The Weekly Ink #1
The Weekly Ink is a summary of the top security content of the week injected with our own pointed opinions, and will be posted to our blog...well, weekly.
Jon is the co-founder and CTO of Duo Security, responsible for leading product vision and the Duo Labs advanced research team. Before starting Duo, Jon was a self-loathing academic, completing his PhD at the University of Michigan in the realm of cloud security. In a prior life, Jon enjoyed offensive security research and generally hacking the planet. Jon was recently named to Forbes "30 under 30" list for his mobile security hijinks.
The Weekly Ink is a summary of the top security content of the week injected with our own pointed opinions, and will be posted to our blog...well, weekly.
The most severe of the handful of OpenSSL vulnerabilities patched in 1.0.1h can be exploited by a man-in-the-middle adversary to decrypt traffic between a vulnerable client and server.
> We recently discovered a vulnerability in our duo_wordpress plugin, employed by users to protect their WordPress blogs and sites with our two-factor authentication service.
We recently introduced two new features in our platform that give you finer-grained control over when your users are prompted for two-factor authentication.
X-Ray is Duo's mobile app that performs "vulnerability assessment" on Android devices. X-Ray can identify known, yet unpatched, vulnerabilities in the mobile platform itself that could be exploited.