Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

Do you use Chrome? And have a Google account? And use 2 Factor Authentication? You may want a “security key”

October 28th 2014 in safety and privacy on the Internet, Security

https://support.google.com/accounts/answer/6103523

“If you use 2-Step Verification, you can choose Security Key as your primary method, instead of having verification codes sent to your phone. With Security Key, there’s no looking at codes and re-typing―you simply insert your Security Key into your computer’s USB port when asked.”

Yes, you have to make sure you don’t lose your USB key.  But, what happens if you lose your key? Well, you can enter a normal Verification Code at any time.  And, Google says:

Is my account safe if I lose my Security Key?
Your Security Key has no record of your accounts. Somebody who finds the Security Key cannot query it for the accounts it contains, because it doesn’t store this information. All the Security Key can do is to answer a challenge from an account that it has been previously registered to. A lost Security Key is useful to the finder if only he/she also knows the username and the password for the Google Accounts where the Security Key has been registered. It is similar to losing a house key on the street — it is useful to the finder only if he/she can somehow guess which house the key belongs to.”


Comments are closed.

A New York based tech support scam business made $2,500,000 in the past two-and-a-half years. Is it any wonder those ‘your computer is infected’ phone calls are increasing?  The company in question also purchased deceptive ads online that led consumers to believe they were calling the technical support line for legitimate companies.

The defendants are Pairsys, Inc., Uttam […]

Previous Entry

Incident reported on 22 October 2014.  Cite: http://www.proofpoint.com/threatinsight/posts/malware-in-ad-networks-infects-visitors-and-jeopardizes-brands.php

“Without having to click on anything, visitors to the impacted websites may be stealthily infected with the CryptoWall 2.0 ransomware. Using Adobe Flash, the malvertisements silently “pull in” malicious exploits from the FlashPack Exploit Kit. The exploits attack a vulnerability in the end-users’ browser and install CryptoWall 2.0 on […]

Next Entry

Archives