Authentication, Internet and Technology

The Internet is Held Together With Spit & Baling Wire

Krebs on Security

NOVEMBER 26, 2021

A visualization of the Internet made using network routing data. Imagine being able to disconnect or redirect Internet traffic destined for some of the world’s biggest companies — just by spoofing an email. Lumen Technologies Inc. Image: Barrett Lyon, opte.org. Based in Monroe, La.,

Internet

Internet Internet Authentication Telecommunications

MY TAKE: Businesses gravitate to ‘passwordless’ authentication — widespread consumer use up next

The Last Watchdog

MAY 24, 2022

Perhaps not coincidently, it comes at a time when enterprises have begun adopting passwordless authentication systems in mission-critical parts of their internal operations. Fortifications, such as multi-factor authentication (MFA) and password managers, proved to be mere speed bumps. Here are a few takeaways. Security + efficiency.

Authentication

Authentication Passwords Banking Digital transformation

Internet Voting in Puerto Rico

Schneier on Security

MARCH 24, 2020

Puerto Rico is considered allowing for Internet voting. Cybersecurity experts agree that under current technology, no practically proven method exists to securely, verifiably, or privately return voted materials over the internet. I have joined a group of security experts in a letter opposing the bill.

Internet

Internet Internet Technology Cybersecurity

Policy vs Technology

Schneier on Security

FEBRUARY 21, 2020

I teach cybersecurity policy and technology at the Harvard Kennedy School of Government. My most recent two books, Data and Goliath -- about surveillance -- and Click Here to Kill Everybody -- about IoT security -- are really about the policy implications of technology. Technology is inherently future focused.

Technology

Technology Encryption Surveillance Government

NEW TECH: Silverfort helps companies carry out smarter human and machine authentications

The Last Watchdog

MAY 26, 2020

Doing authentication well is vital for any company in the throes of digital transformation. Digital commerce would fly apart if businesses could not reliably affirm the identities of all humans and all machines, that is, computing instances, that are constantly connecting to each other across the Internet. We spoke at RSA 2020.

Authentication

Authentication Cloud Migration Accountability Digital transformation

You Don't Need to Burn off Your Fingertips (and Other Biometric Authentication Myths)

Troy Hunt

SEPTEMBER 9, 2021

As technology has evolved, fingers (and palms and irises and faces) have increasingly been used as a means of biometric authentication. Only one of those requires physical presence with the rest enabling any kid anywhere in the world with an internet connection to grab troves of them with ease. That is all.

Authentication

Authentication Passwords Data breaches Risk

Hacked IoT Devices Livestreaming Swatting Attacks: FBI

Adam Levin

DECEMBER 30, 2020

Hackers are using internet-connected home devices to livestream “swatting” attacks, according to the FBI. Offenders often use spoofing technology to anonymize their own phone numbers to make it appear to first responders as if the emergency call is coming from the victim’s phone number.”.

IoT

IoT Hacking Internet Internet

MY TAKE: Can Matter 1.0 springboard us from truly smart homes to the Internet of Everything?

The Last Watchdog

NOVEMBER 14, 2022

The technology industry hopes that Matter arises as the lingua franca for the Internet of Things. Matter seeks to achieve this right out of the gate by leveraging and extending the public key infrastructure (PKI) — the tried-and-true authentication and encryption framework that underpins the legacy Internet.

Internet

Internet Internet IoT Manufacturing

Ubiquiti: Change Your Password, Enable 2FA

Krebs on Security

JANUARY 11, 2021

Ubiquiti , a major vendor of cloud-enabled Internet of Things (IoT) devices such as routers, network video recorders, security cameras and access control systems, is urging customers to change their passwords and enable multi-factor authentication. In an email sent to customers today, Ubiquiti Inc.

Passwords

Passwords Authentication Firmware Accountability

GCHQ on Quantum Key Distribution

Schneier on Security

AUGUST 1, 2018

Ubiquitous on-demand modern services (such as verifying identities and data integrity, establishing network sessions, providing access control, and automatic software updates) rely more on authentication and integrity mechanisms -- such as digital signatures -- than on encryption.

Big data

Big data Encryption Authentication IoT

Inrupt, Tim Berners-Lee's Solid, and Me

Schneier on Security

FEBRUARY 21, 2020

And for maybe half a decade, I have been talking about the world-sized robot that is the Internet of Things, and how digital security is now a matter of public safety. Your data is no longer in a bazillion places on the Internet, controlled by you-have-no-idea-who. Solid is one of those technologies. It's yours.

IoT

IoT Internet Internet Technology

MY TAKE: The role of semiconductors in bringing the ‘Internet of Everything’ into full fruition

The Last Watchdog

DECEMBER 11, 2022

The Internet of Everything ( IoE ) is on the near horizon. For instance, very visibly over the past decade, Internet of Things ( IoT ) computing devices and sensors have become embedded everywhere. For instance, very visibly over the past decade, Internet of Things ( IoT ) computing devices and sensors have become embedded everywhere.

Internet

Internet Internet Energy and Utilities IoT

Brilliant Advice From Abraham Lincoln About Internet News Reports

Joseph Steinberg

JUNE 30, 2022

Since then, I have seen many Internet memes circulate that appear to convey a similar message. Such a policy is also wise, if not overly generous, with regard to information obtained via the Internet, as there is never 100% certainty as to who crafted a particular piece of data or whether its sources are accurate.

Internet

Internet Internet Artificial Intelligence Marketing

MY TAKE: How decentralizing IoT could help save the planet — by driving decarbonization

The Last Watchdog

DECEMBER 17, 2023

The Internet of Things ( IoT ) is on the threshold of ascending to become the Internet of Everything ( IoE.) Yet IoE, at this nascent stage, holds much promise to tilt us towards a utopia where technology helps to resolve our planet’s most intractable problems. Very well said! I’ll keep watch and keep reporting.

IoT

IoT Internet Internet Technology

Sendgrid Under Siege from Hacked Accounts

Krebs on Security

AUGUST 28, 2020

Sendgrid’s parent company Twilio says it is working on a plan to require multi-factor authentication for all of its customers, but that solution may not come fast enough for organizations having trouble dealing with the fallout in the meantime. Image: Wikipedia. ”

Accountability

Accountability Hacking Authentication Marketing

NEW TECH: DigiCert Document Signing Manager leverages PKI to advance electronic signatures

The Last Watchdog

JULY 21, 2021

Related: Why PKI will endure as the Internet’s secure core. And PKI , of course, is the behind-the-scenes authentication and encryption framework on which the Internet is built. Most of us, by now, take electronic signatures for granted. Yet electronic signatures do have their security limitations.

Computers and Electronics

Computers and Electronics Authentication Digital transformation Internet

Nearly a Million Kubernetes Instances Exposed on Internet

eSecurity Planet

JUNE 29, 2022

Cybersecurity researchers have found more than 900,000 instances of Kubernetes consoles exposed on the internet. The term “K8s” or “K-eights” is also used to refer to this technology. The post Nearly a Million Kubernetes Instances Exposed on Internet appeared first on eSecurityPlanet.

Internet

Internet Internet Risk Passwords

Your Phone May Soon Replace Many of Your Passwords

Krebs on Security

MAY 7, 2022

Apple , Google and Microsoft announced this week they will soon support an approach to authentication that avoids passwords altogether, and instead requires users to merely unlock their smartphones to sign in to websites or online services. “I worry about forgotten password recovery for cloud accounts.”

Passwords

Passwords Authentication Accountability Mobile

Google Authenticator now supports Google Account synchronization

Google Security

APRIL 24, 2023

Christiaan Brand, Group Product Manager We are excited to announce an update to Google Authenticator , across both iOS and Android, which adds the ability to safely backup your one-time codes (also known as one-time passwords or OTPs) to your Google Account. Making technology for everyone means protecting everyone who uses it.

Authentication

Authentication Accountability Password Management Passwords

MY TAKE: ‘Digital trust’ has a huge role to play mitigating cybersecurity threats, going forward

The Last Watchdog

MAY 23, 2022

They require integrity, authentication, trusted identity and encryption. Then the Internet took off and trusting the connection between a user’s device and a web server became of paramount importance. I had the chance to talk about DigiCert’s perspective with Jason Sabin, DigiCert’s Chief Technology Officer. Trust under siege.

Digital transformation

Digital transformation Cybersecurity Computers and Electronics Encryption

“Secure Workloads” – So, what does this cybersecurity catchphrase actually mean?

Joseph Steinberg

MARCH 14, 2022

Workloads (and portions thereof) regularly move across not only the internal organization, but over the Internet, and through one or more third-party cloud environments; there simply is no physical perimeter. Today, however, cloud computing has totally transformed the situation. In short, why are secure workloads important?

Cybersecurity

Cybersecurity Artificial Intelligence Encryption Technology

Local Networks Go Global When Domain Names Collide

Krebs on Security

AUGUST 23, 2024

The proliferation of new top-level domains (TLDs) has exacerbated a well-known security weakness: Many organizations set up their internal Microsoft authentication systems years ago using domain names in TLDs that didn’t exist at the time. SSL/TLS certs). ” Caturegli said setting up an email server record for memrtcc.ad

DNS

DNS Internet Internet Authentication

GUEST ESSAY: Restore Us Institute (RUI) aims to protect Americans from online harms and crimes

The Last Watchdog

OCTOBER 3, 2022

How did America and Americans regress to being much less secure than before the Internet? Everyone knows the many amazing conveniences, benefits, and advances the Internet has enabled. The internet was designed that way.” A recent Council on Foreign Relations report confronts this irrational Internet utopianism. “

Internet

Internet Internet Government Technology

Smartphone Election in Washington State

Schneier on Security

JANUARY 27, 2020

This year : King County voters will be able to use their name and birthdate to log in to a Web portal through the Internet browser on their phones, says Bryan Finney, the CEO of Democracy Live, the Seattle-based voting company providing the technology. A centralized printout of a received Internet message is not voter verifiable.

Internet

Internet Internet Technology Authentication

P2P Weakness Exposes Millions of IoT Devices

Krebs on Security

APRIL 26, 2019

A peer-to-peer (P2P) communications technology built into millions of security cameras and other consumer electronics includes several critical security flaws that expose the devices to eavesdropping, credential theft and remote compromise, new research has found. A Webcam made by HiChip that includes the iLnkP2P software.

IoT

IoT Firewall Manufacturing Computers and Electronics

10 Behaviors That Will Reduce Your Risk Online

Daniel Miessler

MAY 14, 2020

In that piece I wanted to link to some safe internet practices—which some used to call Safe Hex—but I couldn’t find anything newer than nine years old. Turn on automatic updates, install updates from the operating system when you’re asked to, and make a regular habit of updating everything in your technology ecosystem.

Risk

Risk Password Management Passwords Accountability

GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services

Krebs on Security

NOVEMBER 21, 2020

NiceHash founder Matjaz Skorjanc said the unauthorized changes were made from an Internet address at GoDaddy, and that the attackers tried to use their access to its incoming NiceHash emails to perform password resets on various third-party services, including Slack and Github.

Cryptocurrency

Cryptocurrency VPN Scams Social Engineering

GUEST ESSAY: NewsCorp hack shows cyber espionage, squelching of press freedom on the rise

The Last Watchdog

APRIL 5, 2022

China has enclosed its national internet servers within what is colloquially called ‘the Great Firewall.’ If your staff can log on to the internet to access their emails, so can an attacker. MFA can be challenging to implement for some organizations from a technology or cost perspective or due to user pushback.

Hacking

Hacking Passwords Internet Internet

RSAC Fireside Chat: A breakthrough in securing cloud collaboration — decentralized key storage

The Last Watchdog

JUNE 7, 2023

Related: A call to regulate facial recognition This was an early example of multifactor authentication (MFA). Guest expert: Phani Nagarjuna, CEO, Circle Security According to Nagarjuna, Circle’s technology places a small agent on the endpoint device. Access to cloud-stored files can then be shared widely.

Authentication

Authentication Encryption Passwords Internet

RSAC insights: Malware is now spreading via weaponized files circulating in data lakes, file shares

The Last Watchdog

JUNE 3, 2022

At RSA Conference 2022 , which takes place next week in San Francisco, advanced technologies to help companies implement zero trust principals will be in the spotlight. Lots of innovation has come down the pike with respect to imbuing zero trust into two pillars of security operations: connectivity and authentication.

Unstructured Data

Unstructured Data Malware Digital transformation Authentication

GUEST ESSAY: Securely managing access controls is vital to preserving the privacy of healthcare data

The Last Watchdog

NOVEMBER 8, 2021

M&A invariably creates technology gaps that bad actor’s prey upon. Healthcare organizations are taking advantage of the many benefits of cloud and SaaS, accessing apps and data over the Internet. Patient data exposures. Healthcare data security and privacy is a problem that continues to grow.

Healthcare

Healthcare Technology Architecture IoT

How 1-Time Passcodes Became a Corporate Liability

Krebs on Security

AUGUST 30, 2022

Phishers are enjoying remarkable success using text messages to steal remote access credentials and one-time passcodes from employees at some of the world’s largest technology companies and customer support firms. Those who submitted credentials were then prompted to provide the one-time password needed for multi-factor authentication.

Mobile

Mobile Phishing Authentication Accountability

MY TAKE: New tech standards, like ‘Matter’ and ‘BIMI,’ point the way to secure interoperability

The Last Watchdog

NOVEMBER 12, 2023

Matter works much the way website authentication and website traffic encryption gets executed. The hope is that Matter gives rise to an emerging technology ecosystem in which interoperability deepens not just in smart homes, but across multiple interconnected systems. It can be cumbersome to set up and so adoption has been sluggish.

Manufacturing

Manufacturing Authentication Marketing Encryption

Robocall Legal Advocate Leaks Customer Data

Krebs on Security

AUGUST 3, 2020

The Blacklist Alliance provides technologies and services to marketing firms concerned about lawsuits under the Telephone Consumer Protection Act (TCPA), a 1991 law that restricts the making of telemarketing calls through the use of automatic telephone dialing systems and artificial or prerecorded voice messages. .”

Mobile

Mobile Marketing Consumer Protection Wireless

FIRESIDE CHAT: New automated tools, practices ascend to help companies wrangle PKI

The Last Watchdog

FEBRUARY 8, 2023

Related: Why the ‘Matter’ standard matters Companies have long relied on PKI to deploy and manage the digital certificates and cryptographic keys that authenticate and protect just about every sensitive digital connection you can name. and a Series A of $19 million led by StepStone Group.

Encryption

Encryption Authentication Internet Internet

MY TAKE: A few reasons to believe RSAC 2023’s ‘stronger together’ theme is gaining traction

The Last Watchdog

APRIL 30, 2023

Multi-factor authentication ( MFA ) has raised the bar, but MFA alone is not enough to slow, much less stop, moderately-skilled bad actors. about the role of advanced wearable authentication devices, going forward. Acohido is dedicated to fostering public awareness about how to make the Internet as

Mobile

Mobile Cloud Migration Penetration Testing Authentication

Hackers Gaining Power of Subpoena Via Fake “Emergency Data Requests”

Krebs on Security

MARCH 29, 2022

There is a terrifying and highly effective “method” that criminal hackers are now using to harvest sensitive customer data from Internet service providers, phone companies and social media firms. The document requested the Internet address history of Discord accounts tied to a specific phone number used by the target.

Accountability

Accountability Government Hacking Social Engineering

A Deep Dive on the Recent Widespread DNS Hijacking Attacks

Krebs on Security

FEBRUARY 18, 2019

This post seeks to document the extent of those attacks, and traces the origins of this overwhelmingly successful cyber espionage campaign back to a cascading series of breaches at key Internet infrastructure providers. federal civilian agencies to secure the login credentials for their Internet domain records. That changed on Jan.

DNS

DNS Internet Internet Government

GUEST ESSAY: Leveraging ‘zero trust’ and ‘remote access’ strategies to mitigate ransomware risks

The Last Watchdog

MAY 5, 2022

As an enterprise security team, you could restrict internet access at your egress points, but this doesn’t do much when the workforce is remote. Enable multi-factor authentication (MFA) to access your applications and services, especially for admin access to platforms and backend systems. Food for thought, eh!

Ransomware

Ransomware Risk Internet Internet

News alert: Badge expands availability of ‘Enroll Once and Authenticate on Any Device’ software

The Last Watchdog

MARCH 7, 2024

The new Badge Partner Program further accelerates the adoption and integration of Badge’s privacy-preserving authentication, enabling even more users to benefit from seamless MFA experiences across any device or application without storing user secrets or private keys. “We

Authentication

Authentication Software Digital transformation Marketing

Last Watchdog’s IoT and ‘zero trust’ coverage win MVP awards from Information Management Today

The Last Watchdog

DECEMBER 5, 2019

My primer on the going forward privacy and security implications of IoT — What Everyone Should Know About the Promise and Pitfalls of the Internet of Things — won second place in the contest’s IoT Security category. So keep reading and sharing. And thanks for your support.

IoT

IoT Cyber Risk Internet Internet

RSAC insights: ‘CAASM’ tools and practices get into the nitty gritty of closing network security gaps

The Last Watchdog

JUNE 6, 2022

Both the technology and the teams responsible for specific cyber assets tend to operate in silos. And cloud-hosted, data analytics technology is now readily available to ask smart questions about network security, at scale, and get actionable answers. The technology to do this at scale and in a timely manner are at hand.

Network Security

Network Security Cloud Migration Digital transformation Technology

SHARED INTEL: Automating PKI certificate management alleviates outages caused by boom

The Last Watchdog

OCTOBER 26, 2021

PKI and digital certificates were pivotal in the formation of the commercial Internet, maturing in parallel with ecommerce. PKI touches nearly every aspect of our connected technologies. This is how we authenticate human and machine identities and move encrypted data between endpoints. Certificate confusion.

Digital transformation

Digital transformation eCommerce Internet Internet

GUEST ESSAY: The case for leveraging hardware to shore up security — via a co-processor

The Last Watchdog

MARCH 31, 2022

The vulnerabilities of internet security, once mostly a nuisance, have become dangerous and costly. Second, the design of security solutions struggled to scale up properly or adapt to the technological changes in the industry, especially in disaggregated compute networks. Thus, secure implementations are critical. About the essayist.

Artificial Intelligence

Artificial Intelligence Threat Detection Engineering Software

The Internet is Held Together With Spit & Baling Wire

MY TAKE: Businesses gravitate to ‘passwordless’ authentication — widespread consumer use up next

Trending Sources

Internet Voting in Puerto Rico

Policy vs Technology

NEW TECH: Silverfort helps companies carry out smarter human and machine authentications

You Don't Need to Burn off Your Fingertips (and Other Biometric Authentication Myths)

Hacked IoT Devices Livestreaming Swatting Attacks: FBI

MY TAKE: Can Matter 1.0 springboard us from truly smart homes to the Internet of Everything?

Ubiquiti: Change Your Password, Enable 2FA

GCHQ on Quantum Key Distribution

Inrupt, Tim Berners-Lee's Solid, and Me

MY TAKE: The role of semiconductors in bringing the ‘Internet of Everything’ into full fruition

Brilliant Advice From Abraham Lincoln About Internet News Reports

MY TAKE: How decentralizing IoT could help save the planet — by driving decarbonization

Sendgrid Under Siege from Hacked Accounts

NEW TECH: DigiCert Document Signing Manager leverages PKI to advance electronic signatures

Nearly a Million Kubernetes Instances Exposed on Internet

Your Phone May Soon Replace Many of Your Passwords

Google Authenticator now supports Google Account synchronization

MY TAKE: ‘Digital trust’ has a huge role to play mitigating cybersecurity threats, going forward

“Secure Workloads” – So, what does this cybersecurity catchphrase actually mean?

Local Networks Go Global When Domain Names Collide

GUEST ESSAY: Restore Us Institute (RUI) aims to protect Americans from online harms and crimes

Smartphone Election in Washington State

P2P Weakness Exposes Millions of IoT Devices

10 Behaviors That Will Reduce Your Risk Online

GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services

GUEST ESSAY: NewsCorp hack shows cyber espionage, squelching of press freedom on the rise

RSAC Fireside Chat: A breakthrough in securing cloud collaboration — decentralized key storage

RSAC insights: Malware is now spreading via weaponized files circulating in data lakes, file shares

GUEST ESSAY: Securely managing access controls is vital to preserving the privacy of healthcare data

How 1-Time Passcodes Became a Corporate Liability

MY TAKE: New tech standards, like ‘Matter’ and ‘BIMI,’ point the way to secure interoperability

Robocall Legal Advocate Leaks Customer Data

FIRESIDE CHAT: New automated tools, practices ascend to help companies wrangle PKI

MY TAKE: A few reasons to believe RSAC 2023’s ‘stronger together’ theme is gaining traction

Hackers Gaining Power of Subpoena Via Fake “Emergency Data Requests”

A Deep Dive on the Recent Widespread DNS Hijacking Attacks

GUEST ESSAY: Leveraging ‘zero trust’ and ‘remote access’ strategies to mitigate ransomware risks

News alert: Badge expands availability of ‘Enroll Once and Authenticate on Any Device’ software

Last Watchdog’s IoT and ‘zero trust’ coverage win MVP awards from Information Management Today

RSAC insights: ‘CAASM’ tools and practices get into the nitty gritty of closing network security gaps

SHARED INTEL: Automating PKI certificate management alleviates outages caused by boom

GUEST ESSAY: The case for leveraging hardware to shore up security — via a co-processor

Stay Connected