Recent Posts

Google’s Nest Labs Joins Race to Define Platform for the Internet of Things – NYTimes.com

The New York Time’s BITS blog has an interesting look at the companies that are gearing up to compete against Google in the home automation market.   Google has picked up its investment in so-called “smart home” technology, from the acquisition of Nest, the smart thermostat maker, and DropCam a maker of wireless cameras used for home monitoring and surveillance. The Times notes the entry of firms like Quirky, which has the backing of major retailers like Home Depot and manufacturers like General Electric, Honeywell and Philips. That company announced a new spin-off firm, Wink, that will focus on software. There’s also (of course) Apple, which last week announced HomeKit, a new platform for home automation products that leverages the company’s iOS mobile platform. For its part, Google and Nest have alliances with companies like Whirlpool, Jawbone and Mercedes-Benz. The company seems to be focusing on getting cool products to market that […]

Continue Reading

Researchers Sidestep Paypal Two-Factor Authentication

Researchers at DUO Security claim to have found a way of bypassing a two factor authentication feature that secures logins to Paypal.com, eBay’s online payment service. The vulnerability could allow an attacker who has stolen a Paypal customer’s user name and password to gain access to the account, even though the customer had enabled the more secure two-factor authentication option. DUO described the problem in a blog post early Wednesday. According to researcher Zach Lanier, Paypal has published an API (application program interface) for its Security Key two-factor authentication technology that contains a vulnerability that would allow even a non-technical hacker to bypass the second factor when accessing a Paypal customer’s account. An attacker only needs a victim’s PayPal username and password in order to access a two-factor protected account and send money. “The protection offered by the two-factor Security Key mechanism can be bypassed and essentially nullified,” the company wrote in […]

Continue Reading

Why I’m Not in a Hurry for a ‘Smart Home’ – WSJ

If you didn’t read it on Sunday, The Wall Street Journal sent columnist Christopher Mims to the home of SmartThings CEO Alex Hawkinson to get a tast of what ‘smart home’ living is like. Mims came away impressed – but also skeptical that the complexity of layering so much technology into our everyday routines is bound to have more bad outcomes than good ones. “Other than people who have very specific reasons to add automation to their homes, I have no idea why anyone would do it, even if the equipment were free…Even when smart-home technology works as advertised, the complexity it adds to everyday life outweighs any convenience it might provide,” he writes. As for the smart home ‘killer app,’ Mims quotes Hawkinson as saying that home security and monitoring seems to be the most promising application of smart home technology right now. Google’s acquisition of DropCam is just […]

Continue Reading

Reuters Readers Redirected In Ad Network Attack

An online ad network used by the web site of the Reuters news service was the victim of a malicious attack by the Syrian Electronic Army on Sunday. The Syrian Electronic Army claimed responsibility for a malicious ad attack that affected Reuters.com The attack, against the firm Taboola, resulted in visitors to Reuters.com being redirected to a web site operated by the Syrian Electronic Army, a pro- Syrian government group that has taken credit for attacks against The New York Times, The Washington Post, Reuters and other western news outlets in the last year. According to a post on Taboola’s blog, Attackers claiming affiliation with The Syrian Electronic Army (SEA) used a phishing attack to gain access to a Taboola-operated program on Reuters.com early Sunday. The attacker then redirected visitors to articles on Reuters.com to a SEA website.Taboola said it detected the breach at around 7:25 AM East Coast time […]

Continue Reading

This Week In Security: Android’s Security Woes

We’re at the end of another busy week in the security world – a week that saw everything from World Cup themed phishing attacks and, of course, more data breaches: at PF Changs, Domino’s Pizza and AT&T. Among the top stories this week were a number of warnings about attack on Google’s Android mobile device platform. FireEye and Google said they dismantled part of a mobile malware operation that stole online banking credentials from Android users via a malicious and stealthy app posing as Google Play. And a German researcher sounded alarms about Android mobile devices shipping from China that come with pre-loaded malicious software. To help make sense of all the Android badness, we invited  Zach Lanier. Zach’s been a frequent guest on Security Ledger Podcast. He’s a security researcher at DUO Security and – fittingly- one of the authors of The Android Hacker’s Handbook, published by Wiley. Zach and I talked about the […]

Continue Reading
1 321 322 323 324 325 396