A Review of the Best News of the Week on Identity Management & Web Fraud

Twitter Took Phone Numbers for Security and Used Them for Advertising (VICE, Oct 08 2019)
This could make people think twice about using a phone number to secure their account at all.

2019 Global Password Security Report (LastPass, Oct 08 2019)
57% of businesses globally are using multifactor authentication, compared to 45% last year.
13x is how often an employee reuses a password, on average.
23% of employees access their password vault on a smartphone.

FBI’s Use of Surveillance Database Violated Americans’ Privacy Rights, Court Found (WSJ, Oct 09 2019)
Some of the FBI’s electronic surveillance activities violated the constitutional privacy rights of Americans swept up in a controversial foreign intelligence program, a surveillance court has ruled.

Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~11,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

Legacy Systems Held DHS’ Biometrics Programs Back. Not Anymore. (Nextgov, Oct 05 2019)
The cloud-based HART system, which will house data on hundreds of millions of people, promises to significantly expand the department’s use of facial recognition and other biometric software, as well as its partnerships with external agencies.

Microsoft: Any form of MFA takes users out of reach of most attacks (Help Net Security, Oct 04 2019)
“Use of anything beyond the password significantly increases the costs for attackers, which is why the rate of compromise of accounts using any type of MFA is less than 0.1% of the general population,” Alex Weinert, Group Program Manager for the Identity Security and Protection team at Microsoft, explained.

Egypt Is Using Apps to Track and Target Its Citizens, Report Says (NYTimes, Oct 03 2019)
Egypt Is Using Apps to Track and Target Its Citizens, Report Says  The New York Times

JFK Airport’s Terminal 1 launches facial recognition boarding (New York Post, Oct 08 2019)
A biometric self-boarding gate has officially been launched at John F. Kennedy International Airport’s Terminal 1, officials said Tuesday. Lufthansa has deployed the paperless, high-tech boarding p…

Passport facial checks fail to work with dark skin (BBC News, Oct 09 2019)
The UK government admits it knew its facial mapping tech struggled to work with some skin tones.

Insider threats are security’s new reality: Prevention solutions aren’t working (Help Net Security, Oct 07 2019)
Today, 79% of information security leaders believe that employees are an effective frontline of defense against data breaches. However, this year’s report disputes that notion.

Amex Employee Suspected of Wrongfully Accessing Customer Data to Commit Fraud (Infosecurity Magazine, Oct 04 2019)
Amex warns customers to be vigilant for fraudulent activity on their accounts after data breach

New York City Lawmakers Look to Regulate Facial-Recognition Tools (WSJ, Oct 08 2019)
Legislation would establish guidelines for landlords and businesses using biometric data systems

Wi-Fi signals let researchers ID people through walls from their gait (Naked Security – Sophos, Oct 07 2019)
Police could set up transceivers outside a building and compare spectrograms of suspects walking vs. crime scene footage.

£3 billion Safari iPhone privacy lawsuit given go-ahead (Naked Security – Sophos, Oct 04 2019)
A UK class action lawsuit against Google, that represents around 5 million iPhone users, can go ahead, according to the UK Court of Appeal.

Instagram is helping users avoid phishing scams (Engadget, Oct 08 2019)
A new feature lets Instagram users confirm security emails are genuine.

Nationwide facial recognition ID program underway in France (Naked Security – Sophos, Oct 08 2019)
It’s coming next month, in spite of a lawsuit and the data regulator’s protests about lack of consent, data security and privacy.

2020 Presidential Candidate Campaign Websites Fail On User Privacy (SecurityWeek, Oct 08 2019)
Despite everything that has happened over the last four years, the security posture of the 2020 presidential candidates’ campaign websites is little better and often worse than it was in 2016.

How the Software-Defined Perimeter Is Redefining Access Control (Dark Reading, Oct 09 2019)
In a world where traditional network boundaries no longer exist, VPNs are showing their age.

2FA, HTTPS and private browsing still a mystery to most Americans (Help Net Security, Oct 10 2019)
Most US adults know what phishing scams are and where they occur, what browser cookies do, and that advertising is the largest source of revenue for most social media platforms, a recent Pew Research Center survey aimed at testing American’s digital knowledge has revealed.

Impact and prevalence of cyberattacks that use stolen hashed administrator credentials (Help Net Security, Oct 10 2019)
There’s a significant prevalence and impact of cyberattacks that use stolen hashed administrator credentials, also referred to as Pass the Hash (PtH) attacks, within businesses today, according to a survey from One Identity.

California outlaws facial recognition in police bodycams (Naked Security – Sophos, Oct 10 2019)
The bill was introduced by Phil Ting: one of 26 state lawmakers misidentified as suspects in an ACLU test of the technology.