Posts tagged Secure

Twilio Acquires Authy For More Secure Mobile-App Development

It just got a little easier for developers to improve the security in their coding projects. Twilio, a developer-friendly set of tools for creating SMS, voice, and voice-over-IP applications, has acquired Authy, a developer tool for implementing two-factor authentication.

Twilio claims to have more than 500,000 registered developers using its tools, and says that more than a million individual software applications use its platform in some way. As interest in mobile development soars, Twilio’s tool suite has become an SMS, MMS, and VoIP solution for enterprise and novice developers alike.

See also: My Fish Just Sent Me A Text Message

It’s no surprise that such a mobile-focused company has opted for a highly mobile security solution. Authy’s two-factor authentication works by sending a token—typically a six or eight digit number—to a secondary device (mobile or desktop); the user must input both his or her password and the token to access to an account. Authy aims to make it easy for developers to integrate two-factor authentication into their apps.

Previously, Twilio users who wanted additional security in their apps needed to build their own two-factor authentication around Twilio’s SMS and voice services. Moving forward, Twilio users can do away with that hassle and choose Authy as a product option.

See also: Friday Fun: Build A Drinking Game With Twilio MMS And Flickr API

This is Twilio’s first company acquisition, and neither CEO Jeff Lawson nor Authy CEO Daniel Palacio are revealing the financial details behind it. The entire Authy team, however, is coming on board as Twilio’s new authentication team, effective immediately.

Screenshot courtesy of Authy

View full post on ReadWrite

Browsing In Privacy Mode Isn’t As Secure As You Think

Your browser’s incognito mode might not be a secure as you think. A researcher has come up with a proof of concept for Super Cookies, a type of data retention that could turn one of your browser’s biggest security features into its biggest privacy hazard.

See also: The Real Lesson From Recent Cyberattacks: Let’s Break Up The NSA

Cookies are messages between a web server and web browser that get exchanged when a user requests an Internet site. Then, when the user returns to the same site, the website will recognize the user from the cookie it has stored. Essentially, cookies allow websites to fingerprint users and keep tabs on them—when they’re not in incognito mode. Presumably, the difference in incognito mode is that cookies are never exchanged.

Now Sam Greenhalgh, a technology and software consultant, has developed a proof of concept for HSTS Super Cookies, which can fingerprint users even in incognito mode. In order to show he has this capability, his site sets a tracking ID for each visitor. Visit the site as many times as you like in as many browsers and browser settings as you want; you’re still vulnerable to Super Cookies if the tracking ID remains the same.

HSTS stands for HTTP Strict Transport Security, a security protocol that ensures users only interact with a website via a secure HTTPS connection. For a more detailed explanation, check out Ars Technica’s thorough description.

Greenhalgh noted that he is aware of only one browser version that is invulnerable to HSTS Super Cookies: the latest version of Firefox, 34.0.5. Internet Explorer isn’t vulnerable for a different reason—it doesn’t support HSTS security in the first place.

Photo by Jeramey Jannene

View full post on ReadWrite

Your Messaging App Probably Isn’t As Secure As You Think

More than a few messaging apps aren’t doing everything they can to keep your nude photos from leaking on to the Internet or The Man from eavesdropping on your personal conversations, the Electronic Frontier Foundation reports.

In fact, after  evaluating three dozen communication tools for its new Secure Messaging Scorecard, the EFF found that there there are only a handful of truly secure messaging apps. And odds are good that most people aren’t using them. 

You might not be familiar with the top scorers, which include ChatSecure, CryptoCat, Signal/Redphone, Silent Phone, Silent Text, and TextSecure. These are the six apps that met the EFF’s seven-point criteria for secure messaging:

  1. Messages are encrypted in transit
  2. Messages are encrypted so the service provider can’t read them
  3. Contacts’ identities can be verified
  4. Past communications are secure if keys are stolen
  5. Code is open to independent review
  6. Security design is properly documented
  7. The code has been audited

Apple’s iMessage and FaceTime products stood out as the best of the mass-market options, although neither currently provides complete protection against sophisticated, targeted forms of surveillance. Many options—including Google, Facebook, and Apple’s email products, Yahoo’s web and mobile chat, Secret, and WhatsApp—lack the end-to-end encryption that is necessary to protect against disclosure by the service provider. Several major messaging platforms, like QQ, Mxit and the desktop version of Yahoo Messenger, have no encryption at all.

Apple’s iMessage and FaceTime did best among mainstream apps, “although neither currently provides complete protection against sophisticated, targeted forms of surveillance,” the EFF said in a statement

If you’re looking to keep your service provider out of your communications, forget about Secret, SnapChat and WhatsApp, as well as Apple, Google and Facebook’s email services and Yahoo’s mobile and Web chat. None offer end-to-end encryption necessary to keep your conversations from being accessed by the company sending them. 

Of course, it could be worse. According to the EFF,  QQ, Mxit and the desktop version of Yahoo Messenger, “have no encryption at all.”

Lead illustration courtesy of Shutterstock




View full post on ReadWrite

Snapchat Claims It Can’t Afford To Keep Your Photos Secure

Snapchat is valued at $10 billion, with its 24-year-old CEO Evan Spiegel paying himself a $10 million salary. Yet in the wake of a third-party breach which allowed hackers to post hundreds of thousands of private Snapchat photos on the Internet, the company now claims it has neither the time or money to keep its customers secure.  

“It takes time and a lot of resources to build an open and trustworthy third-party application ecosystem,” the company wrote in a Snapchat blog post. “That’s why we haven’t provided a public API to developers and why we prohibit access to the private API we use to provide our service.”

See also: Hacked Site Takes Blame For Snapchat Leak

Hackers dumped hundreds of thousands of user photos—about 13GB—onto Internet forum 4chan on Sunday, a breach Internet joke smiths call “The Snappening.” Snapchat traced the hack to a third-party app named SnapSaved, and promptly blamed the victims:

“Snapchatters were allegedly victimized by their use of third-party apps to send and receive Snaps, a practice that we expressly prohibit in our Terms of Use precisely because they compromise our users’ security.”

Snapchat blames users, but it’s hard to believe users realized that Snapchat’s third party apps were insecure in a time when third party apps for most social networks are not. Places like Twitter and Facebook, for example, provide a public API for developers interested in creating third party apps. When an API isn’t available, developers are forced to use a less secure workaround of accessing user credentials, and that’s what happened with SnapSaved.

See also: Snapchat Blames Victims In Nude Photo Leak

What’s especially interesting is Snapchat’s insistence that the company doesn’t have the time or resources to build a secure API, given the site’s current $10 billion valuation. Asked about his newfound wealth at a Vanity Fair event, CEO Evan Spiegel said:

“It’s all fake money still. We generally have the feeling there is a lot more work to do.”

It’s unclear what Spiegel meant, whether he was stating that going from rags to riches felt like monopoly money, or whether the money was somehow still inaccessible—another staggering leap of illogic given that he gave himself a $10 million salary last year.

Don’t listen to Snapchat’s victim blaming. The company indeed has the resources to ensure a hack like this doesn’t happen again, and it ought to begin taking responsibility.

Lead photo by Snugg LePup.

View full post on ReadWrite

Navigating Secure Search: From Keywords to Content [BrightEdge Share 14]

In a session at BrightEdge’s Share 14 event, brands discussed how they’ve shifted their approach in a keyword “(not provided)” world.

View full post on Search Engine Watch – Latest

Live @ SMX East: How To Secure Your Site For Google’s HTTPS Algorithm

Google wants everyone to secure their websites, to make the browsing experience on the web safer for everyone. Google has even gone so far as to say that sites that implement HTTPS — adding an SSL 2048-bit key certificate on your site — will give it a minor ranking boost. What’s not to like…

Please visit Search Engine Land for the full article.

View full post on Search Engine Land: News & Info About SEO, PPC, SEM, Search Engines & Search Marketing

HTTPS Sites Secure Ranking Boosts in Google

Google announced HTTPS would be used as a signal in its search ranking algorithm. Starting it as a “lightweight” signal, affecting fewer than 1 percent of global queries to give sites “time to switch,” Google said the signal may strengthen over time.

View full post on Search Engine Watch – Latest

Google Starts Giving A Ranking Boost To Secure HTTPS/SSL Sites

Google To Give Secure Sites A Ranking Boost Google has announced (the blog post hasn’t gone live yet, actually) that going HTTPS — adding a SSL 2048-bit key certificate on your site — will give you a minor ranking boost. Google says this gives websites a small ranking benefit,…

Please visit Search Engine Land for the full article.

View full post on Search Engine Land: News & Info About SEO, PPC, SEM, Search Engines & Search Marketing

Russian Search Engine Yandex Goes 100% Secure Search, Referrer Data Now “Not Provided”

Yandex announced (in Russian) today that they have now went 100% secure, encrypting all search queries, resulting in a huge jump in the [not provided] count. This was first reported by Anna Oshkalo who shared a screen shot of her analytics detailed the bulk of her Yandex keyword data now shows [not…

Please visit Search Engine Land for the full article.

View full post on Search Engine Land: News & Info About SEO, PPC, SEM, Search Engines & Search Marketing

Google’s Motives Behind Secure Search: Interview with Marcus Tober of Searchmetrics by @murraynewlands

I caught up with Marcus Tober, CTO of Searchmetrics, to discuss the recent news of Google’s keyword data for paid search becoming ‘not provided’. Marcus shared his thoughts on this shift and provided some insight about what it means for the future of paid search. In my interview with Marcus I asked him what are Google’s motives behind this change, and how it’s going to affect the industry. I also asked if there’s any possibility of those who are unhappy with Google moving over to Bing instead. For my full interview with Marcus, please see the video below: Here are some key […]

The post Google’s Motives Behind Secure Search: Interview with Marcus Tober of Searchmetrics by @murraynewlands appeared first on Search Engine Journal.

View full post on Search Engine Journal

Go to Top
Copyright © 1992-2015, DC2NET All rights reserved