Search

Who Names Cyber Hurricanes?

Hurricanes get names (Harvey, Irma, Jose, Maria…) assigned alphabetically by the National Oceanic and Atmospheric Service (NOAA). Biologists name new species in peer-reviewed journals. Astronomers suggest names for stars and moons, but the International Astronomical Union (IAU) must approve them. The information security profession is less mature, although vulnerabilities in software and hardware products do get numeric identifiers. For example, a vulnerability announced this week in Intel processors was designated CVE-2017-5708. These Common Vulnerabilities and Exposures (CVE) identifiers are assigned by a trusted community and fed into the US National Vulnerability Database (NVD). Nume

Face to Face with Apple Face ID

Apple’s new iPhone X hit stores November 3rd. Its most talked about feature is Face ID. Instead of touching your finger to the phone to unlock it, just look at the camera and it recognizes your face. Face ID is more accurate than the old Touch ID. Does that mean it’s more secure? Taproot Security studied technical specs on Face ID and found potential vulnerabilities. I enumerated these in a private letter to Apple one month ago, along with ten recommendations to improve Face ID security. Apple thanked us politely but took no action. We can now go public. These are some of the issues we raised to Apple: iPhone X performs Face ID verification every time you pick it up and look at it. Th

NEED TO KNOW

ntkblog.org

a blog about cybersecurity

© 2020 Taproot Security

This site uses cookies for security.

Our cookies do not store personal information.