Technology

Vulnerability Undermines WordPress Two-Factor Plugins

The firm Duo Security* said that it has discovered a vulnerability that affects a range of two-factor authentication plugins for the WordPress content management platform. The vulnerability could allow a malicious insider to use credentials for one WordPress site to log into a different site that is part of a ‘multi-site’ WordPress deployment without needing to pass a multi-factor authentication test. In a blog post on Thursday, DUO co-founder and CTO Jon Oberheide said that the vulnerability was discovered as part of an internal review of DUO’s two factor WordPress plugin, but that researchers realized it affects at least two other multi-factor plugins. DUO issued a warning to users of its plugin. The company also reached out to WordPress and to the publishers of other multi factor authentication plugins to address the issue, Oberheide wrote. DUO makes multi-factor authentication technology that allows users to log-in using a combination of username, […]

Continue Reading

Internet of Dings: Verizon Shelves Home Automation Service

The news this week that search giant Google completed its acquisition of smart-home device maker NEST prompting at least one news outlet to proclaim that the “New Internet of Things Wave” has been set in motion. (Umm…new?) But there’s a cautionary note in the business headlines: news that Verizon shuttered its Verizon Home Monitoring service. Matt Hamblen over at Computerworld.com has the news and the confirmation from Verizon, which launched in 2012 and was designed to sink that company’s hooks deeper into wired homes. Verizon provided a common hardware platform for home automation and entertainment systems to plug into and talk to each other. Users could manage devices remotely from their computer, mobile device or from their televisions using FiOS TV. It comprised video surveillance, environmental control and physical security. In commercials, Verizon trumpeted it as the “ultimate 21st century green energy home control.” Verizon charged users $10 a month […]

Continue Reading

Facebook Joins In Tech Industry Demands For Surveillance Reform

Facebook on Tuesday reiterated calls for reform of laws pertaining to government surveillance practices in the U.S. and elsewhere. The company, in a blog post, urged governments to stop bulk collection of data and enact reforms to limit governments’ authority to collect users information to pertain to “individual users” for “lawful purposes.” The company also called for more oversight of national intelligence agencies such as the US National Security Agency, and more transparency about government requests for data. The blog post was authored by Facebook general counsel Colin Stretch. Facebook reiterated its calls for surveillance reform in recognition of “The Day We Fight Back,” a grass roots effort to use Tuesday, February 11th as a day to rally support for more civil liberties protections.   [Read more Security Ledger coverage of Facebook here.] The date is the one year anniversary of the suicide of Internet activist Aaron Swartz. Leading online […]

Continue Reading

Uncle Sam Makes Mobile, Medical Device Security a Priority in 2014

The U.S. Department of Health and Human Services (HHS) says that it will make the security of mobile devices containing personal health information and networked medical devices areas of intense scrutiny in 2014.   The security of a wide range of devices, from laptops and USB ‘jump drives’ to networked medical devices like dialysis machines and medication dispensing systems will be under review, according to a 2014 Work Plan issued by HHS’s Office of the Inspector General (OIG). (PDF) Among other projects, the  OIG will review hospitals’ plans to protect the loss of protected health information (PHI), as well as similar plans put in place by Medicare and Medicaid contractors in the next year.  OIG will also scrutinize security controls at hospitals that protect networked medical devices. OIG wants to determine if the controls in place are adequate to secure electronic protected health information stored on medical devices. Links between networked […]

Continue Reading

FTC Approves Settlement Over Leaky Surveillance Cam

The US Federal Trade Commission (FTC) announced on Friday that it has approved a settlement with TRENDnet, Inc. over lax security features in its line of SecurView cameras. The FTC said on Friday that it has approved a final order settling charges against the company, whose cameras were found to be poorly secured against external attackers, who could access them and use them to spy on the homes and private lives of hundreds of consumers. [See also: Apple Store Favorite IZON Cameras Riddled with Holes] The FTC complaint stems from a February, 2012 case in which independent security analysts with the web site Console Cowboys published details on how a firmware flaw allowed authentication for Internet-connected SecurView cameras to be bypassed, giving any Internet user (with the know-how) the ability to view the surveillance camera’s live feed. The Commission first announced a settlement with TRENDnet, a Torrance, California company, in September of […]

Continue Reading
1 45 46 47 48 49 64