Mobile

Paypal Disables Two Factor From Mobile

In the wake of a disclosure, yesterday, that a secure log-in feature was vulnerable to hacking, PayPal has suspended the ability of customers who elect to use the feature to log in to PayPal using the company’s mobile application. In a blog post on Wednesday, PayPal Director of Global Initiatives Anuj Nayar said that the company took the step of disabling mobile application log ins after the researcher, Zach Lanier of DUO Security, published his findings in a blog post yesterday. As reported by The Security Ledger, researcher Zach Lanier of DUO Labs discovered that a PayPal mobile API (application program interface) for its Security Key two-factor authentication technology contains a vulnerability that would allow even a non-technical hacker to bypass the second factor when accessing a Paypal customer’s account. The problem comes up when trying to access a Paypal account protected using two-factor authentication using a PayPal mobile application – […]

Continue Reading

Why I’m Not in a Hurry for a ‘Smart Home’ – WSJ

If you didn’t read it on Sunday, The Wall Street Journal sent columnist Christopher Mims to the home of SmartThings CEO Alex Hawkinson to get a tast of what ‘smart home’ living is like. Mims came away impressed – but also skeptical that the complexity of layering so much technology into our everyday routines is bound to have more bad outcomes than good ones. “Other than people who have very specific reasons to add automation to their homes, I have no idea why anyone would do it, even if the equipment were free…Even when smart-home technology works as advertised, the complexity it adds to everyday life outweighs any convenience it might provide,” he writes. As for the smart home ‘killer app,’ Mims quotes Hawkinson as saying that home security and monitoring seems to be the most promising application of smart home technology right now. Google’s acquisition of DropCam is just […]

Continue Reading

FTC Wants To Be Top Cop On Geolocation

The Federal Trade Commission (FTC) is asking Congress to make it the chief rule maker and enforcer of policies for the collection and sharing of geolocation information, according to testimony this week. Jessica Rich, Director of the FTC Bureau of Consumer Protection, told the Senate Judiciary Committee’s Subcommittee for Privacy, Technology that the Commission would like to see changes to the wording of the Location Privacy Protection Act of 2014 (LPPA), draft legislation designed to spell out consumer protections pertaining to the location data. Rich said that the FTC, as the U.S. Government’s leading privacy enforcement agency, should be given rule making and enforcement authority for the civil provisions of the LPPA. The current draft of the law instead gives that authority to the Department of Justice (DOJ).   The LPPA legislation (PDF) was proposed in March by Sen. Al Franken, and co-sponsored by Senators Coons (D-DE) and Warren (D-MA). It proposes updating the Electronic Communications […]

Continue Reading

Heart Attack? Fixes For More Critical Holes In OpenSSL

Just a month after a critical security hole in OpenSSL dubbed “Heartbleed” captured headlines around the globe, The OpenSSL Foundation has issued an other critical software update fixing six more security holes, two of them critical. The Foundation issued its update on Thursday, saying that current versions of OpenSSL contain vulnerabilities that could be used to carry out “man in the middle” (or MITM) attacks against OpenSSL clients and servers. SSL VPN (virtual private network) products are believed to be especially vulnerable. Users of OpenSSL versions 0.9.8, 1.0.0 and 1.0.1 are all advised to update immediately. According to information released by the OpenSSL Foundation, an attacker using a carefully crafted handshake can force the use of “weak keying material in OpenSSL SSL/TLS clients and servers.” That could lay the groundwork for man-in-the-middle attacks in which an attacker positions herself between a vulnerable client and server, decrypting and modifying traffic as it passes through the attacker’s […]

Continue Reading

Survey: Consumers Growing Wary of Information Sharing

A survey by the business information service Lexis Nexis finds that consumers have grown more wary of programs that ask them to share data in exchange for improved services or other offerings. Editor’s note: LexisNexis has clarified that its survey was released in August, 2013, not October, 2013. The story has been corrected to reflect that information. – Paul 6/4/2014 The survey of  2,072 consumers, aged 21 to 74, was conducted in October 2013 by LexisNexis Risk Solutions. It found consumers were more wary of sharing information online, including at social networking and online banking sites than they were three years earlier. “Consumers are less comfortable with information sharing than three years ago,” the survey concluded. The survey was released in concert with Telematics Detroit 2014, a conference focused on information systems used in vehicles. It was designed to measure consumers’ awareness of- and interest in so-called “use based insurance” (or UBI) – sometimes referred […]

Continue Reading
1 15 16 17 18 19 34