"Beendet die Quarantäne und beginnt einen Krieg!"

Im wiederaufgeflammten Konflikt zwischen Armenien und Aserbaidschan hat sich die Türkei hinter den schiitischen kleinen Bruder gestellt – Russland will vermitteln

Im wiederaufgeflammten Konflikt zwischen Armenien und Aserbaidschan hat sich die Türkei hinter den schiitischen kleinen Bruder gestellt - Russland will vermitteln

Apple has finally embraced key-based 2FA. So should you

Hardware keys are more secure—and finally ready for the masses.

An Ars-branded Yubikey.

Enlarge / An Ars-branded Yubikey. (credit: Steven Klein)

Almost three years ago, Google introduced its Advanced Protection Program (APP), a security plan for high-risk users that requires hardware keys for account access and is arguably the industry's most effective way to stop account takeovers in their tracks. But until now there was a major flaw that held APP back: its iPhone and iPad offerings were prohibitively limited for most users. Now that this has changed—more on the change in a bit—I feel comfortable recommending APP much more widely.

What is APP?

By requiring users to produce a physical security key in addition to a password each time they log in with a new device, APP is designed to stop the kinds of account breaches that Russian operatives used to disrupt the 2016 presidential election when they published sensitive emails from high-ranking Democratic officials.

Those attacks presented targets with convincing emails purportedly from Google. They warned, falsely, that the target's account password had been obtained by an outsider and should immediately be changed. When Hillary Clinton's presidential campaign chairman John Podesta and other Democrats complied, they effectively surrendered their passwords to hackers. Although hackers have many ways to compromise accounts, phishing remains one of the most popular, both because it's easy and because the success rate is so high.

Read 34 remaining paragraphs | Comments

Atomkraft: Das letzte Gefecht?

Nicht ganz unerwartet gibt es die ersten Rufe nach Verlängerung der AKW-Laufzeiten. Die Argumente sind die ewig gleichen und immer noch falschen

Nicht ganz unerwartet gibt es die ersten Rufe nach Verlängerung der AKW-Laufzeiten. Die Argumente sind die ewig gleichen und immer noch falschen

Iran state hackers caught with their pants down in intercepted videos

IBM researchers steal 40GB of data from group targeting presidential campaigns.

The flag of the Islamic Republic of Iran.

Enlarge / The flag of the Islamic Republic of Iran.

Iranian state hackers got caught with their pants down recently when researchers uncovered more than 40GB of data, including training videos showing how operatives hack adversaries’ online accounts and then cover their tracks.

The operatives belonged to ITG18, a hacking group that overlaps with another outfit alternatively known as Charming Kitten and Phosphorous, which researchers believe also works on behalf of the Iranian government. The affiliation has long targeted US presidential campaigns and US government officials. In recent weeks, ITG18 has also targeted pharmaceutical companies. Researchers generally consider it a determined and persistent group that invests heavily in new tools and infrastructure.

In May, IBM’s X-Force IRIS security team obtained the 40GB cache of data as it was being uploaded to a server that hosted multiple domains known to be used earlier this year by ITG18. The most telling contents were training videos that captured the group’s tactics, techniques, and procedures as group members performed real hacks on email and social media accounts belonging to adversaries.

Read 11 remaining paragraphs | Comments