Duo Labs researchers discovered that Apple was using serial numbers to authenticate devices with its Device Enrollment Program (DEP). If organizations treat DEP as a trust broker and assume DEP-registered devices are trusted, they expose themselves to a variety of risks, including rogue devices receiving internal network configuration settings.
Mark Loveless from Duo Labs goes on camera to show how he tested RFID-blocking gear such as sleeves, wallets, and purses. Which one gives you the most protection for your money?
With all the reports about criminals lifting information off credit cards, access cards, and even passports, does it make sense to buy one of those RFID-blocking sleeves and wallets? Duo Labs finds out in this Decipher report.
There is no point in worrying whether attackers can abuse account recovery to take control of your account, if the attacker can just bypass basic controls and access your account. Here is a list of recommended security settings for the 12 popular services we looked at.
Here are some recommendations for what we’d like to see online services do while monitoring their platform for account fraud. While some of them apply specifically to account recovery, but recommendations focus on improving overall account security.