Google said today that it will begin offering users greater security protections for signing in to Gmail and other Google Apps offerings. This “two-step verification” process — which requires participating users to input a user ID, password and six-digit code sent to their mobile phones — effectively means Google will be offering more secure authentication than many U.S. financial institutions currently provide for their online banking customers.
Miscreants who control large groupings of hacked PCs or “botnets” are always looking for ways to better monetize their crime machines, and competition among rival exploit kit developers is leading to several ingenious new features. The SpyEye botnet kit, for example, now not only allows botnet owners to automate the extraction of credit card and other financial data from infected systems, but it also can be configured to use those credentials to gin up bogus sales at online stores set up by the botmaster.
A few weeks ago, I blogged about the financial troubles afflicting ePassporte, an online payment provider whose sudden disconnection from the Visa network left many account holders without access to millions of dollars. I became interested in ePassporte because it… Read More »
The “Stuxnet” computer worm made international headlines in July, when security experts discovered that it was designed to use a previously unknown security hole in Microsoft Windows computers to steal industrial secrets and potentially disrupt operations of critical information networks. But new information about the worm shows that it leverages at least three other previously unknown security holes in Windows PCs, including a vulnerability that Redmond fixed in a software patch released today.
Adobe Systems Inc. warned Monday that attackers are exploiting a previously unknown security hole in its Flash Player, Web multimedia software that is installed on nearly all desktop PCs worldwide.
A recent chat with an individual who was almost tricked into helping organized criminals launder thousands of dollars stolen through e-banking fraud introduced me to one of the most clever and convincing money mule recruitment Web sites I’ve ever encountered.… Read More »
Adobe warned today that hackers appear to be exploiting a previously unknown security hole in its PDF Reader and Acrobat programs. In an advisory published Wednesday, Adobe said a critical vulnerability exists in Acrobat and Reader versions 9.3.4 and earlier,… Read More »
Security vulnerability research firm Secunia has released a public beta of its Personal Software Inspector tool, a program designed to help Microsoft Windows users keep their heads above water with the torrent of security updates for third-party applications. The new beta version includes the promised auto-update feature that can automatically apply the latest patches for a growing number of widely-used programs.
Company owner Christopher Mallick broke the news to ePassporte customers in an e-mail sent Thursday, saying Visa International had suspended the company’s ePassporte Visa program, which is processed through St. Kitts Nevis Anguilla National Bank.
“Our dependence on all things cyber as a society is now inestimably irreversible and irreversibly inestimable.”
Yeah, I had to re-read that line a few times, too. Which is probably why I’ve put off posting a note here about the article from which the above quote was taken, a thought-provoking essay in the Harvard National Security Journal by Dan Geer, chief information security philosopher officer for In-Q-Tel, the not-for-profit venture capital arm of the Central Intelligence Agency.
