A Review of the Best News of the Week on Identity Management & Web Fraud
Your Pa$$word doesn’t matter (Alex Weinert – Microsoft, Jul 10 2019)
“Every week I have at least one conversation with a security decision maker explaining why a lot of the hyperbole about passwords – “never use a password that has ever been seen in a breach,” “use really long passwords”, “passphrases-will-save-us”, and so on – is inconsistent with our research and with the reality our team sees as we defend against 100s of millions of password-based attacks every day. Focusing on password rules, rather than things that can really help – like multi-factor authentication (MFA), or great threat detection – is just a distraction. Because here’s the thing: When it comes to composition and length, your password (mostly) doesn’t matter.”
Privacy and security risks as Sign In with Apple tweaks Open ID protocol (Naked Security – Sophos, Jul 08 2019)
An open letter from the OpenID Foundation says that Apple introduced potential risks when it diverged from the OpenID Connect protocol.
I’m a Journalist but I Didn’t Fully Realize the Terrible Power of U.S. Border Officials Until They Violated My Rights and Privacy (The Intercept, Jul 05 2019)
I complacently assumed that CBP’s horrendous treatment of migrants wouldn’t affect me directly, least of all in Austin, the city where I was born.
One of My Favorite Things
Since I started this curated newsletter in June 2017, I’ve clipped ~10,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
ISPs call Mozilla ‘Internet Villain’ for promoting DNS privacy (Naked Security – Sophos, Jul 08 2019)
ISPA has shortlisted Mozilla for the sort of award that, on the face of it, no tech company should be keen to win – 2019’s Internet Villain.
FBI, ICE find state driver’s license photos are a gold mine for facial-recognition searches (Washington Post, Jul 08 2019)
The state DMV databases form the bedrock of an unprecedented surveillance infrastructure, allowing federal investigative and immigration agents to scan millions of Americans’ faces without their knowledge or consent.
The Pentagon has a laser that can identify people from a distance—by their heartbeat (MIT Technology Review, Jul 09 2019)
The Jetson prototype can pick up on a unique cardiac signature from 200 meters away, even through clothes.
Email Tracking Is Creepy and Invasive and No One Should Do It (VICE, Jul 03 2019)
The rise of email “tracking pixels” is a dystopian nightmare that shows a complete lack of empathy for the person you’re talking to.
Brits Shun Biometric Authentication for Traditional Passwords, Report (Infosecurity Magazine, Jul 04 2019)
Nearly a third of people in the UK prefer to use passwords over biometric credentials
Florida state worker steals resident’s PII (SC Magazine, Jul 03 2019)
About 2,000 Florida residents were potentially victimized by an employee of that state’s Department of Children and Family Services (DFCS) who accessed and used their PII to fraudulently make $260,000 in purchases.
Intelligent Authentication Market Grows to Meet Demand (Dark Reading, Jul 05 2019)
Confidence in user identity is critical to prevent fraud and theft, and companies are looking for new ways to get the necessary assurance.
Why identity is the foundation of security (Help Net Security, Jul 08 2019)
“Those days are long gone. Guarding the perimeter is no longer possible because there is no perimeter. Though some information may still be hosted on in-house servers, much of it has migrated to the cloud. According to a recent Flexera survey, 84% of enterprises have a multi-cloud strategy, with public cloud adoption surpassing private cloud adoption.”
Most organizations plan to adopt new authentication solutions within two years (Help Net Security, Jul 08 2019)
Enabling mobile device authentication with biometric-based access is the best approach to eliminate passwords, according to MobileIron.
The value of passwordless technology: Learning from the American prohibition era (SC Magazine, Jul 08 2019)
During the American Prohibition Era, patrons often used passwords to get into a speakeasy or club serving alcohol. Say the wrong word to the doorman and you were kept out in the cold. Did this system keep lawmen out? Not at all. Patrons often gave up passwords, while secret agents could guess many of them. Sometimes they simply pushed right past the doormen.
What Is Credential Dumping? (Wired, Jul 07 2019)
Modern network intrusions thrive on a counterintuitive trick: stealing passwords from computers that hackers have already compromised.
Apple aims privacy billboard at Google’s controversial smart-city (Naked Security – Sophos, Jul 09 2019)
It’s outside of Sidewalk Labs HQ in Toronto, where Google’s sister company is working on stuffing the city with data-collecting sensors.
Digital Rights Group Says Facial Recognition Surveillance ‘Simply Should Not Exist’ (VICE, Jul 09 2019)
Fight for the Future warns the dangers of facial recognition technology merit a federal ban.