OneLogin, an online service that lets users manage logins to sites and apps from a single platform, says it has suffered a security breach in which customer data was compromised, including the ability to decrypt encrypted data.

Headquartered in San Francisco, OneLogin provides single sign-on and identity management for cloud-base applications. OneLogin counts among its customers some 2,000 companies in 44 countries, over 300 app vendors and more than 70 software-as-a-service providers.

A breach that allowed intruders to decrypt customer data could be extremely damaging for affected customers. After OneLogin customers sign into their account, the service takes care of remembering and supplying the customer’s usernames and passwords for all of their other applications.

In a brief blog post Wednesday, OneLogin chief information security officer Alvaro Hoyos wrote that the company detected unauthorized access to OneLogin data.

“Today we detected unauthorized access to OneLogin data in our US data region. We have since blocked this unauthorized access, reported the matter to law enforcement, and are working with an independent security firm to determine how the unauthorized access happened and verify the extent of the impact of this incident. We want our customers to know that the trust they have placed in us is paramount.”

“While our investigation is still ongoing, we have already reached out to impacted customers with specific recommended remediation steps and are actively working to determine how best to prevent such an incident from occurring in the future and will update our customers as these improvements are implemented.”



WALK DOWN THE street in New York City and your likeness will be captured on camera dozens of times. You’ll pass cameras affixed to buildings and traffic lights; on the subway platform, more than 4,000 closed circuit cameras will track your every move. There are security gadgets planted in elevators and lobbies, coffee shops and convenience stores, all of which keep a watchful eye.

An estimated 62 million security cameras monitor the United States alone, which means that at any given moment, you’re probably being watched without even knowing it. It's almost like a dystopian version of Hansel and Gretel, where everywhere you go, you leave a path of digital breadcrumbs in your wake.

We often don’t see or think about these cameras, but a new exhibition at New York City’s Park Avenue Armory puts the surveillance state overtly on display. For Hansel and Gretel, artist Ai WeiWei and Swiss architects Jacques Herzog and Pierre de Meuron, transformed the Armory’s cavernous drill hall into a surveillance park. A series of 56 tiny computers attached to infrared cameras and projectors hang from the rafters. Meanwhile, a handful of tethered drones buzz overhead, taking footage of the visitors and feeding it back into a live stream.


The Facebook algorithm that auto-tags people in photographs might be slightly creepy, but also of interest to the intelligence community. 

The IC’s research and development unit is hosting a new contest in search of the best facial recognition algorithms that can identify individuals in images taken from the “wild,” for example, sources such as security footage. 

The Intelligence Advanced Research Projects Activity’s “Face Recognition Prize Challenge” seeks algorithms that can accurately and quickly match a photo found in passive footage to another of the same individual from a gallery, as well as systems that can verify, or match, two images of the same person while rejecting photos of other individuals. The most accurate search algorithm wins $25,000. The fastest wins $5,000, and the most accurate verification algorithm wins $20,000. 


The technology could be helpful in “preventing the next random act of violence or catching a child predator,” and may become essential for public safety professionals, IARPA Program Manager Chris Boehnen said in a statement. An abundance of training data from real-world scenarios has made more sophisticated facial recognition technology possible, he said. 

The challenge is just one of several biometric-themed projects IARPA has launched recently. Such projects may attract mainstream attention as President Donald Trump directs the Homeland Security Department to invest in biometric tracking that could follow travelers entering and exiting the United States. IARPA’s Odin project, for instance, awards funds to companies developing technology that can detect when people are trying to disguise their fingerprints or iris scans. Another, called Janus, is aimed at improving face recognition in videos.  

The contest runs until June 15 and winners will be announced in October.




A technician hurriedly slings his backpack over his shoulders, straps on his M9 pistol, and bolts out of the transport with his squad of commandos in a hail of gunfire. As soon as his team reaches the compound, he whips out a laptop and starts deploying a rootkit to the target server, bullets whizzing overhead all the while.

This might sound like the action movie of a hacker's dreams, but The Army Cyber Institute at West Point is training its recruits to do just that. At Chicago'sThotcon hacker conference last week, attendees got a glimpse of what its elite units might look like.

During their talk, the institute's Major Natalie Vanatta and Captain Erick Waage mused on dramatic changes ahead. Conventional warfare soon may be shaped by computer networks, and the race to perfect techniques to infiltrate them has touched off an ambitious effort to bring experts in the public and private sectors together.


All Hands on Deck

Highly specialized missions stand little chance of success unless they are systematized with rigorous training, and The Army Cyber Institute is conducting some of the most cutting-edge network infiltration training operations in the U.S. military.

In their 25-minute Thotcon presentation, Vanatta and Waage described some of the exercises that take place on a 1,000-square-mile patch of the Mojave desert. Units composed of traditional and digital warriors practice raiding enemy outposts -- manned by other recruits -- and precisely deploying the kind of penetration exploits that may become commonplace in an ever-more-networked world.

Vanatta, Waage and other Army Cyber Institute researchers are in charge of designing the simulations they detailed to attendees. However, most of the institution's effort is dedicated to monitoring and predicting technological trends, to ensure that the Army's training and the country's defenses keep pace.

Their talk, "Unleashing the Dogs of [Cyber] War" was, in part, an invitation for members of the information security community in the audience to step up and contribute their expertise. They were asked to offer their conjectures to help shape the way the U.S. military maintains its edge against opponents dependent on networked infrastructure.

With major information security players like Trustwave, Cylance and others based in Chicago, where Thotcon took place, the event offered an ideal opportunity for Vanatta and Waage to put out the call.

Over the course of their presentation, they gave conference-goers a look at how their elite frontline hacking units operate -- but they stressed the need to heighten familiarity with network penetration techniques across all units and branches of the armed forces.