PayPal's two-factor authentication easily beaten, researcher says

---------- Forwarded message ----------
From: "Network World Daily News AM Alert" <nww_newsletters@newsletters.networkworld.com>
Date: Aug 5, 2014 8:15 AM
Subject: PayPal's two-factor authentication easily beaten, researcher says
To: <aquarianm@gmail.com>
Cc:

Exposed: An inside look at the Magnitude Exploit Kit Telefónica bids $9B to acquire Brazilian telecom operator Network World Daily News AM August 05, 2014 Share this email PayPal's two-factor authentication easily beaten, researcher says A security feature offered by PayPal to help prevent accounts from being taken over by hackers can be easily circumvented, an Australian security researcher has found.PayPal users can elect to receive a six-digit passcode via text message in order to access their accounts. The number is entered after a username and password is submitted.The security feature, known as two-factor authentication, is an option on many online services such as Google and mandatory on many financial services websites for certain kinds of high-risk transactions. Since the code is sent offline or generated by a mobile application, it is much more difficult for hackers to intercept although by no means impossible.To read this article in full or to leave a comment, please click here READ MORE   Issue highlights 1. Exposed: An inside look at the Magnitude Exploit Kit 2. Telefónica bids $9B to acquire Brazilian telecom operator 3. Symantec, Kaspersky deny government ban in China 4. The Linux desktop-a-week review: MATE 5. 'Unusual uptick' in attacks on media, publishing, Cisco says 6. LinkedIn pays almost $6M for wage law violations 7. Storage maker builds fast SSD to prepare for life after NAND flash 8. Web acceleration protocol nears completion 9. How NOT to handle negative online reviews 10. Gates cashes out another 20M Microsoft shares for $882M 11. PF Chang's hack hit 33 restaurants for 8 months 12. New products of the week 08.04.2014 WHITE PAPER: OutSystems Kick Start Your Mobile Strategy It's time to kick start your mobile application strategy. • Why go mobile? • What are the three primary mobile application types? • What type of app should you build first? • How to get started, really fast! Read Now Exposed: An inside look at the Magnitude Exploit Kit LAS VEGAS (Black Hat USA) - Researchers at Trustwave have provided CSO with an inside look at the Magnitude Exploit Kit's infrastructure.Linked to attacks against PHP.net and Yahoo, this kit has gone from obscurity to a certified threat in a short amount of time, while generating more than $60,000 USD per week in income.+ ALSO ON NETWORK WORLD Black Hat 2014: How to crack everything +Malware-as-a-Service: Crime Kits are a way for Web-based criminals to automate their business. Some kits focus on malware alone, enabling total control over delivery and management. Others focus on controlling traffic, making them perfect for advertising fraud and Black Hat SEO operations; but at the same time, they can also be used to drive traffic to the third type of kit – exploit kits.To read this article in full or to leave a comment, please click here READ MORE Telefónica bids $9B to acquire Brazilian telecom operator Telefónica has submitted an offer for Brazilian telecom operator GVT (Global Village Telecom) worth €6.7 billion (US$9 billion), as it seeks to build up its business in Brazil by integrating mobile and fixed broadband with pay-TV services.The Spanish operator's plan is to acquire the operator from its current owner, French media and telecom company Vivendi, and merge it with Telefónica Brasil. A combination of Vivo, the brand Telefónica uses in Brazil, and GVT would create the largest telecom operator in Latin America's largest market, the company said.To read this article in full or to leave a comment, please click here READ MORE Symantec, Kaspersky deny government ban in China Symantec and Kaspersky Lab are both denying that China has banned their products, amid media reports that the country is shutting out foreign security vendors from selling to government agencies.Both companies are not listed among the approved anti-virus vendors with the country's central government procurement center, leaving only domestic security providers. This prompted reports to suggest that China had excluded both Symantec and Kaspersky Lab as a way to curb the use of foreign technology.But despite the exclusion, U.S.-based Symantec said on Tuesday its products could still be sold to the Chinese government."It is important to note that this list is only for certain types of procurement and Symantec products are not banned by the Chinese government," the company said in an email. "We are investigating this report and will continue to bid for and win governments projects in China."To read this article in full or to leave a comment, please click here READ MORE The Linux desktop-a-week review: MATE I've been running MATE as my one and only environment for the last week. And boy howdy, do I have an opinion. READ MORE WHITE PAPER: Polycom Gartner MarketScope for Group Video Systems The Gartner "MarketScope for Group Video Systems" evaluates 7 group video system vendors based on 6 customer-focused criteria such as customer experience, market responsiveness and track record, and offering strategy. The report offers guidance for IT leaders who want to start or expand the use of video collaboration within their organizations. Learn more >> 'Unusual uptick' in attacks on media, publishing, Cisco says In its semi-annual threat report out today, Cisco points to an "unusual uptick" in attacks on media and publishing, putting that sector the top target for malware.For the first half of 2014, media and publishing sites had the dubious distinction of being in first place in terms of visitors being at risk for malware, sometimes because the sites were serving up "malvertising" instead of advertising. Malvertising often works by trying to re-direct browsers through methods such as iFrame attacks to force them to links elsewhere, says Levi Gundert, technical lead for Cisco's threat research, analysis and communications group.MORE ON NETWORK WORLD: Free security tools you should try "Criminals like re-directing traffic from media and publishing sites because they are high volume," Gundert says. Criminals, by paying for ads, are exploiting the highly-automated advertising exchanges to accept ads that contain carefully coded elements such as iFrame attacks and JavaScript that the exchanges themselves are not detecting and may not have the means to do so. So far, the industry hasn't come to terms with the significance of the scale of these attacks, but Cisco is hoping it will adopt proactive protections.To read this article in full or to leave a comment, please click here READ MORE LinkedIn pays almost $6M for wage law violations Professional networking company LinkedIn agreed to pay close to US$6 million in overtime back wages and damages to employees at its branches in California, Illinois, Nebraska and New York, the U.S. Department of Labor said Monday.The payments to 359 former and current employees were made after LinkedIn was found to have violated overtime and record-keeping provisions under the federal Fair Labor Standards Act, which prescribes minimum wage, overtime pay, record keeping and youth employment standards for employees in the private sector and in government.LinkedIn agreed to pay the overtime back wages and take steps to prevent repeat violations, including providing compliance training to relevant employees and their managers, the Labor Department said in a statement. Its investigators found the company did not record, account and pay for all hours worked in a work-week.To read this article in full or to leave a comment, please click here READ MORE Storage maker builds fast SSD to prepare for life after NAND flash Storage technologies much faster than NAND flash aren't expected to reach most smartphones and data centers for years, but preparations are already underway in order to make the most of them when they arrive.Western Digital's HGST subsidiary is demonstrating one advance in that effort this week, showing what it calls the world's fastest SSD (solid-state drive) at the Flash Memory Summit in Santa Clara, California.The device, which can be plugged into a server's PCIe slot like any SSD, isn't a new storage product but a platform for demonstrating a low-latency interface that the company developed with future solid-state media in mind. It implemented the experimental communications protocol in a Linux driver on the server and in the SSD's embedded software.To read this article in full or to leave a comment, please click here READ MORE Web acceleration protocol nears completion When it comes to speeding up Web traffic over the Internet, sometimes too much of a good thing may not be such a good thing at all.The Internet Engineering Task Force is putting the final touches on HTTP/2, the second version of the Hypertext Transport Protocol (HTTP). The working group has issued a last call draft, urging interested parties to voice concerns before it becomes a full Internet specification.Not everyone is completely satisfied with the protocol however."There is a lot of good in this proposed standard, but I have some deep reservations about some bad and ugly aspects of the protocol," wrote Greg Wilkins, lead developer of the open source Jetty server software, noting his concerns in a blog item posted Monday.To read this article in full or to leave a comment, please click here READ MORE WHITE PAPER: RES Software Automation for a Better Tomorrow Check out the five most common annoyances facing enterprise IT service desks today, and how automation can resolve all of them. Download the white paper Learn more How NOT to handle negative online reviews Bad online reviews can bury a business, but netizens do not react well when free speech is threatened. When a business such as the Union Street Guest House hotel adds in hefty fines as the penalty for negative reviews, it can end up becoming one the most hated hotels online. READ MORE Gates cashes out another 20M Microsoft shares for $882M Holdings drop under 300-million-share mark for the first time as sales plan continues READ MORE PF Chang's hack hit 33 restaurants for 8 months The hack of credit-card-processing terminals at PF Chang's hit 33 of the company's locations across the U.S. and continued for around eight months, the company said Monday.The restaurant chain operator first disclosed a possible hack of its credit- and debit-card-processing system in mid-June, but Monday was the first time it detailed which of its restaurants had been hit.Eight locations had data stolen over an eight-month period from Oct. 19, 2013, until June 11, 2014. Data theft began at a second batch of eight restaurants on Feb. 21, and at another 15 restaurants on April 10, both ending on June 11. At two additional restaurants, theft began on Oct. 19, 2013, and ended on Oct. 26, 2013, and April 10, 2014, respectively.To read this article in full or to leave a comment, please click here READ MORE New products of the week 08.04.2014 Our roundup of intriguing new products from companies such as EMC and RSA. READ MORE WHITE PAPER: Red Hat Flying High on the Use of Red Hat Enterprise Linux Flybe was one of the 21 companies that were interviewed for quantitative results on their operations as part of an IDC ROI analysis. This case study presents the qualitative side of the company's success story. Read Now SLIDESHOWS Black Hat 2014: How to crack just about everything From cell phones and cars to IPv6 security researchers have turned their skills against a world of technology. JOIN THE NETWORK WORLD COMMUNITIES As network pros you understand that the value of connections increase as the number of connections increase, the so called network effect, and no where is this more evident than in professional relationships. Join Network World's LinkedIn and Facebook communities to share ideas, post questions, see what your peers are working on and scout out job applicants (or maybe find your next opportunity). Network World on Facebook Network World on LinkedIn MOST-READ STORIES of 2014 1. Why TCP/IP is on the way out 2. Most 'hackable' vehicles are Jeep, Escalade, Infiniti and Prius 3. 20 cool things you can do with a Raspberry Pi 4. Cisco revamps CCNP for IoT, other market transitions 5. How cellphone calling is going all Internet 6. 10 disturbing attacks at Black Hat USA 2014 7. Top 20 colleges for computer science majors, based on earning potential 8. 5 Big Data projects that could change your life 9. The best cities for landing top pay for your tech skills 10. Black Hat 2014: How to crack just about everything Follow Network World Share this email You are currently subscribed to networkworld_daily_news_alert as aquarianm@gmail.com. Unsubscribe from this newsletter | Manage your subscriptions | Subscribe | Privacy Policy Learn about INSIDER When accessing content promoted in this email, you are providing consent for your information to be shared with the sponsors of the content. Please see our Privacy Policy for more information. If you are interested in advertising in this newsletter, please contact: bglynn@cxo.com To contact Network World, please send an e-mail to customer_service@nww.com Copyright (C) 2014 Network World, 492 Old Connecticut Path, Framingham, MA 01701 ** Please do not reply to this message. To contact someone directly, send an e-mail to customer_service@nww.com. **