passwords

Your smart meter is very secure (against you) and very insecure (against hackers)

In On Smart Cities, Smart Energy, And Dumb Security -- Netanel Rubin's talk at this year's Chaos Communications Congress -- Rubin presents his findings on the failings in the security of commonly deployed smart meters. Read the rest

Yahoo reveals hackers took a further 1 billion accounts (phone, DoB, names, emails)

Just a few months after Yahoo disclosed a 2014 breach of 500 million user accounts, the company today revealed this was preceded by a 1 billion account breach in 2013, in which the hackers took everything: hashed passwords, names, email addresses, phone numbers, dates of birth, and possibly the tools necessary to forge login cookies that would bypass password checks altogether.

Read the rest

This TV streaming service offers more than Hulu and Netflix for just $24

These days, we benefit from having a plethora of TV streaming options, but SelectTV had never been on my radar. SelectTV may be a less known option, but it actually offers significantly more content than the usual suspects. For that reason alone, I thought it was definitely worth checking out. 

As advertised, SelectTV delivers a massive library of TV shows, movies, live channels, and more—over 300,000 + TV episodes and 200,000 movies, to be exact. I appreciate that fact that it’s all available through the same interface, which means no more switching between windows or having to enter different passwords to watch what I want.

What's especially unique is that SelectTV also includes a Pay Per View service, which isn't usually an option with streaming services. This comes in handy for watching big fights and new movie releases. Plus, SelectTV connects to home TVs via Chromecast or an HDMI cable. 

If you love entertainment variety and enjoy not paying cable companies an arm and a leg, you owe it to yourself to check out this service. In fact, for a limited time, you’ll also get a free HD antenna from SelectTV post-purchase if you buy a one year ($24) or three year ($49) subscription Read the rest

Iphones secretly send your call history to Apple's cloud, even after you tell them not to

Apple has acknowledged that its Icloud service is a weak link in its security model, because by design Apple can gain access to encrypted data stored in its customers' accounts, which means that the company can be hacked, coerced or tricked into revealing otherwise secure customer data to law enforcement, spies and criminals. Read the rest

What's inside the windowless AT&T/NSA spying hub in lower Manhattan?

The windowless, 550'-tall AT&T tower at 33 Thomas Street in lower Manhattan is the building referred to as TITANPOINTE in the NSA documents leaked by Edward Snowden, and was likely the staging point for the NSA's BLARNEY operation, which illegally spied upon communications to and from "International Monetary Fund, the World Bank, the Bank of Japan, the European Union, the United Nations, and at least 38 different countries, including U.S. allies such as Italy, Japan, Brazil, France, Germany, Greece, Mexico, and Cyprus." Read the rest

300 million Adultfriendfinder accounts breached

Adultfriendfinder, "the world's largest sex & swinger community," has suffered a major breach, leaking 300,000,000 accounts' worth of personal information, namely email addresses, passwords, usernames, IP addresses and browser information. Read the rest

Plaintext passwords galore in huge AdultFriendFinder hack

AdultFriendFinder was hacked (again) in October 2016. According to LeakedSource, which acquired a copy of the dataset, this amounts to more than 400m accounts, many with plaintext passwords, from AdultFriendFinder and associated websites.

The site was compromised with a local file inclusion exploit, which means the website's code allowed access to files on the server that aren't supposed to be public.

Nearly a million accounts have the password "123456". More than 100,000 have the password "password".

The non-plaintext passwords were easily cracked anyway, apparently due to some roll-your-own encryption that involved lowercasing everything, SHA1ing it and going back to bed. The longest passwords were "pussy.passwordLimitExceeded:07/1" and "gladiatoreetjaimelesexetjaimefum", with a Blackadder fan in #3 with "antidisestablishmentarianism" and a sybarite who reads XKCD in #4 with "pussypussymoneymoneyweedweed."

Hotmail was the most common email provider, followed by Yahoo and gmail. These three accounted for the vast majority of registered addresses, with AOL and Live an order of magnitude down.

Leaked Source isn't making the data set publicly available; but if they have it, others might too. Read the rest

The internet's core infrastructure is dangerously unsupported and could crumble (but we can save it!)

Nadia Eghbal's Roads and Bridges: The Unseen Labor Behind Our Digital Infrastructure is a long, detailed report on the structural impediments to maintaining key pieces of free/open software that underpin the internet -- it reveals the startling fragility of tools that protect the integrity, safety, privacy and finances of billions of people, which are often maintained by tiny numbers of people (sometimes just one person). Read the rest

Unsecured Internet of Things gadgets get hacked within 40 minutes of being connected to the net

The Atlantic's Andrew McGill set up a virtual server on Amazon's cloud that presented to the internet as a crappy, insecure Internet of Things toaster; 41 minutes later, a hacked IoT device connected to it and tried to hack it. Within a day, the "toaster" had been hacked more than 300 times. Read the rest

China electronics maker will recall some devices sold in U.S. after massive IoT hack

A China-based maker of surveillance cameras said Monday it will recall some products sold in the United States after a massive "Internet of Things" malware attack took down a major DNS provider in a massive DDOS attack. The stunningly broad attack brought much internet activity to a halt last Friday.

Read the rest

If you bail on Yahoo Mail, forget about having your email forwarded

A week after the revelations that Yahoo illegally allowed American spies to access all Yahoo users' email (possibly via a dangerous rootkit), and two weeks after admitting that 500,000,000 Yahoo Mail users' passwords were leaked years previously, possibly to a "state actor," the company has disabled email forwarding for Yahoo Mail users. Read the rest

The malware that's pwning the Internet of Things is terrifyingly amateurish

Following the release of the sourcecode for the Mirai botnet, which was used to harness DVRs, surveillance cameras and other Internet of Things things into one of the most powerful denial-of-service attacks the internet has ever seen, analysts have gone over its sourcecode and found that the devastatingly effective malware was strictly amateur-hour, a stark commentary on the even worse security in the millions and millions of IoT devices we've welcomed into our homes. Read the rest

Company suspected of blame in Office of Personnel Management breach will help run new clearance agency

In 2014, the US Office of Personnel Management was hacked (presumably by Chinese spies), and leaked 22,000,000+ records of Americans who'd applied for security clearance, handing over the most intimate, compromising details of their lives (the clearance process involves disclosing anything that could be used to blackmail you in the future). This didn't come to light until 2015. Read the rest

Your next DDoS attack, brought to you courtesy of the IoT

The internet is reeling under the onslaught of unprecedented denial-of-service attacks, the sort we normally associate with powerful adversaries like international criminal syndicates and major governments, but these attacks are commanded by penny-ante crooks who are able to harness millions of low-powered, insecure Internet of Things devices like smart lightbulbs to do their bidding. Read the rest

Let's kill inane "(in)security questions"

After last week's revelation of a record-smashing breach at Yahoo (which the company covered up for years), security researcher Matt Blaze tweeted: "Sorry, but if you have a Yahoo account, you will need to find a new mother, and have grown up on a different street." Ha, ha, only serious. Read the rest

Social media site targeted at teen girls is leaking 5.5M+ passwords right now

I-Dressup is a social media site aimed at teen and tween girls, where users play and interact with fashion. Six days ago, Ars Technica's Dan Goodin contacted I-Dressup to tell them that they were leaking more than 5.5 million cleartext passwords, and that a hacker had already downloaded 2.2 million of them. Read the rest

Yahoo says at least 500 million accounts hacked, blames "state-sponsored actor"

Yahoo today confirmed that it suffered a massive data breach that exposed information for at least 500 million user accounts in 2014. If you have a Yahoo account, the company says you should review all your online accounts for any suspicious activity.

Read the rest

Previous PageNext page