Application Security

8/29/2018
12:50 PM
50%
50%

Instagram Debuts New Security Tools

Updates include a new feature to verify the authenticity of popular accounts and a means of integrating two-factor authentication.

Instagram today announced three security updates intended to drive trust in the platform and lessen the likelihood of fraudulent, and potentially malicious, accounts influencing users.

First, the social networking app, which confirmed a security incident earlier this month, announced plans to help users evaluate the authenticity of large Instagram accounts. Via an "About This Account" menu item, users will be able to access data including the date the account joined Instagram, where it's located, accounts with shared followers, username changes in the past year, and any ads the account might be running.

Accounts with broad reach will be able to review this information in September before it reaches a global audience, said Instagram co-founder and CTO Mike Krieger, in a blog post.

In another update, Instagram – which typically lets large accounts (public figures, celebrities, global brands) verify their identities with a blue checkmark next to their usernames – has launched a new way to request verification. To do so, an account holder will have to access a verification request form within the app and provide a username, full name, and legal or business identification.

Finally, users will soon have the option to use third-party authenticator apps to access their accounts, according to Krieger. Setup can be done within the app; if you already use an authentication app on your phone, Instagram will automatically find it and send a login code.

Read more details here.

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
tomandreson
50%
50%
tomandreson,
User Rank: Apprentice
9/19/2018 | 6:32:13 PM
Pending Review
This comment is waiting for review by our moderators.
WebAuthn, FIDO2 Infuse Browsers, Platforms with Strong Authentication
John Fontana, Standards & Identity Analyst, Yubico,  9/19/2018
New Cold Boot Attack Gives Hackers the Keys to PCs, Macs
Kelly Sheridan, Staff Editor, Dark Reading,  9/13/2018
Yahoo Class-Action Suits Set for Settlement
Dark Reading Staff 9/17/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-17229
PUBLISHED: 2018-09-19
Exiv2::d2Data in types.cpp in Exiv2 v0.26 allows remote attackers to cause a denial of service (heap-based buffer overflow) via a crafted image file.
CVE-2018-17230
PUBLISHED: 2018-09-19
Exiv2::ul2Data in types.cpp in Exiv2 v0.26 allows remote attackers to cause a denial of service (heap-based buffer overflow) via a crafted image file.
CVE-2018-17231
PUBLISHED: 2018-09-19
** DISPUTED ** Telegram Desktop (aka tdesktop) 1.3.14 might allow attackers to cause a denial of service (assertion failure and application exit) via an "Edit color palette" search that triggers an "index out of range" condition. NOTE: this issue is disputed by multiple third par...
CVE-2018-17228
PUBLISHED: 2018-09-19
nmap4j 1.1.0 allows attackers to execute arbitrary commands via shell metacharacters in an includeHosts call.
CVE-2018-8889
PUBLISHED: 2018-09-19
A directory traversal vulnerability in the Connect Service of the BlackBerry Enterprise Mobility Server (BEMS) 2.8.17.29 and earlier could allow an attacker to retrieve arbitrary files in the context of a BEMS administrator account.