Get insights into how to assess security hardware, including experimentations in counterfeiting U2F authentication tokens, different weaknesses in the hardware components of encrypted USB keys and more.
Learn about the complexities of conducting security science and phishing tests - the psychological dynamics, validity of security usability studies, ethical issues, hallway testing and more.
Here’s Duo Labs’ analysis of the Anti Public Combo List, over 500 million usernames and passwords aggregated from a variety of breaches and password dumps.
How Secure is the Retail Industry’s Infrastructure Today? Duo Labs / Featured Article
Retailers and consumers can better secure payment data. Tactics like two-factor authentication and wireless payment technologies offer secure paths forward.
One of the most common questions the Duo Labs team got during their recent Reddit AMA was how they got their start in information security, and how aspiring security researchers can launch a career. Here, two of our senior Labs hackers share their stories.
The security research team at Duo Security, Duo Labs analyzed our dataset of Android phones to find out how many were vulnerable to the latest Android encryption bypass attacks, patched in the May 2016 update.
In this blog, we’ll discuss how many Android phones are affected by a critical QSEE vulnerability, according to our data, and what you can do to mitigate associated risks.
Recently, Duo Labs security researchers found a few sketchy certificates on a Dell Inspiron 14 laptop we purchased last week to conduct a larger research project. Read on for more about Superfish 2: eDellRoot Boogaloo.
Two weeks ago, we tasked Kyle from our Research and Development team with covering some common themes discussed at Black Hat and DEF CON. We want to bring these issues to both the security community that was in Vegas at the cons and those who kept an eye on the action from the outside.
Remote Access Trojans (RATs) have traditionally been known as tools that perform tasks such as installing additional malware or stealing files from an infected computer. They are often bundled with enticing software like free games or system utilities. RATs are nothing new, but their usage and related attack methods have changed recently in interesting ways.
> As has often been the case with old technology that stays in use in the modern era, several concrete hacks have been demonstrated against satellite communication technology.
Kyle Lady of Duo Labs covers talks about the human factor — from social engineering to human vulnerability scanning — at DEF CON and Black Hat 2015.
“Deep learning” was a phrase that came up many times during Black Hat. It seems to have quickly risen to relative prominence, and it certainly merits discussion: the broad field of machine learning often can be and is applied, and developments in the field have definite potential to help the security field make better sense of the data.
"D" is for Data; that's good enough for me! Here at Duo Labs, we’ve been busy slicing and dicing the usage data that we’ve collected over the years, so let's talk about what actual usage of 2FA looks like.
We developed a tool to convert Neustar's GeoPoint data to MaxMind's database format to effect efficient access without the need for an online RDBMS.