As perhaps you’ve heard by now, Microsoft will be ending support for Windows XP on Tuesday, April 8, 2014. Specifically, there will be “no new security updates, non-security hotfixes, free or paid assisted support options, or online technical content updates,” as a Windows Embedded blog stated in February.
As we wrote about in an earlier blog, WordPress Multisite vulnerability in two-factor authentication plugins, we discovered a vulnerability that affected our duo_wordpress plugin.
Following in the footsteps of Twitter, Linkedin, Facebook and Google, Tumblr has rolled out two-factor authentication for users of their micro-blogging platform to secure their logins.
> In February, Duo Security hosted another Duo Tech Talk featuring guest speaker Don Bailey, founding partner of Capitol Hill Consultants, LLC. Don presented on the security perspective of the Internet of Things (IoT).
Last week, I gave a talk at CanSecWest with Ben Nell of Accuvant Labs on some of our security research against the BlackBerry 10 mobile platform. Our presentation, No Apology Required: Deconstructing BB10, like our past BlackBerry PlayBook presentation, discussed some of the black-box style research we've conducted over the past year or so.
A sophisticated Google Docs and Drive phishing email has been reported by Symantec, as it appears to be very convincing - an email with the subject line “Documents,” with a link in the body to a Google login page.
A SecurityWatch blog, How Thieves Steal Your Bitcoins, details the variety of malware families (over 100 different types) targeting cryptocurrency exchanges and wallets - the majority of which aren’t technically sophisticated at all, as the article denotes.
> The latest 2013 Verizon Breach Report found that 76 percent of network intrusions exploited weak or stolen credentials, putting passwords squarely in the limelight.
Duo Security’s Security Evangelist Mark Stanislav presented on IP camera security at the 2014 RSA Conference in San Francisco a few weeks ago - in case you missed it, view our video recording!
The CanSecWest 2014 security conference in Vancouver is next week, and Duo Security will be presenting two separate talks, both on Wednesday, March 12th.
At BSides San Francisco this year just a few days prior to the 2014 RSA Conference, our Senior Security Researcher Zach Lanier and Mark Stanislav gave a talk on The Internet of Things: We've Got to Chat.
Will it ever be truly possible to kill the password? Who knows. But it doesn’t make a lot of sense to rely solely on a password for strong authentication security.
Here's a slideshow of the highlights of the RSA Conference, including several photos from the expo floor of creative vendors, our booth and spinner wheel, and photos from Security Evangelist Mark Stanislav's talk on IP camera security.
Another interesting keynote I attended during the 2014 RSA Conference in San Francisco was given by the Senior Vice President of HP Software Enterprise Security, Art Gilliland, entitled Stop Looking for the Silver Bullet: Start Thinking Like a Bad Guy.
Four out of five IT professionals feel pressured to roll out IT projects, despite concerns they were not security-ready. In addition, IT pros feel pressured to use technology that they feel pose the greatest security risks, including mobile and cloud applications.