Facebook waited until the Mueller report dropped to tell us millions of Instagram passwords were exposed

Facebook waited until the Mueller report dropped to tell us millions of Instagram passwords were exposed

While just about every reporter was poring over the document, Facebook updated a blog post from March indicating that passwords had been exposed, stored as readable text (as opposed to securely encrypted), for hundreds of millions of Facebook users and thousands of Instagram users.

Controversial Wikileaks Founder Julian Assange has been Arrested in London

Controversial Wikileaks Founder Julian Assange has been Arrested in London

If organizations like Wikileaks are ultimately destroyed, we run the risk of having stolen data being posted unredacted and to untrustworthy sources, increasing the collateral damage of such information.

Google will now let you use your Android phone as a physical security key

Google will now let you use your Android phone as a physical security key

To make your Android phone your security key, you’ll just need to connect your phone through Bluetooth to a Chrome browser to verify logins. Other Android 7 and higher devices can still be used as two-factor authentication methods, but they’ll be required to sign in and tap a button.

Whatsapp to Launch Biometric Authentication in Latest Update

Whatsapp to Launch Biometric Authentication in Latest Update

Whatsapp is deploying Dark Mode feature and Biometric authentication in their beta update 2.19.47. Furthermore, Whatsapp also ensures that the new update will come with biometric authentication for Android users as well. How can I enable Dark Mode and Biometric Authentication in Whatsapp?.

Verizon launches free service for identifying and blocking spam calls

Verizon launches free service for identifying and blocking spam calls

When activated, Verizon says the filter will let customers “get alerts when a call is likely spam, report unsolicited numbers, and automatically block robocalls based on their preferred level of risk.”.

Pointing to the future: the next step in fraud prevention

Pointing to the future: the next step in fraud prevention

Considering that five million UK consumers had funds stolen from their bank or credit card account in 2017 – at an average cost of £840 each according to comparison site ComparetheMarket – it is vital that issuers are able to resolve payment disputes quickly and efficiently to maintain cardholder loyalty and brand reputation.

Sandboxing and DMARC Authentication Added to SpamTitan Email Security Solution

Sandboxing and DMARC Authentication Added to SpamTitan Email Security Solution

This week, TitanHQ has rolled out two new features for its award-winning email security solution SpamTitan: Sandboxing and DMARC email authentication. SpamTitan now incorporates DMARC authentication to provide even greater protection against email spoofing attacks.

Login With Facebook, Google or AT&T? Thanks, but No Thanks

Login With Facebook, Google or AT&T? Thanks, but No Thanks

There's more: Project Verify is better than the Facebook and Google SSOs because it's going to be checked against your mobile SIM card, phone number, user credentials, account tenure and phone account type (info only your wireless carrier has).

Man arrested for selling one million Netflix, Spotify, Hulu passwords

Man arrested for selling one million Netflix, Spotify, Hulu passwords

Police in Australia have arrested a man who allegedly made AU $300,000 (US $211,000) running a website which sold the account passwords of popular online subscription services including Netflix, Spotify, Hulu, PSN, and Origin.

W3C Approves WebAuthn For Passwordless Web Authentication

W3C Approves WebAuthn For Passwordless Web Authentication

A new standard for web authentication is here According to Jeff Jaffe, W3C CEO, “Now is the time for web services and businesses to adopt WebAuthn to move beyond vulnerable passwords and help web users improve the security of their online experiences.” He also added, “W3C’s Recommendation establishes web-wide interoperability guidance, setting consistent expectations for web users and the sites they visit.

Facebook Must Explain What it's Doing With Your Phone Number

Facebook Must Explain What it's Doing With Your Phone Number

Alarmingly, recent reports say that some of the phone numbers provided by users for the express purpose of two-factor authentication (2FA) as a way of securing their accounts are now made searchable across the platform by default.

Facebook won't keep your two-factor phone number truly private

Facebook won't keep your two-factor phone number truly private

Twitter user Jeremy Burge pointed out, in a thread, that phone numbers could be searched, with "no way to disable" the feature. And it's impossible to disable the feature if you added your number -- only limit it to your immediate friend circle.

Uproar Over Facebook 2FA Privacy Violation

Uproar Over Facebook 2FA Privacy Violation

Connor Jones says it’s not for the first time we’ve heard complaints like these: [Facebook] encourages its users to set up 2FA account protection which requires a phone number.

Facebook secretly allows you to be looked up via your 2FA phone number and you can't opt out

Facebook secretly allows you to be looked up via your 2FA phone number and you can't opt out

Facebook has already admitted to using phone numbers collected under the guise of two-factor authentication in order to target ads, and now it turns out you can't opt-out of the service once you're committed.

Facebook’s Phone Number Policy Could Push Users to Not Trust Two-Factor Authentication

Facebook’s Phone Number Policy Could Push Users to Not Trust Two-Factor Authentication

Last week, Emojipedia founder Jeremy Burge warned in a viral Twitter thread that anyone could look him up on Facebook using his phone number, which he provided to the social network in order to enable two-factor authentication.

Intelligent Tracking Prevention 2.1

Intelligent Tracking Prevention 2.1

As of ITP 2.1, partitioned cookies are no longer supported and third-parties classified with cross-site tracking capabilities now have to use the Storage Access API to get any cookie access. When a partitioned cache entry is created for a domain that’s classified by ITP as having cross-site tracking capabilities, the entry gets flagged for verification.

Verifying Software Signatures

Verifying Software Signatures

[3] In this instance, "other authentication systems" refers to: [4] Checking Digital Fingerprints of Signed Software [ edit ] Once a user has carefully: Then the file(s) signatures must be verified against the signing key.

Bye-bye passwords on Android: Now, use fingerprint to log in to apps, websites

Bye-bye passwords on Android: Now, use fingerprint to log in to apps, websites

Bye-bye passwords on Android: Now, use fingerprint to log in to apps, websites As the debate over the countless privacy issues rages on, security remains a key concern as users information is on the risk.

Does 2-Factor Authentication Stop Phishing Attacks?

Does 2-Factor Authentication Stop Phishing Attacks?

There are various methods that can be used to bypass 2-factor authentication, for instance, if a user is directed to a phishing page and enters their credentials, the hacker can then use those details in real-time to login to the legitimate site.

Blue Monday in infosec: 620 million accounts across 16 hacked websites now for sale on dark web, seller boasts

Blue Monday in infosec: 620 million accounts across 16 hacked websites now for sale on dark web, seller boasts

Exclusive Some 617 million online account details stolen from 16 hacked websites are on sale from today on the dark web, according the data trove's seller.

Users complain of account hacks, but OkCupid denies a data breach

Users complain of account hacks, but OkCupid denies a data breach

When asked how OkCupid plans to prevent account hacks in the future, the spokesperson said the company had “no further comment.” In fact, when we checked, OkCupid was just one of many major dating sites — like Match, PlentyOfFish, Zoosk, Badoo, JDate, and eHarmony — that didn’t use two-factor authentication at all.

Security and Privacy

Security and Privacy

Some good ones are: If you’re particularly paranoid, use one that encrypts the passwords locally on your computer, as opposed to storing them in plain-text at the server. If you truly want a VPN, use a provider you’re sure you trust, and you should probably pay for it.

How to protect yourself this Data Privacy Day

How to protect yourself this Data Privacy Day

Use complex passcodes for your devices – Alice Duckett It’s not just passwords for your email addresses and social media accounts that need to be secure – ensure that your laptop and mobile phone are secure too.

Distributed PKI: Development and Use Cases

Distributed PKI: Development and Use Cases

Cryptography, the black box we believe can help The REMME team came up with the open source PKI (d) protocol concept to secure communications, we were sure that the primary use case would be human authentication.

773 million email addresses exposed in ‘mega data breach’ — here’s how to see if yours is one of them

773 million email addresses exposed in ‘mega data breach’ — here’s how to see if yours is one of them

“While it’s important that individual web users have strong, secure logins, the onus is on the businesses to detect and block malicious bot traffic before large-scale password hacks can occur.” The breach is yet another reminder that the best way to protect your privacy is to use a password manager and two-factor authentication, said Bill Evans, a vice president at California security firm One Identity.

Digital Safety: Using security keys to secure accounts against phishing

Digital Safety: Using security keys to secure accounts against phishing

Two-step verification is an extra layer of security used to protect accounts. The most secure way to protect accounts is by using a security key. A security key is a hardware device that you can either plug into your computer via USB or connect to wirelessly via your phone.

Massive 'Fortnite' security hole allowed hackers to take over accounts, eavesdrop on chats

Massive 'Fortnite' security hole allowed hackers to take over accounts, eavesdrop on chats

By Variety LOS ANGELES — "Fortnite" players were exposed to hackers who could control their accounts, purchase in-game items through their credit cards, and drop into in-game chats posing as the hacked player, cybersecurity firm Check Point Software Technologies discovered in November.

Remote Work Security Guide

Remote Work Security Guide

Today we want to share our knowledge on how to build a remote team and especially – how we manage remote work security. Especially important in remote work security, and in general, is to make sure that the emails your team is receiving are from a trustworthy source.

What happens to identity and privacy when every biometric can be faked?

What happens to identity and privacy when every biometric can be faked?

Alongside traditional approaches like passwords and hardware tokens, biometrics are increasingly employed to authenticate people, notably with smartphones, many of which now come with fingerprint sensors and facial recognition built in as standard.

HP Looking To Get Into The IoT Space, Files Patent For Smart Mirror

HP Looking To Get Into The IoT Space, Files Patent For Smart Mirror

This proposed mirror would be able to tell if a user is trying to look at their reflection or at the computerized display simply by analyzing their gaze, and would present one more prominently than the other to match that.

More