Tag: Mobile

This Week In Security: Poking Holes In Two Factor Authentication

It was another busy week in the security world. There was big news on the legal front, as The U.S. Supreme Court took steps to protect the data stored on mobile devices from warrantless searches by police. (That’s good news.) But the week also plenty of concerning stories about the security of data stored on mobile phones, tablets and the like. One of the stories that gained a lot of attention was DUO Security’s report on a flaw in PayPal’s two factor authentication feature that could expose the accounts of  security-conscious PayPal users. As The Security Ledger reported, DUO researcher Zach Lanier discovered a flaw in mobile APIs published by PayPal that would allow anyone with a valid PayPal user name and password to sidestep two-factor authentication when accessing PayPal accounts that had that option enabled. After DUO went public with information on the flaw, PayPal disabled two factor authentication […]

Continue Reading

Paypal Disables Two Factor From Mobile

In the wake of a disclosure, yesterday, that a secure log-in feature was vulnerable to hacking, PayPal has suspended the ability of customers who elect to use the feature to log in to PayPal using the company’s mobile application. In a blog post on Wednesday, PayPal Director of Global Initiatives Anuj Nayar said that the company took the step of disabling mobile application log ins after the researcher, Zach Lanier of DUO Security, published his findings in a blog post yesterday. As reported by The Security Ledger, researcher Zach Lanier of DUO Labs discovered that a PayPal mobile API (application program interface) for its Security Key two-factor authentication technology contains a vulnerability that would allow even a non-technical hacker to bypass the second factor when accessing a Paypal customer’s account. The problem comes up when trying to access a Paypal account protected using two-factor authentication using a PayPal mobile application – […]

Continue Reading

Google’s Nest Labs Joins Race to Define Platform for the Internet of Things – NYTimes.com

The New York Time’s BITS blog has an interesting look at the companies that are gearing up to compete against Google in the home automation market.   Google has picked up its investment in so-called “smart home” technology, from the acquisition of Nest, the smart thermostat maker, and DropCam a maker of wireless cameras used for home monitoring and surveillance. The Times notes the entry of firms like Quirky, which has the backing of major retailers like Home Depot and manufacturers like General Electric, Honeywell and Philips. That company announced a new spin-off firm, Wink, that will focus on software. There’s also (of course) Apple, which last week announced HomeKit, a new platform for home automation products that leverages the company’s iOS mobile platform. For its part, Google and Nest have alliances with companies like Whirlpool, Jawbone and Mercedes-Benz. The company seems to be focusing on getting cool products to market that […]

Continue Reading

Researchers Sidestep Paypal Two-Factor Authentication

Researchers at DUO Security claim to have found a way of bypassing a two factor authentication feature that secures logins to Paypal.com, eBay’s online payment service. The vulnerability could allow an attacker who has stolen a Paypal customer’s user name and password to gain access to the account, even though the customer had enabled the more secure two-factor authentication option. DUO described the problem in a blog post early Wednesday. According to researcher Zach Lanier, Paypal has published an API (application program interface) for its Security Key two-factor authentication technology that contains a vulnerability that would allow even a non-technical hacker to bypass the second factor when accessing a Paypal customer’s account. An attacker only needs a victim’s PayPal username and password in order to access a two-factor protected account and send money. “The protection offered by the two-factor Security Key mechanism can be bypassed and essentially nullified,” the company wrote in […]

Continue Reading

FTC Wants To Be Top Cop On Geolocation

The Federal Trade Commission (FTC) is asking Congress to make it the chief rule maker and enforcer of policies for the collection and sharing of geolocation information, according to testimony this week. Jessica Rich, Director of the FTC Bureau of Consumer Protection, told the Senate Judiciary Committee’s Subcommittee for Privacy, Technology that the Commission would like to see changes to the wording of the Location Privacy Protection Act of 2014 (LPPA), draft legislation designed to spell out consumer protections pertaining to the location data. Rich said that the FTC, as the U.S. Government’s leading privacy enforcement agency, should be given rule making and enforcement authority for the civil provisions of the LPPA. The current draft of the law instead gives that authority to the Department of Justice (DOJ).   The LPPA legislation (PDF) was proposed in March by Sen. Al Franken, and co-sponsored by Senators Coons (D-DE) and Warren (D-MA). It proposes updating the Electronic Communications […]

Continue Reading
1 16 17 18 19 20 30