Tag: Security

From: BGR - Delta will let you use your fingerprint as a boarding pass

Your fingerprint already serves as the key that unlocks your smartphone — and possibly also your laptop, tablet, and other gadgets — and now you can use it as your boarding pass, too. That is, as long as you fly Delta. The airline is in the midst of launching a new feature for its SkyMiles loyalty club members that lets you ditch the paper pass and bar codes and use your fingerprint as proof of your identity. 

The new system uses small kiosks that scans two fingers in place of a traditional boarding pass, and sends passengers on their way quicker than just about anything. However, while the new biometric ID option is slick, it comes at a cost. In order to use the feature, passengers must be enrolled both in Delta’s Sky Club, as well as the CLEAR airport security program, the latter of which will set you back a cool $179 per year.

“It’s a win-win program,” Delta’s COO said in a statement. “Biometric verification has a higher level of accuracy than paper boarding passes and gives agents more time to assist customers with seat changes and other skilled tasks instead of having to scan individual tickets – and customers have less to keep track of as they travel through the airport.”

The company is also planning on looping the fingerprint scanning into its luggage checking process as well, allowing passengers to check their bags with their biometric identity. At the moment, the biometric scanning is currently only available at the Reagan Washington National Airport.

From: SitePoint - Why the IoT Threatens Your WordPress Site (and How to Fix It)

Why the IoT Threatens Your WordPress Site (and How to Fix It)

This article was sponsored by Incapsula. Thank you for supporting the partners who make SitePoint possible.

Distributed denial of service (DDoS) attacks are increasingly a fact of life for any business with a web presence. For any company, large or small, it’s no longer a matter of “if” you will get hit with a DDoS attack, but “when.” And without a third party provider like Incapsula, WordPress sites are increasingly vulnerable to bots delivering DDoS attacks.

The more popular a platform is, the more likely it’ll become a target for attacks. And WordPress is by far the most popular platform on the Internet. The CMS accounts for nearly 60 percent of market share and comprises a staggering 25 percent of all sites across the web. Of all those millions of sites, 60 percent are running older version of WordPress, or newer, but unpatched versions that are vulnerable to becoming bots to participate in an attack.

Based on industry reports and current trends, the prevalence of DDoS assaults is increasing at a rapid pace and recovering from the damage of an attack can also take months or years. Over half of the respondents in an Incapsula survey (52 percent) reported their organization had to replace software/hardware, or that it had lost revenue. An additional 43 percent confirmed that their organization lost consumer trust.

Patching WordPress Won’t Stop a DDoS Attack

“The biggest security vulnerability is an outdated WordPress component,” says Eric Murphy, Director of Security at WP Engine. “The most important thing people should be doing is ensuring their WordPress core, themes and plugins are all kept up-to-date. Understanding the OWASP Top 10 further enables users, developers and engineers to protect their WordPress assets.”

Murphy’s right. Patching your WordPress site will keep your site stable and prevent a lot of attacks. But it can’t stop a determined DDoS attack. Even if you employ the most diligent WordPress admin to stare at a screen, who tests and applies patches as soon as they’re released, and tirelessly keeps the site up-to-date, your site can still be brought to its knees by a DDoS attack — costing your business sales, resources and reputation.

Another reason your site is vulnerable to DDoS attacks is because they’re sourced from a growing matrix of unpatched IoT devices that span the Internet. Many (most?) vendors who are bringing devices online aren’t prioritizing security and instead opt for customers’ ease-of-use. The reasoning is that whenever an extra layer of security is required, it could potentially affect sales.

Yet another reason that security is an afterthought for IoT devices — even in the age of the DDoS hack — is that vendors are bringing their products to market as quickly as possible. If they get it to market first, they can win or even dominate market share. So the product is dropped with an immature or even non-existent security framework with a plan to fix the security issues later. But in the meantime, your WordPress site is hit again by another attack vector.

The Trouble with IoT

The proliferation of IoT devices is directly increasing the number and strength of DDoS attacks. Nearly any smart device can be leveraged in a DDoS attack. A couple of white hat hackers demonstrated how a Nest thermostat could be used to extort money from its users. Nest is owned by Google and can afford to patch the vulnerabilities, yet many smaller companies with IoT devices cannot afford to regularly patch them.

Continue reading %Why the IoT Threatens Your WordPress Site (and How to Fix It)%