Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Apple Pay Ups Payment Security But PoS Threats Remain
Newest First  |  Oldest First  |  Threaded View
<<   <   Page 3 / 3
Technocrati
Technocrati,
User Rank: Ninja
9/11/2014 | 9:13:36 PM
Re: Note quite 3-factor authentication ...

@Some Guy   I have to wonder about this finger print authentication.   How  does this work exactly in a global sense  ?    Is there a database with endless numbers of scanned fingerprints in it ?   

 

Sounds funny but  I bet I am not too far off.

Technocrati
Technocrati,
User Rank: Ninja
9/11/2014 | 9:09:49 PM
Apple creates De Facto Standard ?

Really found this subject to be a very fascinating read Sarah.  With Apple jumping head first into the mobile payments arena - I was really interested in see how they expect to pull this off.  Otherwise it is a headache not many wanted to deal with until Apple decided to get out in front of this.

This token system is a good idea, but it too as you mention will be compromised as well by hackers in time.  But I guess the industry had to start somewhere - and it is an improvement over magnetic cards ...etc.  

I am not so sure I particularly like using my phone for purchases - though I pay bills occasionally but for the most part I don't want to use my phone for transactions.  I may be in the minority here - as I do not have an iPhone either.

My question is who is governing this new method of payment transmission ?   The FTC ?  Seems to me Apple just created a de facto standard ?

Some Guy
Some Guy,
User Rank: Moderator
9/11/2014 | 11:10:02 AM
Note quite 3-factor authentication ...
"If you use both a passcode and a fingerprint to secure your device, then every purchase you make uses the authentication trifecta: something you know (the passcode), something you have (the device), and something you are (the fingerprint)."

So it's close but not quite 3-factor authentication, because it doesn't require all three at the same time. Simply possessing the device while it's still unlocked and keeping it unlocked allows you to operate it in 1-factor mode at NFC terminals ... forever. Any pickpocket worth his salt can do that.
<<   <   Page 3 / 3


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Creating an Effective Incident Response Plan
Security teams are realizing their organizations will experience a cyber incident at some point. An effective incident response plan that takes into account their specific requirements and has been tested is critical. This issue of Tech Insights also includes: -a look at the newly signed cyber-incident law, -how organizations can apply behavioral psychology to incident response, -and an overview of the Open Cybersecurity Schema Framework.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-43705
PUBLISHED: 2022-11-27
In Botan before 2.19.3, it is possible to forge OCSP responses due to a certificate verification error. This issue was introduced in Botan 1.11.34 (November 2016).
CVE-2022-45934
PUBLISHED: 2022-11-27
An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets.
CVE-2022-45931
PUBLISHED: 2022-11-27
A SQL injection issue was discovered in AAA in OpenDaylight (ODL) before 0.16.5. The aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/UserStore.java deleteUser function is affected when the API interface /auth/v1/users/ is used.
CVE-2022-45932
PUBLISHED: 2022-11-27
A SQL injection issue was discovered in AAA in OpenDaylight (ODL) before 0.16.5. The aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/RoleStore.java deleteRole function is affected when the API interface /auth/v1/roles/ is used.
CVE-2022-45933
PUBLISHED: 2022-11-27
KubeView through 0.1.31 allows attackers to obtain control of a Kubernetes cluster because api/scrape/kube-system does not require authentication, and retrieves certificate files that can be used for authentication as kube-admin. NOTE: the vendor's position is that KubeView was a &quot;fun side proj...