passwords

Sixth grader sells artisanal Diceware passwords

IMG_2455-e1445538863131

11 year old Mira Modi, daughter of privacy journalist Julia Angwin, has a startup through which she hand-generates secure Diceware passwords for $2, which she mails in sealed letters through the USPS, "which cannot be opened by the government without a search warrant." Read the rest

Putting your kettle on the Internet of Things makes your wifi passwords an open secret

ikettle_2_7962a3df-6887-47bc-b430-33e8ad963e2e_grande

The $150 Smarter Ikettle lets you start your water boiling from anywhere in the world over the Internet -- and it also contains long-term serious security vulnerabilities that allow attackers to extract your wifi passwords from it. Read the rest

Thrust/parry/counter: the history of Web authentication

dd6

A beautiful piece of writing by Schabse presents the history of Web authentication as a series of conversational gambits and ripostes between someone who wants to let users prove their identity online, and someone who wants to impersonate those users. It's a great way to present a subject that's both esoteric and vital, and I've never seen it before. Read the rest

Mayor of Stockton, CA detained by DHS at SFO, forced to give up laptop password

I-do-not-consent-stickerB

Mayor Anthony R. Silva was on his way back from a mayor's conference in China when the DHS border guards confiscated his laptop and phones and detained him, telling him he would not be allowed to leave until he gave them his passwords. He has still not had his devices returned. Read the rest

Why biometrics suck, the Office of Personnel Management edition

Fingerprint_-_Plain_Whorl

The nation-state hackers who stole 5.6 million+ records of US government employees (cough China cough) also took 5.6 million+ fingerprints. But it's no problem: those people can just get new fingerprints and revoke their old ones right? Read the rest

Poker malware infects your computers and peeks at your cards

post-3404-128460424287

Odlanor is Windows malware that targets users of Pokerstars and Full Tilt Poker, and exfiltrates information about their cards to their competitors. Read the rest

Ashley Madison users chose passwords like "whyareyoudoingthis"

Now that 11.7 million Ashley Madison users' passwords been shown to be crackable, we're learning that password security has not improved since the last giant dump of user passwords. Read the rest

Ashley Madison's passwords were badly encrypted, 15 million+ passwords headed for the Web

A flaw in the fraudulent dating site's password hashing means that at least 15 million of its users' passwords are liable to decryption. Read the rest

Criminal protip: don't confess "off the record"

muller

Matthew D. Muller, 38, is in jail after confessing to a kidnapping, “off the record and on background” to a TV reporter. Kevin Poulsen reports on the bizarre, Gone-Girl like convolutions of the case.

It’s the latest twist in a case that began last March, when 29-year-old Denise Huskins was taken from her Vallejo, California, home, held for 48 hours, then released 400 miles away in Southern California with no ransom paid. She later said she had been sexually assaulted during the abduction. The kidnapping was strange in a number of ways, including its high-tech theatrics. The perpetrator drugged Huskins and her boyfriend, interrogated them for personal information and online passwords, attempted to monitor the aftermath of the crime with a webcam, and used anonymous remailers, image sharing sites, and Tor to communicate with the police and the media during and after the crime.

The Vallejo police announced at the time that the whole thing had to be a hoax staged by Huskins and her boyfriend. But then a second, abortive home invasion occurred in nearby Dublin last June. This time the victims fought off the attacker, and a cell phone abandoned at the scene led law enforcement to Muller, a Harvard Law School graduate and former immigration attorney with a history of mental health issues.

Read the rest

Ashley Madison's founding CTO claimed he hacked competing dating site

Raja Bhatia was the original CTO of Avid Media, Ashley Madison's parent company; in an email to Avid CEO Noel Biderman in the latest Ashley Madison dump, he hacked the back-end of Nerve, a competing dating site. Read the rest

When online security is literally a roll of the dice, which dice do you use?

rolling-nonrandom
My search for an easy way to generate strong passwords and passphrases led me to the "Diceware" method Cory wrote about on Boing Boing. This was no game. I needed serious dice.

How did an Ohio inmate get prison administrators' usernames and passwords?

Lebanon prison, Ohio

Lebanon prison, Ohio

Ohio authorities are investigating how a prisoner obtained a list of the usernames and passwords for prison administrators.

Read the rest

Save 75% On A Lifetime Of Password Protection From SplashID Pro

SplashID, the company trusted by millions of people over the past 10 years, is here to make sure your most confidential information stays safe in the big, bad world of the Internet. From financial records, to personal data, to those annoying passwords you always forget, all your essential letters, symbols, and numbers will stay easily accessible to you and you only with help from SplashID.

Use SplashID on a phone, tablet, desktop or browser Sync your records w/ the cloud, Wi-Fi or no sync at all Get automated backups Securely download & restore any of your last 5 backups anytime View the SplashID dashboard for feedback on record securityx Share SplashID records securely w/ other SplashID users & even non-users

SplashID Pro: Lifetime Plan ($24.95)

Check out all of the items in the Boing Boing store, including gadgets, software, apps, and online courses! Read the rest

LastPass hacked, but says user data's safe

hack

The password management service was hacked last week, but its layers of security prevented a serious breach. Here's what users should do to make sure they're unaffected.

Tl;dr: change your master password.

LastPass says in its blog entry, “Encrypted user vaults were not compromised.” This is a critical fact because changing your master password will immediately make the stolen password information useless. If crackers had stolen vaults, they would be able to churn on them forever or return to them to the future and crack them with more advanced or powerful technology. Since people often don’t change passwords for years at a time or forever, that could have still been a risk.

LastPass also advises changing your password at any other account for which you use the identical password

Photo: Shutterstock. Read the rest

On ethics in information technology

HELP
Our field requires ethical frameworks we accept, instead of rules that remain technically unbroken while we hackers violate their spirit with as much ingenuity as we can muster.

Self-sustaining botnet made out of hacked home routers

Telcos send routers with default passwords to their customers, who never change them, and once they're compromised, they automatically scan neighboring IP space for more vulnerable routers from the same ISP. Read the rest

Your cyberpunk games are dangerous

neurogame
How roleplaying games and fantasy fiction confounded the FBI, confronted the law, and led to a more open web

Previous PageNext page