Penetration testing of Internet-facing fintech applications is an essential necessity in the age of online competitors and cybercrime. Penetration testing gives you the independent assurance that all the hard work you have invested in designing and implementing secure infrastructure or applications has paid off and your product won’t fall apart when subjected to malicious activity – as eventually it will be. Deciding on the specific type and scope of penetration testing however is not straightforward. Here is a basic introduction to assist with informed decision-making. Web application penetration testing Penetration testing of Web applications involves identification of [...]
A biometric is a form of identity based on a physiological (fingerprint, face, eye iris or retina) or behavioural (speech or signature) characteristic. There’s no special training required for a consumer to use them, they can’t be lost unlike conventional access methods and are unique to every individual.
If you’ve ever experienced airport retina scanning or have a fingerprint identity on your smartphone, you’re already part of the world of biometrics. Apple, closely followed by Samsung, brought touch ID to the consumer market place and demonstrated how user friendly biometrics can be. Once, this was all considered the stuff of science fiction films but biometrics is now [...]
It’s half ten, I’m working from home, an 0345 number comes up on my phone, I answer. Me: Hello. Bank: It’s Nancy* from the Co op bank, can I speak to Mr XYZ** please? Me: That’s me. Bank: Thank you, before I continue, I do need to ask some security questions. Can I take the 1st and 3rd digit of your 4 digit security code please? Me: Sorry but No. I don’t actually know that you’re from the Co op bank so I’m not going to give you my security code. Because if I do, and you defraud me, it’s my liability. Bank: Ah, but it’s OK, because I only need two of your 4 digits, so I can’t access your account with those. It’s just for security. Me: Yes, I understand that, but if you also [...]
Cycle Eye is Fusion Processing’s answer to the 14 cyclists killed on average every year in London by trucks or buses. It’s a small device that uses radar and a low light camera to identify cyclists close to the vehicle. Once attached to the side of the truck or bus, it provides a warning alert to the driver [...]
You need to be a special kind of person to be a security analyst. Of course, you need expertise across a range of technologies, as well as understanding best practice around protecting data against a range of threats. But you also need to be able to spot the causal needle in a haystack of data, from a variety of servers, firewalls and other security devices; and quickly.
Above all, however, you need resilience. Security is relentless: rarely a day goes by without some potential threat emerging. You’re well aware that the privacy of your customers, your company’s reputation and, potentially, its [...]
Cisco recently picked up Jasper for $1.4B and created quite the eye-opening stir in the world of IoT, and what a massive world it is. In some ways that makes it easy to gloss over the term like ‘cloud’ or ‘mobile’ before it, indeed it may be the next step in the progression, but my advice would be to pick an industry if you want to dive deeper. The trend of our ever-more-connected world is far too large to fit in one neat buzzword basket. Here, I would like to snapshot a little of what’s happening in ‘IoT Security’ (Map courtesy of CB Insights.)
Security is the foundational enabler of IoT because in the areas where it is seeing the most adoption and deployments (e.g. [...]
In a hilarious new interview with Edward Snowden, Last Week Tonight’s John Oliver dumbed down the mass surveillance debate and put it into terms the average American can understand. Somehow, the conversation even took a turn to relate government surveillance to dick pics.
To settle a class-action lawsuit, LinkedIn has agreed to pay about $1 to each of the roughly 800,000 people who were premium users between March 2006 and June 2012.
The suit was brought forth by premium user Katie Szpyrka after 6.5 million hashed user passwords were published in June 2012. She claimed that LinkedIn was in violation of a number of California laws, in breach of implied contracts, and negligent.
LinkedIn agreed to pay $1.25 million into a fund, with lawyers getting about a third of that amount. After their cut and other expenses, LinkedIn Premium users will each get about a buck.
Yes, a whopping sum of $1 for not properly protecting your data. [...]
On Friday, a group claiming to be affiliated with Anonymous released a document containing around 13,000 username/password combinations along with credit card numbers and expiration dates.
The information was released in a massive text file posted on document sharing site Ghostbin. The most significant leaks come from video game networks like Xbox Live, the PlayStation Network, and Twitch.tv. Data was also stolen from accounts at Walmart, Amazon, Hulu Plus, and a bunch of porn sites.
Some Anonymous members have denied that the hacktivist group had anything to do with the leak. Because Anonymous has no official leadership or hierarchy, hackers branding themselves [...]
Shortly after claiming that user privacy and data security are its “top priorities,” CurrentC—Walmart’s clunky, QR code-powered payment app—has been hacked. Business Insider reports that the company is notifying early customers that “unauthorized third parties” (read: hackers) may have obtained their email addresses.
Yes, the app that is already inherently far less secure and private than Apple Pay and other NFC-based systems has been breached before its launch.
CurrentC is an effort led by Walmart and other major retailers to compete with Apple’s new payment system—but it’s not very efficient. The process involves [...]