Security Roundup - 2016-02-26

Krebs mentions some increasingly sophisticated phone scams to Dell customers. These calls allegedly involve the caller correctly providing unique service tags of Dell equipment, as well as historical service records. Dell currently says their customer data has not been breached.

I think biometric security is a big miss, but that isn’t stopping HSBC from rolling out “Voice ID” to 15 million customers. Meanwhile, looks like the FBI could potentially use fingerprints of dead people to unlock devices.

Checking input is important! Even barcode scanners can be subject to string injection attacks.

Wordpress is the new botnet. Simple exploitation of the pingback XMLRPC command allows attackers to flood some target with HTTP requests.

Akamai is rolling out a tool to allow users to better monitor and analyze bot traffic and take whatever action they want.

Written on February 26, 2016