Pregnancy-tracking app was riddled with vulnerabilities, exposing extremely sensitive personal information

Consumer Reports Labs tested Glow, a very popular menstrual cycle/fertility-tracking app, and found that the app's designers had made a number of fundamental errors in the security and privacy design of the app, which would make it easy for stalkers or griefers to take over the app, change users' passwords, spy on them, steal their identities, and access extremely intimate data about the millions of women and their partners who use the app. Read the rest

Peak indifference: privacy as a public health issue


My latest Locus column, "Peak Indifference", draws a comparison between the history of the "debate" about the harms of smoking (a debate manufactured by disinformation merchants with a stake in the controversy) and the current debate about the harms of surveillance and data-collection, whose proponents say "privacy is dead," while meaning, "I would be richer if your privacy were dead." Read the rest

Healthcare workers prioritize helping people over information security (disaster ensues)


In Workarounds to Computer Access in Healthcare Organizations: You Want My Password or a Dead Patient?, security researchers from Penn, Dartmouth and USC conducted an excellent piece of ethnographic research on health workers, shadowing them as they moved through their work environments, blithely ignoring, circumventing and sabotaging the information security measures imposed by their IT departments, because in so doing, they were saving lives. Read the rest

One million machines, including routers, used to attack banks


Akamai's Ryan Barnett reports on two attacks against the service's financial customers last year: attackers used nearly 1m compromised systems to attempt to log in to users' accounts using logins and passwords from earlier breaches. Read the rest

'Spam King' Sanford Wallace gets 2.5 years in prison for 27 million Facebook scam messages

A hacker who called himself 'Spam King' and sent 27 million unsolicited Facebook messages for a variety of scams has been sentenced to 30 months in jail.

Read the rest

Password hashing demystified


The password breaches are getting stronger and worser, and hardly a week goes by without a dump that's a couple zeroes bigger than the biggest to date -- but not all password breaches are created equal, and a lot depends on whether and how the passwords were hashed. Read the rest

Google may abandon passwords for 'trust score'


Hate passwords? Google does too, and may begin doing away with conventional passwords on Android devices this year. At Google I/O, the company announced the next steps in its plans to begin using a password alternative: "trust scores" that determine your creds based on various data points. Developed by Google's Google's Advanced Technology and Projects group, the Trust API will roll out to "several very large" financial institutions within the next few weeks.

Read the rest

Become a certified ethical hacker with premium training--now only $69

If you or your company’s IT system are besieged by black hat cyber attacks, an ethical hacker might be all that stands between crippling damage and a company’s long-term prosperity. It’s no wonder that the market for IT security specialists is exploding.

Certification is the key - so learn the tenets of ethical hacking and get ready to get certified in the practice with this Ethical Hacker Professional Certification Package, now just $69 (over 95% off) - in the Boing Boing Store.

In over 60 hours of instruction, you’ll get advanced training in all things security, including deep-dives into handling passwords, spyware and keyloggers...and that’s just for starters.

Through this coursework, you’ll also learn how to handle digital evidence, review data without disturbing any signs of outside intrusion, and how to implement an information risk assessment process that’ll not only protect your vital data, but block other possible exploitable areas of your system in the future.

Once you’re done training, you’ll be ready to get certified in five disciplines: Certified Ethical Hacker, Computer Hacking Forensics Investigator, Certified Information Security Manager, Certified Information Systems Auditor or Certified Information Systems Security Professional.

This type of rigorous security training would normally cost almost $1,500, so picking it up for less than $70 is a giant win, so grab this deal now at its wildly reduced rate. Read the rest

Anal fisting site breached: 100K passwords, usernames, email addresses and IPs extracted

fist (1) is a forum for people whose sexual activities include inserting large items into their anuses; the site has been breached by a hacker, who now has details on over 100,000 of its users. Read the rest

Excellent advice for generating and maintaining your passwords


It's World Password Day and you can celebrate it by fixing your crappy passwords. Read the rest

Google warns that hosts malware

Google is pointing a finger at its own website, declaring it "partially unsafe" for web visitors. It's not clear if the report is one part of the sprawling company telling the truth about another part, a mistake, or a clever "googlebomb" of inbound links designed to trigger this result.

In any case, the warnings posted are delicious.

Some pages on this website install malware on visitors' computers.

Attackers on this site might try to trick you to download software or steal your information (for example passwords, messages, or credit card information).

Some pages on this website redirect visitors to dangerous websites that install malware on visitors' computers, including:,, and

Dangerous websites have been sending visitors to this website, including:,, and

Read the rest

Security flaws found in 3 state health insurance websites

Reuters / Phil McCarten

Federal investigators have discovered major security vulnerabilities in the state health insurance websites for California, Kentucky and Vermont that could allow criminals to access sensitive personal data for hundreds of thousands of people.

Read the rest

New trends in Chinese mobile UIs for 2016


Dan Grover has updated his excellent annual survey of UI trends in Chinese mobile apps with a new installment that covers the t-shirt icon, the happy shopping bag, the moving SEND button, the rise of data-management apps and chatbots, and more. Read the rest

CNBC's secure password tutorial sent your password in the clear to 30 advertisers


CNBC's Big Crunch blog put up a well-intentioned, but disastrously designed tutorial on secure password creation, which invited users to paste their passwords into a field to have them graded on how difficult it would be to guess them. Read the rest

Security-conscious darkweb crime marketplaces institute world-leading authentication practices


If you are a seller on Alphabay -- a darkweb site that sells "drugs, stolen data and hacking tools," you'll have to use two-factor authentication (based on PGP/GPG) for all your logins. Read the rest

Say goodbye to insane letter, number and symbol combos: Simplify your security with Password Boss

Everything requires a login these days, and you’re only one person. Experts tell you to mix it up with your passwords, never use the same one twice, add numbers, then symbols, on and on. But how to remember all that? You spend way too much time resetting your passwords, and don’t feel much more secure at the end of the day. Well, that jig is up. Get Password Boss now for 86% off and rest assured that you just need one master password, and the pros there handle the rest, keeping you safe and sound.

This app saves all your passwords and autofills your usernames for everything you do online. It randomizes and creates ultra-strong passwords for every account of yours, letting you do the easy part and simply use one master password to login here. It syncs across all your devices so you won’t have to remind yourself of that random string of letters from your iPad somewhere either. If you so choose, you can even share your passwords with select friends of family members. The custom two-step verification process keeps you extra safe by preventing data theft and even deleting data if compromised.

No more letters and numbers that you’ve used a million times and you know are way too easy for hackers to guess. This one hub keeps your mind at ease and your data safe. For 86% off right now, streamline that crazy password process once and for all. This is a lifetime promotion so your online security is set for life so check out the link below for more details. Read the rest

Daniel Clowes remembers publisher Alvin Buenaventura


[I received the sad and shocking news this morning that Alvin Buenaventura died in his home in Oakland, California last week. Alvin was a publisher and promoter of cartoonists I love, including Dan Clowes and Charles Burns. He was always very helpful when I had questions about how to get in touch with a particular cartoonist, and in recent weeks he was helping me find a printer for a magazine project I'm working on. I can't believe he's gone – I was selfishly counting on Alvin to publish many more years' worth of great books and comics. Cartoonist Daniel Clowes was very close with Alvin, and considered him to be a member of his family. Here's what he wrote about Alvin. -- Mark]

Alvin Buenaventura was the most important person in my life outside my immediate family. He was, to me, among many other things, an art representative, a production assistant, an archivist, a monographer, a tireless advocate and champion, a media representative, a technical advisor, a troubleshooter; but far beyond than that, he was my dear and beloved friend, a daily, constant, essential presence in my life.

I said this to anybody who asked about the mysterious Alvin: he was inexplicable, the most singular human being I've ever met. There's nobody else in the world even remotely like him. He can't ever be replaced in any way. He was born into a nondescript suburban So. Cal. army-brat childhood that could have in no way indicated his future, magically gifted with what can only be described as a perfect eye. Read the rest

Previous PageNext page