authentication
Latest
PlayThru hopes to kill text captchas with game-based authentication
At their worst, captchas are impossible to decipher; at their best, they're... fun? A startup called Are You a Human has developed PlayThru, an alternative to text-based authentication. Instead of requiring the user to type some blurry, nonsensical word, PlayThru has them play a mini-game, such as dragging and dropping a car into an open parking spot. The startup says this method is more secure than word captchas -- since automated bots have a harder time solving these image-based puzzles -- and more fun, because users generally have a better time when their ability to identify letters isn't called into question. PlayThru has been in beta for several months and is currently available as a free download. On May 21st, the solution will officially launch on both PCs and smartphones. Click through to the source link to try out the captcha alternative for yourself.
Sony prepping power outlet that demands payment, identification
We're already counting down the days until these bad boys find themselves in your local cafe and airport terminal. Sony is working on power outlets that are able to identify a user and determine their permissions at that particular socket. With the quick tap of a card, phone or other NFC device your authentication info is passed to a server over the powerline itself. The tech could be used to manage power consumption or prevent theft, but the more obvious and immediate use will be to make a quick buck. The chips at the heart of the platform are compatible with Sony's FeliCa NFC payment system -- which means travelers waiting at Narita International Airport could soon be paying for both WiFi and to keep their laptop juiced when their flight is inevitably delayed. On the other hand, perhaps being able to charge for a charge will convince New York City Starbucks to give us our outlets back. Check out the source link for some machine translated PR.
EasySignMobile enters the Facebook fray for iPhone and iPad
Need to sign a contract, like, now? There's an app for that. Several actually, but the folks who create EasySignMobile have gone and made their service a bit more accessible to the unwashed masses with an updated version that supports Facebook authentication. The new feature is currently available only for iOS, although we'd imagine Android users will find similar love in the near future, as the company released its first version for Google's platform last October. Also on deck for iPhone and iPad fans, the latest version of EasySignMobile offers integration with Dropbox and Box.net for easy file storage and retrieval. So next time you need to make your mark, perhaps you can reach into your pocket rather than rummage for a pen. Those interested will find the full PR after the break.
Google demos QR code Gmail access, claims something better in store
What's the big G up to here, then? It seems the Gmail team has been tinkering with a new secure method of accessing your precious email. Type your credentials into your phone, then scan a QR code in the browser to log in. It's ideal for public machines where typing your password might gift your credentials to any key-logging software. Sadly though, it seems the venture was just an experiment, with Google employee Dirk Balfanz confirming so on his Plus account. So, we might not be accessing our Gmail sans keyboard anytime soon, but with said staffer also teasing that his team are working on something "even better" who knows how we'll be logging on in the near future -- let's just hope it's not this.
Inside Secure announces NFC chips to help distinguish knockoffs from the real thing
If you can't tell if a Rolex or a knockoff Prada bag is fake, your NFC-enabled smartphone will be able to. Toking on a long-standing problem with counterfeiting, French company Inside Secure has released the Vault150 security module, a NFC-based chip that can be embedded into any product a retailer might wish to have authenticated by prospective buyers. This could become as easy as literally embedding the chip, as NFC chips require no power source, can collect RF energy from an NFC reader such as a smartphone and complete an authentication request for a potential buyer. For more intricate products where the chip might have to be buried deeper, Inside Secure has also offered several antenna options that allow the chip to be placed well within an item and still communicate with an NFC reader. In cases where a module needs to be embedded in items like a bottle of wine or pair of shoes, the chip can use a slew of voltage, frequency or temperature change sensors to sense if someone has tried to alter the chip's information and return a warning from there. Along with authentication purposes, the devices could also ping a shopper's handset (in addition to doing cool things like opening doors) when they came within a certain range of a product, informing them as to the savings they might be about to pass by. Final pricing and availability has yet to be announced and there's no guarantee that this will spot every fake, but it'll probably be better at the task than the current champ (yes, Chumlee).
SD Association aims to provide authentication services with standardized smart-chip technology
The SD Association has already embraced some authentication measures to provide things like secure ebooks, but it's now looking to go the extra mile with a little help from GlobalPlatform. The two have announced today that they're collaborating on a standardized smart-chip technology for SD and microSD cards, which they hope will let the memory cards be used for everything from mobile payments and personal ID -- including near-field communication -- to things like mobile television subscriptions and other customized services. Of course, that's all still in the earliest stages, and there's no indication of a timeline for any of it just yet. The official press release is after the break.
iPass wants a world of interconnected WiFi, a roaming 'renaissance'
Some ideas are undeniably sensible, and zero-click WiFi roaming across carriers and countries is one of them. That's why iPass has set itself the unenviable but likely profitable task of convincing global telecoms giants to overlook their differences and form an "Open Mobile Exchange" based on its cloud-based authentication technology. It won't be the first to embark on such a voyage of persuasion: Skype is already on the case and Boingo is too (at least, sort of), but there are still plenty of fragmented hotspot services out there waiting to be crushed and blended by an effortless roaming technology. We just hope iPass has perfected its pleading email template: "Dearest Carrier, have you considered...?" Full PR after the break.
RSA SecureID hackers may have accessed Lockheed Martin trade secrets, cafeteria menus (update: no data compromised)
RSA SecureID dongles add a layer of protection to everything from office pilates class schedules to corporate email accounts, with banks, tech companies, and even U.S. defense contractors using hardware security tokens to protect their networks. Following a breach at RSA in March, however, the company urged clients to boost other security methods, such as passwords and PIN codes, theoretically protecting networks from hackers that may have gained the ability to duplicate those critical SecureIDs. Now, Lockheed Martin is claiming that its network has come under attack, prompting RSA to issue 90,000 replacement tokens to Lockheed employees. The DoD contractor isn't detailing what data hackers may have accessed, but a SecureID bypass should clearly be taken very seriously, especially when that little keychain dongle is helping to protect our national security. If last month's Sony breach didn't already convince you to beef up your own computer security, now might be a good time to swap in 'Pa55werD1' for the rather pathetic 'password' you've been using to protect your own company's trade secrets for the last decade. [Thanks to everyone who sent this in] Update: According to Reuters, Lockheed Martin sent out a statement to clarify that it promptly took action to thwart the attack one week ago, and consequently "no customer, program or employee personal data has been compromised." Phew! [Thanks, JD]
RIFT bringing out a new authentication service today - but not yet
Authenticators are one of the most popular forms of account security around, giving players an extra layer of defense against hackers and keyloggers. RIFT has been dealing steadily with account security issues since launch, so the upcoming authenticator service is no surprise to players. Using a digital authenticator service, players will very soon be able to use their Android mobile devices for authentication services -- but carefully note the "soon," as the service isn't yet ready for prime time. Currently, using the authenticator will prevent players from logging in, as the code for using said authentication isn't yet in place. A new launcher will be put into place for the game later today, allowing players with Android devices use of the authentication service. While the current release is only for the Android platform, code for the iOS is being finalized, meaning that iPhone and iPad users won't be left out in the cold. So if you're playing RIFT and want to have a little more random number to go with your login, you'll soon be able to do just that. (But not quite yet.) [Thanks to Puremallace for the tip!]
Player identifies "huge security hole" in RIFT's authentication system, Trion seals it
Hacking and account hijacking have been severe issues for RIFT ever since launch, even though Trion Worlds anticipated the onslaught from the beginning. Yesterday we saw Trion implement the so-called Coin Lock patch to prevent hackers from selling other players' items in-game, which some see as a novel (partial) solution to the problem. However, this may not be enough to stop the truly malicious invaders from getting into RIFT accounts. One player, identified as "ManWitDaPlan" on the forums, claims to have circumvented the account login completely, leaving a "huge security hole" for hackers to exploit: "I have verified the authentication system can be bypassed by successfully logging into another account without needing its credentials. Worse, all it took was about thirty seconds of time once I got all of the details locked down. I did trigger Coin Lock, but I was fully able to access that handy delete-character button, so this exploit is a griefer's dream. I will not post details on how to do this (so don't ask), but I'm positive that I can reproduce this at will and likely on any account on the system." Later in the thread, a Trion representative added: "We have some things in the works right now and have been passing on your feedback, concerns, and thoughts throughout the day (no matter how radical or unlikely). Sharing sensitive information about our actions (no matter how broad) naturally also informs those carrying out these attacks. This puts us in a tight spot with how much information we can provide, and the questions we can answer." And it looks as though the problem may be fixed, as ManWitDaPlan posted late last night: "Got word back from Steve Chamberlin, the development lead for Rift. This hole is sealed."
RSA hacked, data exposed that could 'reduce the effectiveness' of SecurID tokens
If you've ever wondered whether two-factor authentication systems actually boost security, things that spit out pseudorandom numbers you have to enter in addition to a password, the answer is yes, yes they do. But, their effectiveness is of course dependent on the security of the systems that actually generate those funny numbers, and as of this morning those are looking a little less reliable. RSA, the security division of EMC and producer of the SecurID systems used by countless corporations (and the Department of Defense), has been hacked. Yesterday it sent out messages to its clients and posted an open letter stating that it's been the victim of an "advanced" attack that "resulted in certain information being extracted from RSA's systems" -- information "specifically related to RSA's SecurID two-factor authentication products." Yeah, yikes. The company assures that the system hasn't been totally compromised, but the information retrieved "could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack." RSA is recommending its customers beef up security in other ways, including a suggestion that RSA's customers "enforce strong password and pin policies." Of course, if security admins wanted to rely on those they wouldn't have made everyone carry around SecurID tokens in the first place. [Thanks to everyone who sent this in]
Microsoft's OneVision Video Recognizer can detect, identify, and track your face on video... so smile!
Here's your classic case of "just because you can, doesn't mean you should." Microsoft's Innovation Labs have just demonstrated a OneVision Video Recognizer algorithm that's powerful enough to perform face detection duties on a running video feed. It can recognize and track humanoid visages even while they're moving, accept tags that allow auto-identification of people as they enter the frame, and can ultimately lead to some highly sophisticated video editing and indexing via its automated information gathering. Of course, it's that very ease with which it can keep a watchful eye on everyone that has us feeling uneasy right now, but what are you gonna do? Watch the video after the break, that's what.
AT&T goes live with Encrypted Mobile Voice, kills your dreams of breaking into Pelosi's social circle
AT&T told us back in July that it was fixing to launch the first carrier-provided two factor encryption service, and it seems that today's the day. The day it goes live, we mean. At any rate, the company's Encrypted Mobile Voice service is reportedly active, and it's already providing "high-level security features for calls on the AT&T wireless network." Of course, none of this fancy security is meant for simpletons like us -- instead, it's targeting government agencies, law enforcement organizations, financial services institutions and international businesses. We're told that the tech combines KoolSpan's TrustChip and SRA International's One Vault Voice, with the former being a microSD card and the latter being a software layer. Currently, it only plays nice with BlackBerry and Windows Phones, but until we see Biden bust out a Bravo, we'll assume the lack of Android support isn't "a big flipping deal."
HTC Peep cooked, served a l'orange by Twitter's new authentication scheme (update: fixed?)
It's been known for some time that Twitter would be moving away from basic authentication to OAuth for third-party apps; in fact, they'd already officially pushed back the drop-dead switchover date once to mid-August before finally pulling the plug this week. Be that as it may, it makes sense that a bunch of lesser-known, less-maintained apps would fall by the wayside once the old security mechanism got shut down -- but HTC's Peep? Really? Sure enough, we've been able to confirm on our own Desire that the Twitter app HTC bundles with its Sense UI for Android is no longer working this morning, giving users an "incorrect username or password" error when they try to connect. We're not sure if they'll be able to fix this with a Market update across the board or if it'll take a bunch of firmware updates to get everyone back on the up and up, but either way, something tells us Twitter isn't going to flip the switch back on for these guys. Update: We can't say for certain whether Peep's working properly now, a few days later, but our Froyo-filled Droid Incredible (and those of several tipsters) seem to be displaying tweets just fine, and Twitter itself reports that it recently fixed an issue with Peep, Moto Blur and a variety of other third-party Twitter clients. [Thanks to everyone who sent this in]
T-Mobile UK quietly retracts Pulse's buggy 2.1 update, Huawei says it was non-final anyway
Remember T-Mobile's money-saving, finger-friendly Pulse? You know, the Huawei Android handset that received a 2.1 update in Hungary back in May? Earlier this month (on the 6th, to be precise), said phone's British counterpart also received its share of cream-filled pastry, but perhaps one with cream gone sour. How so? T-Mobile UK didn't explain when it quietly pulled the plug shortly afterwards, but some users were reporting problems with SMS and 802.11x enterprise WiFi authentication. Pretty serious stuff, especially for the former. A few developers from MoDaCo got in touch with us as they struggled to get a reply from T-Mobile about the retraction, which got us curious. After all, a working 2.1 update would make the Pulse -- now priced at £99 ($153) on pay and go -- a pretty good buy, so we tweeted the carrier on Tuesday for an update. Coincidentally, the next day T-Mobile finally caved in and let loose on what happened: "After receiving feedback on the recent T-Mobile Pulse Android 2.1 software update we've decided to suspend it temporarily. We're working with the phone's makers on an updated version which is expected in October." Yikes. But just you wait -- read on for the juicy part.
Nokia N900 does real-time face tracking for verification (video)
In a world where smartphone unlock patterns and PINs can be easily gleaned from display muck, and computer passwords can be deciphered from the telltale audible clicks of the keyboard, it's any wonder that research is funded for alternative identity verification schemes. One promising technology is face verification -- technology we've already seen implemented in webcams, laptops, and more recently, Microsoft's Kinect for Xbox 360. Where we haven't seen it broadly deployed is in the easy-to-lose smartphone, at least not with the level of sophistication achieved by the University of Manchester (UK). Using an N900, the research team developed a prototype that quickly locks and tracks 22 facial features in real time (even when upside down) using the Nokia's front-facing camera. The Active Appearance modeling technique was developed for the EU-funded Mobile Biometrics (MoBio) project as a means of using face verification to authenticate smartphone access to social media sites. Unfortunately, there's no mention of how long Manchester's face-verified login actually takes. Nevertheless, the video, apparently shot in a steam room full of hot man smudge, is worth a peep after the break.
Germany slapping RFID tags on its populace for the sake of brisker bureaucracy
ID cards and RFID tags are similar in one key respect: they get a lot of bad press -- one for constricting civil liberties, the other for being a lousy security risk -- and yet are widely used around the world. It's fitting, therefore, that Germany has decided to marry the two for the latest version of its own personalausweis. Dutch company NXP has begun production of the requisite RFID chips for these new slices of plastic, which will roll out from the beginning of November this year. The Deutsch state sees a vastly expanded role for the modernized cards, including validating your identity for online shopping and communicating with your local authority (e-government, they call it). And, of course, your biometric data is loaded onto the chip as well, just to make things nice and neat. You know, we remember the good old days when identity theft used to be hard.
AT&T Encrypted Mobile Voice to bring extra security to Obama's BlackBerry calls
Yeah, we know that the Prez was once seen rocking a Verizon-branded BlackBerry 8830, but just bend your mind a bit and bear with us. Shortly after lighting up Wall Street with an exceedingly excellent quarterly earnings report, AT&T has announced an Encrypted Mobile Voice service that'll hit later in the year. Assuming Obama actually does own an AT&T-branded 'Berry, he'll soon be able to enjoy what AT&T calls "the first mobile-to-mobile voice encryption solution using two-factor authentication offered by a US operator." Said service is expected to provide a higher level of security for calls across the AT&T wireless network, and naturally, it'll be shopped to government agencies, law enforcement organizations, financial services institutions and international businesses, all of which will pay far too much for what's likely a false sense of security. We mean, haven't these guys ever seen 24?
Ventrilo vs. Mumble
"What's your Vent info?" is as ubiquitous as "What's your GearScore?" Voice chat programs are a fact of WoW life, and by all means Ventrilo dominates the market. After five years of using Ventrilo, I say it's time to change to something better. One of the most common questions I get from the show Big Crits is "what's the mod that shows who's talking in Vent?" It's actually not a mod, and in fact it's not even Ventrilo. Big Crits uses Mumble, a low latency VOIP program for gaming. It's mostly unknown in WoW, as Ventrilo clearly dominates voice chat in our world. Mumble is perhaps better known in FPS circles, where the low latency really gives it a competitive advantage. I started this article with every intention of making a pros-and-cons comparison between the two programs, but in truth, I had a hard time coming up with pros for Ventrilo. I'll run through features, but don't be surprised if you come out of this with a new perspective on voice chat options and a strong desire to switch to Mumble.
Aegis Bio grows to 640GB of fingerprint-protected storage
Apricorn specializes in the fine art of making people believe their data is worth stealing and charging them for the privilege of protecting it. Its Aegis Bio range has now been expanded, both in number and in capacity, as the former ceiling of 250GB has been lifted with the introduction of 320GB, 500GB and 640GB variants. The 2.5-inch external disk validates user identity with that handy fingerprint scanner on top before allowing access to the otherwise 128-bit encrypted precious stuff within it. Prices of the new models top out at $160 for the most voluminous one, making them thrifty enough to buy even if you don't need secret agent-level security -- which, let's face it, you don't. Full PR after the break.