Fingerprint Login and Authentication

With Apple’s introduction of Touch ID for the new iPhone 5S, there’s been a lot of news coverage of their new fingerprint-based unlock system. People want to know: is it secure? Can someone bypass it? But the thing about fingerprints is that they’ve been easy to bypass for more than 20 years.

authentication, hardware, industry, risk

Useless Password Advice

The mainstream press is full of articles telling you how to use secure passwords, like this one in MSNBC or this one in TechNewsDaily. They echo the traditional wisdom on password security — use a long password, put numbers and symbols and multiple cases in it, and don’t record it anywhere. Well, I suppose there’s […]

authentication, mitigations, passwords

BlackHat 2010: Day 1

I’ve just returned from a trip to BlackHat Briefings USA 2010 and DefCon 18. As always, it was an enjoyable week in Las Vegas learning about the latest research, networking with the surprisingly small world of security professionals, and generally having fun hanging out with a lot of interesting people with the hacker mindset. BlackHat […]

attacks, authentication, crypto, industry, mitigations, products

Hotel Internet and ISP Paywalls

So, I’m currently in a hotel, to remain nameless here, for BlackHat 2009 and DefCon 17. As is usual for expensive hotels, Internet access is available — both wired and wireless — for a substantial fee ($13.99/day here.) This is enforced via a paywall. For anyone who has never tried to use Internet in a […]

attacks, authentication

False Expense Service Reveals the Trouble With Documents

There’s been some news coverage lately about, a service that produces fake receipts to order “for novelty use only.” The obvious purpose of this is to help people scam their companies’ expense reporting system by “padding” receipts. ┬áPeople who are reimbursed for hotel, meals, etc. can create receipts for slightly more than they actually […]

attacks, authentication, legal, society