mobile devices

Customer Support A Weak Link In Two Factor | Ars Technica

Ars Technica has an interesting write-up on an apparently successful compromise of Google’s two-factor authentication technology. Though in this case, the culprit wasn’t any system Google deployed or managed, but a gullible customer support representative working for the victim’s cell phone carrier. According to this post over at Facebook-for-hipsters site Ello.co, Grant Blakeman woke up on a recent Saturday morning to find that his Google account had been hijacked – despite the fact that he used Google’s two-factor authentication to protect access to the account. How? Blakeman enlisted the help of none-other than Mat Honan, whose own struggles with account hijacking became the subject of a much-cited Wired feature article. As with Honan, Blakeman’s valuable three-character Instagram account, @gb, appears to have been the lure for hackers. (Honan’s @mat Twitter account was what lured his attackers.) Read “Researchers sidestep Paypal Two-Factor Authentication.” After a conversation with Honan, Blakeman contacted his cell provider and […]

Continue Reading

New York City Phone Booths Add Beacons, Stoke Controversy

The web site Buzzfeed has a scoop today about a stealthy deployment of beacon technology in Manhattan that has some privacy experts concerned. According to the exclusive report, by Buzzfeed’s Joseph Bernstein and Jeremy Singer-Vine, Titan a media company that sells ad space in more than 5,000 phone kiosk panels in New York City’s five boroughs, has installed about 500 beacons on its ad panels. The company went forward with the deployment with the blessing of New York City’s Department of Information Technology and Telecommunications (DoITT), but without any public input, Buzzfeed reported. Beacons are wireless devices that interact with mobile phones and other portable electronics. They’re used to provide location-specific data and interactions, such as advertisements linked to nearby businesses or to track the movements of an individual within a defined space (such as a show floor). In the case of the phone booth beacons, Titan and Sbordone, the company that provides the display […]

Continue Reading

3G Module Just 26mm Wide OK’d by AT&T| ITworld

Steve Lawson at IDG News Service has an interesting article that notes AT&T’s certification of the U-blox SARA-U260 model, which is dubbed “the world’s smallest 3G module.” The 16 x 26 millimeter device is seen as a harbinger of the kind of low power device that will greatly expand the Internet of Things.   The SARA-U260 is designed to transmit small amounts of data over 3G networks and could enable a new generation of even smaller and smarter devices – from Smartmeters to wearable technology to connected cars. The U260 has features that support applications from voice calling to auto industry telematics to retail point-of-sale terminals and handheld devices, according to U-blox. It uses A-GPS (Assisted Global Positioning System) and a technology called CellLocate that uses nearby cellular towers to triangulate a location in situations where GPS isn’t available. 3G and 2G networks are being replaced by 4G and even 5G networks for most consumer smart phones. But the technology still works great […]

Continue Reading

Infographic: Possible Attacks on The Internet of Things

The folks over at Trend Micro have put together a nice infographic that reminds us that all those smart devices connected to the Internet communicate through some well worn channels, namely: standard communications protocols like Wi-Fi, Ethernet and Bluetooth that connect devices to each other and the global Internet, as well as HTTP that are used to transmit data to and from cloud based resources like management interfaces. Of course those standard protocols also leave IoT devices vulnerable to a wide range of commodity attacks: from brute force password cracking on web based management consoles to Man in the Middle attacks that can sniff out authentication credentials and hijack sessions. Trend’s infographic does a good job of depicting the various layers in the IoT stack and some of the likely attack vectors for each layer. It also gives advice on how to protect yourself (use encryption, patch software vulnerabilities, disable unused ports). Nothing ground breaking […]

Continue Reading

Online Authentication Group FIDO Alliance Grabs A Big Bone: Alibaba

The FIDO Alliance, an up-and-coming industry consortium aimed at simplifying online identity and doing away with passwords added IPO darling Alibaba to its Board of Directors, according to a statement on Tuesday. The FIDO (or “Fast IDentity Online”) Alliance announced that Alibaba Group’s payments business, Alipay will be among the first to deploy FIDO technology for secure payments authentication. On September 17, the company announced that it will use Nok Nok Labs’ FIDO-compliant  NNL™ S3 Authentication Suite to enable secure online payments via the Fingerprint Sensor (FPS) technology on the Samsung Galaxy S5. Alipay customers will be able to make payments and transfers using Alipay’s mobile application, Alipay Wallet by applying their fingerprint to the Galxy’s fingerprint sensor. “We look forward to participating on the FIDO Alliance board, and assuring that commerce and authentication are uniquely cooperative and seamlessly compatible,” said Ni Liang, Alibaba group, senior director, department of security, in a statement. Mobile payments […]

Continue Reading
1 9 10 11 12 13 29