Security news that informs and inspires

All Articles

2292 articles:

Decipher Podcast: Black Hat Preview

Decipher editors Dennis Fisher and Fahmida Rashid preview this year's Black Hat USA conference in the first episode of the podcast.

Podcast

Facebook Open Sources Fizz For TLS 1.3 Deployments

TLS 1.3 has been approved, and Facebook has open sourced Fizz, a TLS 1.3 library, to help developers and server operators deploy TLS 1.3 for their mobile apps, services, and appliances such as load balancers

Facebook, TLS

New Tool Enables Detection of Twitter Bots at Scale

Two researchers have developed a model that can detect bot accounts on Twitter at a massive scale and with a high degree of accuracy.

Twitter, Black Hat

Dennis Has Some Questions About…Passwords

People love to hate passwords and most of us aren't very good at creating and remembering them. But we still need them so here's how to create strong passwords.

Disclose.io Offers Security Researchers Safe Harbor

Disclose.io provides a clear legal framework to protect organizations and researchers engaged in vulnerability disclosure programs. The goal is to protect those engaged in good-faith security research from legal action.

Vulnerability Disclosure, Bug Bounty, Bugcrowd

Reddit Breach Illustrates Dangers of 2FA Over SMS

Reddit had two-factor authentication enabled on the employee accounts that was breached. The SMS-based method is susceptible to attacks, and Reddit learned that the hard way.

2fa

DHS to Protect Critical Infrastructure with National Risk Management Center

Homeland Security secretary Kirstjen Nielsen announced the creation of the National Risk Management Center to evaluate threats and defend US critical infrastructure. The center will initially focus on the energy, finance, and telecommunications sectors to start.

Government, Critical Infrastructure Security

Microsoft Adds Support for WebAuthn in Edge

Microsoft Edge now supports the Web Authentication API, allowing users to login to sites without needing a password.

Microsoft, Authentication

Data Breach Reports Spike After GDPR

GDPR mandates organizations self-report data breaches, and in the two months since the new privacy regulation went into effect, the number of reports have surged.

Data Breaches, Privacy, GDPR

Senators Question Law Enforcement Agencies on Use of Facial Recognition

Several senior senators have asked the heads of 39 federal law enforcement agencies to detail any and all use of facial recognition systems.

Biometrics, Facial Recognition

Errors and Ethical Questions Hit Facial Recognition Tools

A new study by the ACLU found Amazon's Rekognition software misidentified 28 members of Congress as people in arrest photos.

Biometrics

NetSpectre Highlights New Ways to Exploit Speculative Execution

NetSpectre is not an immediate threat: no known malware exists in the wild. The research is important because it deepens our understanding of microprocessor architecture and ways speculative execution can be abused.

Hardware, Spectre

Senator Asks NSA, DHS, NIST to End Government Use of Flash

Sen. Ron Wyden has sent a letter to the heads of the NSA, DHS, and NIST, asking them to mandate the elimination of Flash from government sites and computers.

Bluetooth Bug Lets Attackers Listen In

A flaw in the Bluetooth specification could let a nearby attacker intercept traffic between two paired devices.

Bluetooth Security

Dennis Has Some Questions About…2FA

Two-factor authentication is a vital part of many corporate security strategies, and is now offered by lots of consumer apps, as well. We wanted to see how much users know about it, so we asked one.

2fa