The only problem with password managers is that once a person has access to your master list, you’re in big trouble. This is why password managers usually have an added layer of security to prevent users from accessing the master list unless they have a master password, or in the case of LastPass where they created an app requiring users to scan their fingerprint or enter a PIN (this acts as two-factor authentication).

However last week it seems that a developer revealed that he was able to bypass the security on the Android version of LastPass Authenticator, which thankfully the company has since managed to fix. According to LastPass, “When a researcher discovered a workaround for the extra the PIN/fingerprint prompt, our engineering team fixed the issue that allowed the workaround and the update is available now. Now when the fingerprint/PIN feature is enabled, users must provide their fingerprint or PIN code in order to view the one-time code.”

Yoti (Your Own Trusted Identity) is a smartphone app that solves the identity problem for many digital services. But while it provides more privacy than most systems, it's not going to replace lying...

Fake news is becoming a huge problem and many companies know it. Companies such as Facebook are working on ways to help users identify fake news, and recently during a hackathon held at Yale University, a group of college students managed to develop a browser plug-in that detects fake news that you encounter on the internet.

Researchers are developing an internet-based tool they hope will predict the effectiveness of antidepressants for individual patients, ending the current prescription lottery.

If you care about maintaining privacy over medical records and prescriptions, this was not a good year.

As tech giants grapple with how to detect and scrub misinformation and propaganda from their social media platforms, French President Emmanuel Macron has a more extreme approach: Block the whole damn website.

In a speech to journalists on Wednesday, Macron said he planned to introduce new legislation to strictly regulate fake news online during political campaigns. His proposal included a number of measures, most drastically “an emergency legal action” that could enable the government to either scrap “fake news” from a website or even block a website altogether, the Guardian and Politico reported.

The Public Key Infrastructure (PKI) is the software system that allows to sign, validate certificate, keep a list of revoked certificates, distribute CA public key. The goal of PKI is to enable secure communication among parties who have never met before.

The most common use case of the PKI are myriad of the websites secured with TLS/HTTPS and using SSL certificates to establish trust for particular domain name(s) and authenticate the server side. Once the certificate is signed by the CA (certificate authority), it remains valid for a specific duration. When it’s about to expire, usually you renew it or buy a new one. But sometimes you need to revoke a certificate beforehand, usually due to a private key compromise.

Certificate revocation is a process of invalidating an issued SSL certificate. Ideally, browsers and other clients should be able to detect that the certificate is revoked in timely manner, show the security warning, that certificate is no longer trusted, and prevent user from further consuming such a website.

Per Thorsheim, Microsoft's Dr. Cormac Herley, the UK's NCSC, the Chief Technologist at FTC, I and many others are working hard to kill password expiration. Password expiration is when an organization requires their staff to change their passwords every 60, 90 or XX number of days. Password expiration is also a great example of how security professionals fail by simply repeating old myths or focusing on just mitigating risk, forgetting about the cost or impact of those mitigating controls. Here's is why password expiration must die

Entwickler und Hersteller von Mikrowellen und Öfen können bald die Alexa Smart Home Skill API nutzen. Der Name lässt es vermuten: Es geht um allerlei verzahnte Geräte in eurem Smart Home. Nachdem bisher Kameras, Türschlösser, Lampen, Unterhaltungssysteme und Thermostate auf die Alexa Smart Home Skill API zugreifen, können dies Öfen und Mikrowellen bald auch.

Starten will Amazon damit in den USA. Mit der integrierten Kochgerätesteuerung in der Smart Home Skill API sollen es Hersteller Kunden leichter machen, ihre mit der Cloud verbundene Mikrowelle zu steuern. Anstatt mehrere Tasten zu drücken, um erweiterte Mikrowellenfunktionen zu aktivieren, können so Kunden jetzt ihre Stimme verwenden. Ein Nutzer kann beispielsweise sagen: „Alexa, zwei Kilo Hack auftauen“ oder „Alexa, Mikrowelle für 50 Sekunden auf Hochtouren“.

Zehntausende sensible Schuldnerdaten sind in die Hände Dritter gelangt.
Grund ist ein Datenleck bei der Schweizer Tochter der Eos-Gruppe, einem der größtem Inkassounternehmen in Europa.
Die Dokumente enthalten hochsensible Informationen, etwa Krankenakten oder seitenlange Kreditkartenabrechnungen. Betroffen sind vorrangig Kunden in der Schweiz.

Auch Browser selbst verfügen über eingebaute Passwort-Manager, die nach einer Studie des Princeton University Center for Information Technology Policy jedoch eine Sicherheitslücke beherbergen, die es Werbe-Firmen möglich macht, euch im Netz zu tracken. Eine wichtige Information vorweg: Es werden keine Login-Daten gestohlen. Man macht sich lediglich die Information zunutze, was auch schlimm genug ist. 

adblocking has set off a software-based arms race, with publishers finding software solutions that keep ads appearing or entreat people using adblocking software to white-list them. Adblockers readily respond with modified software that targets these specific responses, triggering the publishers to try again.

Some academics have recently stepped into the middle of this arms race, performing an analysis that allows them to identify the specific methods used by publishers to avoid having ads blocked. And the team has gone on to try a couple of different approaches, both of which modify a webpage's contents to keep the anti-adblocking software from having an effect.

The movement to encrypt the web reached milestone after milestone in 2017. The web is in the middle of a massive change from non-secure HTTP to the more secure, encrypted HTTPS protocol. 

Barriss is alleged to have called in a lengthy threat to Wichita police on Thursday night after a Call of Dutygame in which two teammates got into an altercation over a $1.50 wager. Screenshots posted to various Twitter accounts show the dispute escalating. Shortly thereafter, the Wichita police received a call alleging that someone at that address had killed his father, taken his family hostage, poured gasoline around the home, and was ready to light it on fire. Cops descended on the area and cordoned it off. When 28-year-old Andrew Fitch opened the front door of his home to see why all the lights were flashing outside, he was shot and killed.

Ancestry.com said it closed portions of its community-driven genealogy site RootsWeb as it investigated a leaky server that exposed 300,000 passwords, email addresses and usernames to the public internet.

London’s Metropolitan Police believes that its artificial intelligence software will be up to the task of detecting images of child abuse in the next “two to three years.” But, in its current state, the system can’t tell the difference between a photo of a desert and a photo of a naked body

Der Suchmaschinen-Konzern arbeitet an einem System mit dem Namen Neural Image Assessment (NIMA),welches ein sogenanntes Deep Convolutional Neural Network einsetzt, um eure Bilder zu bewerten. Es ist sozusagen euer ganz persönlicher Kritiker.

Over the past year, online dating service OkCupid has shaken up a few of its core features, and the changes have all pushed the service far closer to resembling rival dating app Tinder. Thursday's big change, however, sees the site borrowing a subtler Tinder "feature" that has long enraged users of other online platforms: a real-name policy, coming before year's end.

The National Security Agency is losing its top talent at a worrisome rate as highly skilled personnel, some disillusioned with the spy service’s leadership and an unpopular reorganization, take higher-paying, more flexible jobs in the private sector.

The Department of Homeland Security (DHS) on Wednesday confirmed a data breach involving the personally identifiable information of more than 240,000 current and former DHS employees.