Fingerprint Login and Authentication

With Apple’s introduction of Touch ID for the new iPhone 5S, there’s been a lot of news coverage of their new fingerprint-based unlock system. People want to know: is it secure? Can someone bypass it? But the thing about fingerprints is that they’ve been easy to bypass for more than 20 years.

authentication, hardware, industry, risk

DefCon 19, Day 3

Sunday was interesting — this was actually the first DefCon I have attended (and I’ve been to the last five) where Sunday was actually busy. Normally Sunday feels very empty — most people have gone home, and the ones that are still around are too hung over to go to the morning sessions. I was […]

attacks, hardware, networks, physical security, products

BlackHat 2009, Day 2

The Thursday keynote was given by Bob Lentz, a Deputy Assistant Secretary of Defense for the United States. His main point was the paradigm shift from network-centric security to what he called content-centric security, and the fact that this devalues the protections around network perimeters. Static defenses don’t work when all the services being used […]

anonymity, attacks, crypto, hardware, industry, legal, networks, passwords, risk, society

BlackHat 2008, Day 1

Today was the first day of this year’s BlackHat Briefings in Las Vegas. The biggest security conference of the year, it’s always an interesting place to be and often involves the release of new and previously unknown exploits. The keynote speaker was Ian Angell, of the London School of Economics, who was speaking, ostensibly, about […]

attacks, hardware, industry, mitigations, SOA/XML

Two-Factor Auth for World of Warcraft

Blizzard Entertainment, makers of the phenomenally-successful multiplayer game World of Warcraft, have introduced two-factor authentication for logging into the game.  For $6.50, they’ll sell you a dynamic password keychain token called the Blizzard Authenticator, which looks much like the RSA keyfobs many in the IT industry use to log into their corporate VPNs. It may […]

attacks, authentication, hardware, passwords, products, risk