passwords

IoT malware exploits DVRs, home cameras via default passwords

2003

The Internet of Things business model dictates that devices be designed with the minimum viable security to keep the products from blowing up before the company is bought or runs out of money, so we're filling our homes with net-connected devices that have crummy default passwords, and the ability to probe our phones and laptops, and to crawl the whole internet for other vulnerable systems to infect. Read the rest

This week in terrifying, mind-boggling password breaches

images

800,000 usernames and passwords from Brazzers, a giant porn site; 98 million passwords from Rambler.ru ("Russia's Yahoo") and, coming soon, the entire user database for VKontakte/VK.com, Russia's answer to Facebook. Read the rest

It's pretty easy to hack traffic lights

DCF 1.0

Researchers from the University of Michigan EE/Computer Science Department (previously) presented their work on hacking traffic signals at this year's Usenix Security Symposium (previously), and guess what? It's shockingly easy to pwn the traffic control system. Read the rest

The “Emergency Mode” Every Smartphone Should Have

An emergency phone sign is seen next to the euro sculpture outside headquarters of the European Central Bank  in Frankfurt
Most phones already come equipped with an Airplane Mode for flights, a Do Not Disturb mode for watching movies or ignoring people, and a Low Power mode for when your battery is about to die. But what happens when you’re in an emergency? Read the rest

75 percent of Bluetooth smart locks can be hacked

quicklock

Anthony Rose, an electrical engineer, was able to hack 12 out of 16 Bluetooth Low Energy smart locks as part of his research into their vulnerabilities. He presented his findings at the DEF CON hacker conference in Las Vegas on Saturday.

Via Tom's Guide:

Four locks, for example, transmitted their user passwords in plaintext to smartphones, making it easy for anyone with a $100 Bluetooth sniffer to pluck the passwords out of thin air.

Two of those four models, the Quicklock Doorlock and Quicklock Padlock, sent the password twice, Rose said. He and Ramsey found that they could change the user password by returning the same command with the second iteration of the password changed to something else, freezing out the legitimate user.

"The user can't reset it without removing the battery, and he can't remove the battery without unlocking the lock," Rose said.

Other lock manufacturers said they encrypted the user password for Bluetooth transmissions, Rose said. Technically, they did. But with at least one, Rose discovered that he could simply grab the encrypted password out of the air, then send it back to the lock — and the lock would unlock without the password ever being decrypted.

Read the rest

BBC will use surveillance powers to sniff Britons' wifi and find license-cheats

BLW_TV_Detector_Van (1)

If you live in the UK and watch live TV or use the Iplayer video-on-demand service, you have to pay a "license fee" that directly supports public media in the UK (in other countries, public media is funded out of the tax-coffers, but in the UK, it's a direct transfer from viewers to the media, which is meant to make the BBC independent of the whims of government and thus more able to hold it to account). Read the rest

Hacker puppets explain how they find your passwords in non-technical ways

animation

Gus the hacker puppeteer writes, "Last weekend was the Hackers On Planet Earth conference (where, ICYMI, Cory was the keynote address). I always come away from HOPE wishing there were easier ways to share what I learned there with friends and family. Fortunately, the Internet Society has been streaming and storing videos of HOPE talks for the past two conferences. (My own talk, on getting into the minds of everyday computer users, should be up there eventually.)" Read the rest

Pregnancy-tracking app was riddled with vulnerabilities, exposing extremely sensitive personal information

Consumer Reports Labs tested Glow, a very popular menstrual cycle/fertility-tracking app, and found that the app's designers had made a number of fundamental errors in the security and privacy design of the app, which would make it easy for stalkers or griefers to take over the app, change users' passwords, spy on them, steal their identities, and access extremely intimate data about the millions of women and their partners who use the app. Read the rest

Peak indifference: privacy as a public health issue

056c026d-1c66-4d42-9fae-a8e96df290c5-1020x1129

My latest Locus column, "Peak Indifference", draws a comparison between the history of the "debate" about the harms of smoking (a debate manufactured by disinformation merchants with a stake in the controversy) and the current debate about the harms of surveillance and data-collection, whose proponents say "privacy is dead," while meaning, "I would be richer if your privacy were dead." Read the rest

Healthcare workers prioritize helping people over information security (disaster ensues)

o_ensure_a_quick

In Workarounds to Computer Access in Healthcare Organizations: You Want My Password or a Dead Patient?, security researchers from Penn, Dartmouth and USC conducted an excellent piece of ethnographic research on health workers, shadowing them as they moved through their work environments, blithely ignoring, circumventing and sabotaging the information security measures imposed by their IT departments, because in so doing, they were saving lives. Read the rest

One million machines, including routers, used to attack banks

ZyXEL_Prestige_600_series_20070304

Akamai's Ryan Barnett reports on two attacks against the service's financial customers last year: attackers used nearly 1m compromised systems to attempt to log in to users' accounts using logins and passwords from earlier breaches. Read the rest

'Spam King' Sanford Wallace gets 2.5 years in prison for 27 million Facebook scam messages

spamking
A hacker who called himself 'Spam King' and sent 27 million unsolicited Facebook messages for a variety of scams has been sentenced to 30 months in jail.

Read the rest

Password hashing demystified

1200px-Double-alaskan-rainbow

The password breaches are getting stronger and worser, and hardly a week goes by without a dump that's a couple zeroes bigger than the biggest to date -- but not all password breaches are created equal, and a lot depends on whether and how the passwords were hashed. Read the rest

Google may abandon passwords for 'trust score'

REUTERS

Hate passwords? Google does too, and may begin doing away with conventional passwords on Android devices this year. At Google I/O, the company announced the next steps in its plans to begin using a password alternative: "trust scores" that determine your creds based on various data points. Developed by Google's Google's Advanced Technology and Projects group, the Trust API will roll out to "several very large" financial institutions within the next few weeks.

Read the rest

Become a certified ethical hacker with premium training--now only $69

If you or your company’s IT system are besieged by black hat cyber attacks, an ethical hacker might be all that stands between crippling damage and a company’s long-term prosperity. It’s no wonder that the market for IT security specialists is exploding.

Certification is the key - so learn the tenets of ethical hacking and get ready to get certified in the practice with this Ethical Hacker Professional Certification Package, now just $69 (over 95% off) - in the Boing Boing Store.

In over 60 hours of instruction, you’ll get advanced training in all things security, including deep-dives into handling passwords, spyware and keyloggers...and that’s just for starters.

Through this coursework, you’ll also learn how to handle digital evidence, review data without disturbing any signs of outside intrusion, and how to implement an information risk assessment process that’ll not only protect your vital data, but block other possible exploitable areas of your system in the future.

Once you’re done training, you’ll be ready to get certified in five disciplines: Certified Ethical Hacker, Computer Hacking Forensics Investigator, Certified Information Security Manager, Certified Information Systems Auditor or Certified Information Systems Security Professional.

This type of rigorous security training would normally cost almost $1,500, so picking it up for less than $70 is a giant win, so grab this deal now at its wildly reduced rate. Read the rest

Anal fisting site breached: 100K passwords, usernames, email addresses and IPs extracted

fist (1)

Rosebuttboard.com is a forum for people whose sexual activities include inserting large items into their anuses; the site has been breached by a hacker, who now has details on over 100,000 of its users. Read the rest

Excellent advice for generating and maintaining your passwords

6101434856_e7eafdfdf2_b

It's World Password Day and you can celebrate it by fixing your crappy passwords. Read the rest

Previous PageNext page