Security

Google joins FIDO's crusade to replace passwords

A group of tech companies looking to replace passwords for online identity authentication gained a powerful ally Tuesday in the form of Google.

The consortium, called the Fast IDentity Online Alliance (FIDO), is working to develop standards-based alternatives for verifying a user's identity when trying to login to Web sites and online accounts. Formed in 2012, the group proposes specifications that will support a variety of authentication technologies, including biometrics such as fingerprint scanners and voice and facial recognition, as well as security tokens, near field communication, and one-time passwords.

The Web giant joins founding members Lenovo, PayPal, Nok … Read more

Cyberattacks triple in 2012, Akamai says

Cyberwarfare incidences jumped sharply in 2012, Akamai said, with the number of distributed denial of service attacks more than tripling from the previous year.

Akamai, one of the world's largest globally distributed networks, said its customers reported being targeted by 768 DDoS attacks last year, more than three times as many as in 2011. The company's State of the Internet report released Tuesday also found that more than a third of those attacks targeted the commerce sector, while another 20 percent targeted enterprise customers.

"In many ways, DDoS has become the weapon of choice for multiple types … Read more

Security certificate problem trips up Bing Web site

A security certificate problem triggered warnings not to use Bing over a secure Web connection Friday, and Microsoft said an issue with network service provider Akamai is to blame.

Browsers displayed prominent error messages and warnings at about 9 a.m. PT when visiting https://bing.com.

The HTTPS standard governs how Web browsers and Web servers set up encrypted communications, for example so that others can't eavesdrop on network activity to find out what you're searching for, but valid and up-to-date security certificates are required for such communications.

"An attacker on your network could be trying … Read more

Boston bombings: How facial recognition can cut investigation time to seconds

After the Boston Marathon bombings, police in the city made a plea for people with cell phone video and pictures to turn over their footage, adding to the hours of surveillance video from nearby businesses. But what would normally take investigators hundreds of hours to review can now take minutes or even seconds, thanks to technology like facial recognition. The software, which can help pick a person out of crowd, looks for differentiating features -- from the shape of a mouth to the ridge on a nose to the distance between a pair of eyes.

3VR in San Francisco has … Read more

Top Wi-Fi routers easy to hack, says study

The Wi-Fi router you use to broadcast a private wireless Internet signal in your home or office is not only easy to hack, says a report released today, but the best way to protect yourself is out of your hands.

The report, written by research firm Independent Security Evaluators of Baltimore, found that 13 of the most popular off-the-shelf wireless routers could be exploited by a "moderately skilled adversary with LAN or WLAN access." It also concludes that your best bet for safer Wi-Fi depends on router vendors upping their game. All 13 routers evaluated can be taken … Read more

Microsoft rolling out two-factor authentication

There have been hints for the past week-plus -- courtesy of Liveside.net -- that Microsoft was poised to roll out two-factor authentication for its Microsoft Accounts. On April 17, Microsoft did just that.

The company is calling this security process "two-step verification." Microsoft is making available two-step verification across all products and services accessible via a Microsoft Account. This includes Windows, Windows Phone, Xbox, Outlook.com, SkyDrive, Office, and more. The rollout will be happening over the "next couple of days," according to the company.

(Microsoft Account is the new name for Microsoft's Live … Read more

Targeted cyberattacks jump 42 percent in 2012, Symantec says

Internet users are seeing less spam but more targeted attacks, according to security software company Symantec.

Looking at last year's security landscape, Symantec's Internet Security Threat Report 2013 found that traditional spam accounted for 69 percent of all e-mail in 2012, down from 75 percent in 2011. Yet, 30 billion spam messages are still sent on a daily basis.

Junk e-mails that hawk sex or dating products and services now account for 55 percent of all spam, taking the top spot away from pharmaceutical spam.

Malware is also part of one out of every 291 e-mail messages, with … Read more

Hacker celeb 'Mudge' joins Google after DARPA

Peiter "Mudge" Zatko, who was hired three years ago to be a project manager at the U.S. Department of Defense's research and development division known as the Defense Advanced Research Projects Agency, has announced via Twitter that he's returning to the private sector with Google.

In his new role at Google, The Security Ledger reports, Zatko will be working in an unspecified role with Motorola Mobility's Advanced Technology and Projects division, reporting to Regina Dugan. Dugan is also new to Google, hired last month away from her position as director of DARPA.

Given what … Read more

McAfee, NIST partner to boost U.S. cyberdefenses

Security firm McAfee is working with the National Institute of Standards and Technology to try to shore up America's defenses against cyberthreats.

McAfee announced today that the company is now part of the the National Cybersecurity Excellence Partnership and will join cybersecurity professionals from both the private and public sector to tackle the escalating problem of computer-based threats.

The partnership is part of the National Cybersecurity Center of Excellence, which is hosted by NIST in collaboration with the state of Maryland and Maryland's Montgomery County.

Launched in February 2012, the center has a particular slant toward sharing technology … Read more