authentication

automotive, ECS, IoT, News July 7, 2023

Strengthening the Security of Embedded Devices

Embedded devices are specialized computing systems designed to perform specific tasks or functions within a larger system. Unlike general-purpose computers, embedded devices are typically integrated into other devices or systems and are dedicated to carrying out a specific set of functions. They are often characterized by their compact size, low power consumption, and optimized performance for their intended application. Embedded devices can be found in various domains and industries, including consumer electronics, automotive, healthcare, industrial automation, telecommunications, and IoT (Internet of Things). Examples of embedded devices include: Smartphones and tablets: These devices integrate multiple functionalities such as communication, multimedia, and internet access into a portable form factor. Home appliances: Devices like refrigerators, washing machines, and thermostats may contain embedded systems that control their operations and offer smart features. Industrial control systems: Embedded devices are widely used in manufacturing plants and industrial environments to monitor and control processes, machinery, and equipment. Automotive systems: Embedded devices are essential components in modern vehicles, managing functions such as engine control, entertainment systems, safety features, and navigation. Medical devices: Embedded systems are utilized in various medical equipment, such as patient monitoring devices, implantable devices, and diagnostic tools. IoT devices: These are interconnected devices that gather,…

security, security breach, Spam & Phishing June 13, 2016

How clever social engineering can overcome two-factor authentication… or not?

If you have a Google account you must have two-factor authentication enabled in order to prevent anyone to use your account by just having your username and password. If you don’t know how to do that, check my free eBook here. 2FA requires something that you know (username and password) and something that you have (smartphone) in order to allow access to your account.Unless somebody gets all of them, they simply can’t steal your account. Until now… Alex MacCaw has published screenshots from a new scam appeared that is targeting Google users who have two-factor authentication enabled (2FA). It works like this: You receive an SMS pretending to come from Google requesting you to reply via SMS immediately with the code you receive from the real Google. Or, if you were not convinced, there is even a better version available:   I will try to hack my own GMAIL account, just to see how hard it is.   This is how Google tries to help to get your password reset: Select option 1 2. Select a recovery email address to receive a code: 3. Click on “Verify your identity” above Whoa… I don’t remember the second one …  But the first one is definitely…

No Image

security, security breach October 14, 2014

Dropbox hacked?

You probably have read on news portals that Dropbox was hacked and that some user accounts were compromised. Here is the alleged list of leaked user information. Dropbox is saying that the data is not valid. Apparently, Dropbox was not hacked. The company is clearly stating this on their blog. Recent news articles claiming that Dropbox was hacked aren’t true. Your stuff is safe. The usernames and passwords referenced in these articles were stolen from unrelated services, not Dropbox. Attackers then used these stolen credentials to try to log in to sites across the internet, including Dropbox. We have measures in place to detect suspicious login activity and we automatically reset passwords when it happens. Attacks like these are one of the reasons why we strongly encourage users not to reuse passwords across services. For an added layer of security, we always recommend enabling 2 step verification on your account.   I can only confirm and support this suggestion. In the “Improve your security” free eBook is explained how to enable two-factor authentication for several services, including Dropbox and Google Mail.  

No Image

raspberry pi, security April 9, 2013

Enable two-factor authentication for the SSH on your Raspberry PI

I am a big fan of RPi and I allowed one of my RPis (I have 3) to be accessible from the Internet via SSH. But, I was stressed because somebody might do a DoS on my device with the intent to hack into it and this way would prevent me to access it. So, wanting to secure it, I researched a bit how to enable two-factor authentication for SSH. I don’t want expensive SMS services, actually I don’t want to pay anything at all. I found some great tutorials on the net, and here is my take on how to enable this great service via Google’s open-source Authenticator. Google provides the necessary software to integrate Google Authenticator’s (GA) time-based one-time password (TOTP) system. You can couple GA with an SSH server. After this, you’ll have to enter the code from your phone when you connect additional to the username and password. GA doesn’t connect to Google as far as I can see in the code https://code.google.com/p/google-authenticator/. You will have to use the PAM module which is available in Raspbian’s repository. The PAM module can add a two-factor authentication step to any PAM-enabled application. It supports: Per-user secret and status file…

%d bloggers like this: