ZDNet |
Turn It On: How to enable two-factor authentication for over 100 websites
ZDNet As threat actors involved and phishing campaigns increase in complexity, there is more risk than ever of falling prey to a scammer and handing over sensitive data — or being infected with malware which logs your keystrokes. Therefore, it is important … |
Google targeted people’s growing digital insecurity at its I/O developer conference this week with a number of new products that aim to protect communications and improve authentication.
Project Vault is a new hardware device created by Google’s Advanced Technology and Products (ATAP) lab for people who need the absolute highest security for their communications. The device, which is packed in the form factor of a MicroSD card, is designed to provide encryption for sensitive data at rest, and allow end-to-end protection of streaming data (including streaming video) as well. The Vault card contains its own antenna, processor and operating system, which means that the device can authenticate directly with the Project Vault servers without requiring the use of other potentially insecure hardware.
To read this article in full or to leave a comment, please click here
Data integrity vendor Guardtime hopes its newly announced protocol will replace RSA for the purposes of authentication and digital signatures, touting it as easier to manage and less vulnerable to hacking.
Called BLT, the protocol name comes from the last initials of its inventors, Ahto Buldas, Risto Laanoja and Ahto Truu, just as RSA comes from the last initials of its inventors, Ron Rivest, Adi Shamir and Leonard Adleman.
Rather than relying on public and private keys (PKI) as RSA does, BLT is based on hash-function cryptography, which requires no keys and so requires no issuing, updating or revoking of keys. As a result, it can scale to cover exabytes (1018 bytes) with little overhead, says the company’s CEO Mike Gault. And there are no cryptographic secrets to be compromised.
To read this article in full or to leave a comment, please click here
JPMorgan Chase was among five banks that were reported to have been hacked earlier this year, and details have emerged on how the hack took place.
When news first broke in August, it was believed that a zero-day Web server exploit was used to break into the bank’s network. Now, however, The New York Times is reporting that the entry point was much more mundane: a JPMorgan employee had their credentials stolen.
This shouldn’t have been a problem. JPMorgan uses two-factor authentication, meaning that a password alone isn’t sufficient to log in to a system. Unfortunately, for an unknown reason one of the bank’s servers didn’t have this enabled. It allowed logging in with username and password alone, and this weak point in the bank’s defenses was sufficient for hackers to break in and access more than 90 other servers on the bank’s network.
Read 2 remaining paragraphs | Comments