Ruhr University Bochum
Securely transmit new passwords
Forgot your password? No problem: You can either receive a new one by e-mail or answer a security question and receive a password directly. Both methods offer vulnerabilities for hackers. Now there is an alternative.
Conventional methods for transmitting a new password have weak points, as Prof. Dr. Markus Dürmuth, head of the Mobile Security working group at Ruhr-Universität Bochum (RUB), knows: "Emails are transmitted in plain text and can easily be read. The correct answers to security questions, on the other hand, can often be guessed with a bit of luck and research."
Together with a colleague from the University of California, Berkeley, and a colleague from INRIA (Institut national de recherche en informatique et en automatique), Grenoble, Dürmuth has developed an alternative to the methods described above. They use so-called 'Mooney' images. These are black and white images that have been processed with a special filter.
When you see a Mooney image, you don't recognize anything at first. Only when you see the original image do you recognize the motif on the Mooney - an effect that lasts for a long time. This is known as 'priming' or 'imprinting' on the image.
Dürmuth uses the mechanism as follows: instead of having to think of a security question and the corresponding answer just in case, the user is shown ten Mooneys and the corresponding original images during the priming phase. If they then forget their password at some point, they are shown 20 Mooneys and asked to state what they have recognized. "The real account holder will recognize the ten Mooneys on which he was primed," says Dürmuth. "But they won't be able to identify the other ten. He is then directly assigned a new password." A hacker would give himself away by either not recognizing any Mooneys at all, or by recognizing Mooneys that are unknown to the actual user.
You might also be interested in
Vulnerability discovered in Siemens protection technology
Kaspersky Lab has identified a vulnerability in Siemens protection technology products as part of a security audit of critical infrastructure. Once it became known, Siemens immediately closed the gap.
read more...Phishing attack on Telekom data
T-Online passwords circulating on the darknet
Customer data from over a dozen companies is currently being offered on the darknet - including Telekom customers. A random sample of around 90 data records has shown that some of the Telekom customer data is genuine and up-to-date.
read more...VDMA publishes 'Industry 4.0 Security' guide
The VDMA has published a practical guide "Industry 4.0 Security". It is intended to enable medium-sized companies to take concrete measures and implement security requirements for their own products, machines and systems.
read more...65 billion euros in damage due to cyber attacks
In the last five years, German companies have suffered losses totaling 65.2 billion euros as a result of cyber attacks. The manufacturing industry has been particularly hard hit. This is the conclusion of a study by the Center for Economics and...
read more...Solutions for industrial network security
Networked production brings many advantages. However, it also increases the likelihood of employees or third parties misusing this infrastructure through operating errors or espionage. The Phoenix Contact webinar provides guidance on how to protect...
read more...IT decision-makers mistrust the cloud
According to a survey commissioned by Intel Security, many German IT decision-makers distrust the cloud. Is this due to data protection, fear of data loss or loyalty to providers?
read more...No accidental changes to files
CodeMeter 6.80 from Wibu-Systems supports Universal Write Filter (UWF), a Windows option from Microsoft that prevents accidental changes to files, which is particularly important for embedded systems.
read more...Security through network segments
The Microwall Gigabit from Wiesemann & Theis is the first in a series of easy-to-use security products for industry and manufacturing.
read more...Mushroom is the victim of a targeted hacker attack
The automation technology provider Pilz from Ostfildern was the victim of a targeted cyber attack on Sunday, October 13. All server and PC workstations worldwide, including the company's communication network, were affected.
read more...