password reuse, we're guessing

Google has teamed up with computer scientists at the University of California, Berkeley, to find out how exactly hijackers take over its users' accounts. The eggheads peered into online black markets where people's login details are bought and sold to get an idea of the root cause of these account takeovers and the subsequent …
John Leyden, 10 Nov 2017

Sensitive client emails, usernames, passwords exposed in Deloitte hack

Deloitte, one of the world's "big four" accountancy firms, has fallen victim to a cyberattack that exposed sensitive emails to hackers. The IT security breach dates back to November 2016 but was only discovered in March this year, according to The Guardian, which broke the news in an exclusive on Monday. Deloitte has …
John Leyden, 25 Sep 2017
SmartThings hub and devices

Insteon and Wink home hubs appear to have a problem with encryption

Security researchers have discovered that two popular home automation systems are vulnerable to attacks. The Insteon Hub and Wink Hub 2 are designed to connect various home products and manage automation, and the flaws represent another entry in the growing catalogue of IoT security shortcomings. Rapid7 discovered two …
John Leyden, 25 Sep 2017

.UK domains left at risk of theft in Enom blunder

Updated Thousands of UK companies were at risk of having their .uk domain names stolen for more than four months by a critical security failure at domain registrar Enom. The security lapse allowed .uk domains to be transferred between Enom accounts with no verification, authorisation or logs. Any domains hijacked would have been “ …
John Leyden, 7 Sep 2017
Human iris. Photo by SHutterstock

The eyes have IT: TSB to roll out iris-scanning tech for mobile banking

TSB has announced plans to roll out iris-scanning technology for its mobile banking app from September. The move will make the UK high street bank the first in Europe to debut iris-scanning tech. TSB's iris recognition tech [source: TSB] Biometric authentication for banking, in general, has become commonplace over recent …
John Leyden, 20 Jul 2017
Big Ben and Underground sign. Pic: Crown copyright/MoD

UK Parliament hack: Really, a brute-force attack? Really?

Comment Just under 90 Parliamentary email accounts were compromised by a brute force attack on the parliamentary network over the weekend. And there is a long-established technology which can normally see off this kind of attack. Two factor authentication (2FA) technology has been ubiquitous among enterprises as an verification …
John Leyden, 26 Jun 2017
Data breach

Identity management outfit OneLogin sugar coats impact of attack

Identity management outfit OneLogin has revealed it's suffered a security incident that's seen “unauthorized access to OneLogin data in our US data region”, but has offered rather scarier information in different documents. The company blog describes only "unauthorized access". In emails sent to customers seen by The Reg the …

LastPass resolves UK connectivity blooper

Cloud-based password manager LastPass has resolved an issue that left Brits unable to reliably access the service between Tuesday and Thursday this week. In response to queries from El Reg, LastPass blamed the tricky glitch on connectivity issues, which it has been able to route around and fix. A spokesperson for LogMeIn, the …
John Leyden, 12 May 2017

Team Macron praised for feeding phishing spies duff info

Emmanuel Macron's campaign team reportedly used fake logins and docs to waste hacker resources and frustrate phishing attempts. Although the newly elected French president's campaign was still hacked before the release of emails and other information last Friday, Team Macron's interference tactics have been heralded by at …
John Leyden, 8 May 2017
Mobile banking, image via Shutterstock

Realistic Brits want at least 3 security steps on bank accounts

Three in five Brits reckon that fewer than three security steps – including passwords, card readers or letters from a memorable word – are insufficient to assure their bank account is secure and not accessible by other people. The online survey, conducted by YouGov and sponsored by credit reference agency Equifax, found just …
John Leyden, 8 May 2017

Half-baked security: Hackers can hijack your smart Aga oven 'with a text message'

Miscreants can remotely turn off and on posh Aga ovens via unauthenticated text messages, security researchers have warned. All the hijackers need is the phone numbers of the appliances. The vulnerable iTotal Control models of the upmarket cookers contain a SIM card and radio tech that connects to mobile phone networks. This …
John Leyden, 13 Apr 2017
Silhouette of spy discerning password from code uses a command on graphic user interface

Digital video recorder installers master password list 'leaked' – claims

Xiongmai, the vendor behind many Mirai-vulnerable DVRs, has earned the consternation of security watchers once again. The vendor's 2017 list of superuser passwords for certain DVRs – designed only for CCTV installers to access customer installations – appears to have leaked online. "If the creds are what we think they are, …
John Leyden, 11 Jan 2017
Couple in snorkelling gear at the travel agents... Comedy snap. Photo by Shutterstock

Travel booking systems ‘wide open’ to abuse – report

Updated Legacy travel booking systems disclose travellers’ private information, security researchers warn. Travel bookings worldwide are maintained in a handful of Global Distributed Systems (GDS) built around mainframe computers linked to the web but without adequate security controls, say the researchers. “The systems have since …
John Leyden, 4 Jan 2017

Crims turn to phishing-as-a-service to slash costs and max profits

Prefab phishing campaigns cost less to run and are twice as profitable as traditional phishing attacks, according to a new study by security vendor Imperva. Cybercriminals are lowering the cost and increasing the effectiveness of email phishing by buying complete packages of compromised servers and all the other components …
John Leyden, 7 Dec 2016
Mobile banking, image via Shutterstock

Visa cries foul over Euro regulator's stronger authentication demands

The EU banking regulator’s plans to reduce fraud by obliging the use of passwords, codes or a card reader to authenticate electronic payments above 10 euros have drawn fire from the payments industry. Visa and others argue that mandated authentication checks put forward by the European Banking Authority risk disrupting online …
John Leyden, 23 Nov 2016

True man-in-the-middle: Transmitting logins through the human body

Computer science researchers at the University of Washington are developing a technology to securely send data through the human body rather than wires or the air. Passwords sent over insecure networks are liable to sniffing. This well-understood problem is most easily mitigated against using VPN technology but now security …
John Leyden, 4 Oct 2016

Create a news alert about authentication, or find more stories about authentication.

Biting the hand that feeds IT © 1998–2017