Yahoo Japan has revealed that it plans to go passwordless, and that 30 million of its 50 million monthly active users have already stopped using passwords in favor of a combination of FIDO and TXT messages.
A case study penned by staff from Yahoo Japan and Google's developer team, explains that the company started work on passwordless initiatives in 2015 but now plans to go all-in because half of its users employ the same password on six or more sites.
The web giant also sees phishing as a significant threat, and has found that a third of customer inquiries relate to lost credentials.
“From a security perspective, eliminating passwords from the user authentication process reduces the damage from list-based attacks, and from a usability perspective, providing an authentication method that does not rely on remembering passwords prevents situations where a user is unable to login because they forgot their password,” the case study states.
Yahoo Japan's replacement is either authentication by one-time codes sent by SMS, or the Fast Identity Online (FIDO) standard.
When using SMS, the company is fond of using techniques that allow Apple’s iOS and Google’s Chrome browser to read and enter incoming one-time passwords so that users have nothing to do to arrange authentication.
Users are encouraged to use authenticator apps that work with FIDO and WebAuthn, with one-time codes generated on the device used to access Yahoo Japan.
“The greatest difficulty for offering passwordless accounts is not the addition of authentication methods, but popularizing the use of authenticators,” the case study states. User experience is therefore paramount.
Yahoo Japan has therefore used tricky moments to promote adoption – when users sign up for services like e-commerce that have high fraud potential, or reset forgotten passwords, they receive suggestions to adopt authentication methods that are more secure and easier to use.
Users are encouraged to use the same authentication method on all their devices, but Yahoo ! Japan recognizes that’s not easy or possible for all, and so will tolerate mixed methods. The company also envisages operating multiple methods for the foreseeable future.
The company’s efforts have worked, in two dimensions.
“The percentage of inquiries involving forgotten login IDs or passwords has decreased by 25 percent compared to the period when the number of such inquiries was at its highest,” the case study explains. Yahoo Japan has also seen a decline in unauthorized access as its number of passwordless accounts rises. ®
AI will completely automate the network within five years, Juniper CEO Rami Rahim boasted during the company’s Global Summit this week.
“I truly believe that just as there is this need today for a self-driving automobile, the future is around a self-driving network where humans literally have to do nothing,” he said. “It's probably weird for people to hear the CEO of a networking company say that… but that's exactly what we should be wishing for.”
Rahim believes AI-driven automation is the latest phase in computer networking’s evolution, which began with the rise of TCP/IP and the internet, was accelerated by faster and more efficient silicon, and then made manageable by advances in software.
Astronomers have captured a clear image of the gigantic supermassive black hole at the center of our galaxy for the first time.
Sagittarius A*, or Sgr A* for short, is 27,000 light-years from Earth. Scientists knew for a while there was a mysterious object in the constellation of Sagittarius emitting strong radio waves, though it wasn't really discovered until the 1970s. Although astronomers managed to characterize some of the object's properties, experts weren't quite sure what exactly they were looking at.
Years later, in 2020, the Nobel Prize in physics was awarded to a pair of scientists, who mathematically proved the object must be a supermassive black hole. Now, their work has been experimentally verified in the form of the first-ever snap of Sgr A*, captured by more than 300 researchers working across 80 institutions in the Event Horizon Telescope Collaboration.
A Tor-hidden website dubbed the Eternity Project is offering a toolkit of malware, including ransomware, worms, and – coming soon – distributed denial-of-service programs, at low prices.
According to researchers at cyber-intelligence outfit Cyble, the Eternity site's operators also have a channel on Telegram, where they provide videos detailing features and functions of the Windows malware. Once bought, it's up to the buyer how victims' computers are infected; we'll leave that to your imagination.
The Telegram channel has about 500 subscribers, Team Cyble documented this week. Once someone decides to purchase of one or more of Eternity's malware components, they have the option to customize the final binary executable for whatever crimes they want to commit.
A Ukrainian man has been sentenced to four years in a US federal prison for selling on a dark-web marketplace stolen login credentials for more than 6,700 compromised servers.
Glib Oleksandr Ivanov-Tolpintsev, 28, was arrested by Polish authorities in Korczowa, Poland, on October 3, 2020, and extradited to America. He pleaded guilty on February 22, and was sentenced on Thursday in a Florida federal district court. The court also ordered Ivanov-Tolpintsev, of Chernivtsi, Ukraine, to forfeit his ill-gotten gains of $82,648 from the credential theft scheme.
The prosecution's documents [PDF] detail an unnamed, dark-web marketplace on which usernames and passwords along with personal data, including more than 330,000 dates of birth and social security numbers belonging to US residents, were bought and sold illegally.
David Harville, eBay's former director of global resiliency, pleaded guilty this week to five felony counts of participating in a plan to harass and intimidate journalists who were critical of the online auction business.
Harville is the last of seven former eBay employees/contractors charged by the US Justice Department to have admitted participating in a 2019 cyberstalking campaign to silence Ina and David Steiner, who publish the web newsletter and website EcommerceBytes.
Former eBay employees/contractors Philip Cooke, Brian Gilbert, Stephanie Popp, Veronica Zea, and Stephanie Stockwell previously pleaded guilty. Cooke last July was sentenced to 18 months behind bars. Gilbert, Popp, Zea and Stockwell are currently awaiting sentencing.
Just as costs for some components have started to come down, TSMC and Samsung, the two largest contract chip manufacturers in the world, are reportedly planning to increase prices of production, which may affect Nvidia, AMD, Apple, and others that rely on the foundries.
Reports emerged earlier this week stating that Taiwan-based TSMC is planning price hikes in the single-digit percentages for legacy and advanced chip manufacturing technologies next year. Citing industry sources, Nikkei reported that the price hike will be around five to eight percent.
On Friday Bloomberg reported that South Korea's Samsung is planning to raise prices for chip designers by 15-20 percent this year, citing industry sources. Legacy nodes will be hit hardest, and the new pricing will come into effect in the second half of the year.
Finnish open-source-as-a-service provider Aiven received $210 million in funding this week, adding $1 billion to its nominal valuation in just nine months.
The Series D cash injection – led by Eurazeo, and joined by funds and accounts managed by BlackRock as well as existing investors IVP, Atomico, Earlybird, World Innovation Lab, and Salesforce Ventures – follows $60 million Series C funding which valued the firm at $2 billion.
The latest investment round values the company at $3 billion. It's remarkable considering it only supports open-source software and was worth $800 million when it got its first $100 million tranche of Series C funding in March last year.
Black Hat Asia Software made unsafe by dependencies should be fixed without users needing to interact with the source of the problem, according to US National Cyber Director Chris Inglis, who serves in the Executive Office of the President.
Speaking to The Register at the Black Hat Asia conference in Singapore on Friday, Inglis said that when a faulty component in a car needs to be replaced, the manufacturer who chose that component takes responsibility for securing safe parts and arranging their installation. He contrasted that arrangement with the fix for the Log4j bug, which required users to seek assistance from both vendors that used the open-source logging code and source software from the Log4j project itself.
Inglis wants vendors to take responsibility for their choices so that addressing security issues is easier and users' systems – and the US – can achieve better resilience with less effort.
Memory and storage maker Micron Technology has revealed a new business model intended to address the volatility in the memory market that has resulted in sharp swings in pricing over the past several years.
Revealed at Micron's Investor Day 2022 event, the new forward pricing agreements enable a Micron customer to sign a multi-year deal that guarantees them a supply of memory at a predictable price that follows the cost reduction that the chipmaker sees during the lifecycle of a particular product.
Micron's chief business officer Sumit Sadana told Investor Day attendees that the chipmaker has already signed up an unnamed volume customer to one of the new agreements, which the company is currently trying out to see whether it delivers on the expected benefits.
Almost nine in 10 organizations that have suffered a ransomware attack would choose to pay the ransom if hit again, according to a new report, compared with two-thirds of those that have not experienced an attack.
The findings come from a report titled "How business executives perceive ransomware threat" by security company Kaspersky, which states that ransomware has become an ever-present threat, with 64 percent of companies surveyed already having suffered an attack, but more worryingly, that executives seem to believe that paying the ransom is a reliable way of addressing the issue.
The report, available here, is based on research involving 900 respondents across North America, South America, Africa, Russia, Europe, and Asia-Pacific. The respondents were in senior non-IT management roles at companies between 50 and 1,000 employees.
Black Hat Asia Cyber war has become an emerged aspect of broader armed conflicts, commencing before the first shot is fired, cybersecurity expert Kenneth Geers told the audience at the Black Hat Asia conference on Friday.
"Peacetime in cyberspace is a chaotic environment," said Geers, who has served as a visiting professor at Kiev National Taras Shevchenko University, represented the US government at NATO, and held senior roles at the National Security Agency. "A lot of hacking has to be done in peacetime."
Geers said the Russia-Ukraine war demonstrates how electronic and kinetic conflicts interact. Ahead of the Ukraine invasion, Russia severed network cables, commandeered satellites, whitewashed Wikipedia, and targeted military ops via mobile phone geolocations.
The Register - Independent news and views for the tech community. Part of Situation Publishing
Biting the hand that feeds IT © 1998–2022