Infosec scam links July 3, 2014

Duo Security Researchers Uncover Bypass of PayPal's Two-Factor Authentication - Zach Lanier - Duo Security

I love two-factor authentication. I turn it on just about everywhere that I can. It’s a real easy way to secure your online account. Well, unless it’s not implemented properly and that’s what it looks like PayPal did. Lot of technical details to dive into this one.

Google's Famous Security Guru Found An Embarrassing Hole In Microsoft's Products - Julie Bort - Business Insider

Microsofts nemesis, Tavis Ormandy, who works for Google found a vulnerability in their security software. The word skirmish is used in the article, which just makes this little battle between tech giants all the more juicy. Way better than Jersey Shore.

Redmond's EMET defense tool disabled by exploit torpedo - Darren Pauli - The Register

In other not-good news for Microsoft. It appears that some researchers have found a way to disable their Enhanced Mitigation Experience Toolkit. This doesn’t make the tool useless, but it does mean Microsoft has it’s work cut out for it strengthening the tool. Currently Tech Preview 5.0 is unaffected by this. Researchers are working on 5.0 and will have details regarding those attempts at Black Hat in Las Vegas in August.