Facebook enabled U2F

ClickSSL Weekly InfoSec Snipper January 30, 2017

This entry is part 125 of 139 in the series Weekly Infosec Snipper

Facebook enabled U2F for security reason

Facebook has enabled Fido-compliant Universal 2nd Factor Authentication (U2F). It allows users to log into Facebook with Yubikey – a physical security. A hardware-based authentication would simplify, tighten and secured Facebook platform. Many companies like Google, Dropbox, GitHub, and browsers like Chrome, and Opera already implement U2F technology. This authentication can be used to authenticate online services without requiring mobile connections and batteries. It can prevent phishing, man-in-middle and other type of attacks.

AlphaBay – a Dark Marketplace faced cyber attack

AlphaBay – a dark market place is under threat and hacker has exploited vulnerabilities in the internal mailing system of the website. AlphaBay has paid the hacker as hacker has hijacked 200,000 private messages. Hacker has access messages of buyer and seller, as messages were not encrypted. The messages included illegal drugs to exploits, malware and stolen data. Hacker has also posted five screenshots to prove that the website is hacked.

China put ban on use of VPNs

China has put a step forward and banned on mass VPNs, and made it hard for internet users to bypass Great Firewall of China. Great Firewall of China is a shield project to censor internet and block many foreign websites. The ministry of Industry and Information Technology launched a 14-month restriction on the usage of unverified web connections that includes VPN too. The new rule made use of VPN without prior approval of the government.

Cheap SSL

Around 4.2 Billion records were exposed in 2016

Risk Based Security brought a report, which said that around 4149 data breaches were done and half of them (47.5%) were done in the USA only. The total breaches exposed 4.2 billion records and 68.2% of records were from US citizens. There are different parts of the world where the data breaches were not reported, because they were not detected. The cases related to theft of credentials were declined in 2016 compared to year 2015.

Gmail stopped JavaScript file as email attachment

Gmail is going to stop attachment of JavaScript (.js) in email for security reason. JavaScript files may contain insidious threats therefore; such files will not be allowed as email attachment. Gmail will show warning message if user attaches such file. Google also suggested sharing such file via Google drive and cloud storage. JavaScript files have been exploited in recent malicious campaigns and that’s why the step to ban such files as attachment seems a good effort.

Series Navigation<< ClickSSL Weekly InfoSec Snipper January 23, 2017ClickSSL Weekly InfoSec Snipper February 6, 2017 >>