Security news that informs and inspires

All Articles

570 articles:

The Wide World of Cryptocurrency Crime

Cryptocurrency crime is expanding beyond ransomware to in-browser mining and nation-state attacks.

Cryptocurrency, Cryptomining

The Merger of Hacking and Disinformation

Hacking and disinformation have merged to become the favored methods of political parties, nations, and individual attackers.

‘Microsoft Was Freaking Out‘: An Oral History of the LØpht, Part 2

As the L0pht hacker group matured new members like Mudge and Dildog joined and the group began publishing security advisories on Microsoft Internet Explorer.

L0pht

Why We Can’t Have Nice Things (Only Secure Ones)

Technology promised to make things better, but we are getting far less than what we were promised. Add security into the mix, and things have gone terribly wrong in the usability department. We need to look at security as a process and consider the impact of all the steps; not be solely focused on individual steps.

CISO, 2 Factor Authentication

‘We Got to Be Cool About This‘: An Oral History of the LØpht, Part 1

Born from the Boston BBS scene of the 1980s, the L0pht emerged in the 1990s as one of the more influential hacker groups ever and helped spawn the security industry as we know it today.

L0pht

A Word From the Decipher Editors

Newcomers to information security frequently don't know where to begin, and industry veterans need information that goes beyond the initial news to understand the implications and impact.

Decipher

Ways Web Services Monitor User Accounts for Fraud

Here are some recommendations for what we’d like to see online services do while monitoring their platform for account fraud. While some of them apply specifically to account recovery, but recommendations focus on improving overall account security.

Labs Research, Account Security

How Popular Web Services Handle Account Recovery

An examination of 12 popular web services show distinct differences in how different providers implement account recovery. They all have different options, but Facebook and GitHub offers some of the best security options on the list.

Labs Research, Account Security

Guide to Securing Your Online Accounts

There is no point in worrying whether attackers can abuse account recovery to take control of your account, if the attacker can just bypass basic controls and access your account. Here is a list of recommended security settings for the 12 popular services we looked at.

Labs Research, Account Security

Are You Your Phone Number? Identity in Mobile Apps

We tend to think of phone numbers as part of our identity, and that impression is reinforced when we use our phone numbers to register for mobile apps. For many mobile apps, however, phone number is a handy username. We are still looking for a proper identifier in the mobile world.

Mobile, Authentication, Identity Proofing

Decipher: Security Without Fear

Decipher is designed to bring security news and information out of the dark and into the light.

Decipher

Two-Step Verification or Two Factor: 90% Don’t Use it to Protect Gmail

Less than 10 percent of active Google accounts use two-step verification (2SV) to secure access to their services, like Gmail. While experts commonly favor using two-factor authentication or password managers, these tools are virtually absent from the security posture of regular users.

2FA, Google

Phishing Campaign Targets U.S. Senators & Political Organizations

Pawn Storm (aka Fancy Bear) has been attempting to phish webmail accounts for many years now, targeting U.S. senators and political organizations across the world, according to a recent Trend Micro report.

Phishing, 2FA, Biometrics, MFA

Understanding Bluetooth Security

When it comes to Internet of Things (IoT) security research, you may run into roadblocks examining Bluetooth pairing and encryption between older devices and new ones - this blog post explains what you need to know to overcome them.

Labs Research, Bluetooth Security, IoT Security

Examining Personal Protection Devices: Hardware and Firmware Research Methodology in Action

In a technical paper released today, Duo Labs details research into two personal protection devices based on ARM Cortex M microcontrollers. These devices allow wearers to notify people of their well-being.

IoT Security, Personal Protection Devices