Facebook users are being interrupted by an interstitial demanding they provide the password for the email account they gave to Facebook when signing up.
SEDC is an Atlanta-based company that provides back-ends for utility companies; a security researcher discovered that the company stored his password in the clear. The company's products have more than 15,000,000 users, whose logins and passwords are potentially also stored in plaintext. — Read the rest
Your internet-of-shit smart lightbulb is probably storing your wifi password in the clear, ready to be recovered by wily dumpster-divers; Limited Results discovered the security worst-practice during a teardown of a Lifx bulb; and that's just for starters: the bulbs also store their RSA private key and root passwords in the clear and have no security measures to prevent malicious reflashings of their ROMs with exploits, network probes and other nasties. — Read the rest
Dell released a statement on Wednesday that says the computer giant reset passwords for all accounts on the Dell.com online electronics store on Nov. 14.
That was a full 5 days after they discovered and reportedly thwarted hackers who were trying to steal customer data.
No one knows who wrote this Unisyn optical vote-counting machine manual that has appeared in multiple sites served by the California-based vendor, but only because Unisyn won't comment on whether they wrote it.
British-Australian I.T. developer Nathan Hague was traveling through Australia's Sydney airport when authorities forcibly detained him and seized his devices, according to reports. Hague says his laptop password was cracked, and his digital files were accessed by Border Force officers.
If you're the kind of parent who wants to spy on everything your kids do, you can force them to install an app like Teensafe, which only works if your kid doesn't use two-factor authentication; you have to give it your kid's device ID and password, so if that data leaks, it would allow anyone to break into your kid's cloud and plunder all their private data.
If you're anything like the average web user, you probably have dozens of online accounts, each with their own unique passwords. And, while maintaining unique logins helps protect your accounts, keeping track of all those passwords can get hairy. Dashlane Password Manager makes it easy to keep tabs on your logins while arming you with powerful, encrypted protection. — Read the rest
Earlier this month on Jimmy Kimmel Live, random people on the street were asked to share their main internet password. Amazingly, some did… on camera, no less.
Troy Hunt, proprietor of the Have I Been Pwned? service, has made 306,000,000 known-cracked passwords available as a download — you can grab the set and make sure that yours isn't among them, as these cracked passwords are the ones that are likely being used by hackers when they do brute-force attacks against encrypted password files.
The latest crayon-scrawled, unconstitutional, sure-to-be-challenged plan from the Trump White House for America's borders would require visitors to the US to reveal their social media passwords so CBP officers could read their private messages and look at their friends lists; they will also have to answer questions about their political beliefs — the plan would cover visitors from all over, including countries in the US Visa Waiver program.
A huge coalition of human rights groups, trade groups, civil liberties groups, and individual legal, technical and security experts have signed an open letter to the Department of Homeland Security in reaction to Secretary John Kelly's remarks to House Homeland Security Committee earlier this month, where he said the DHS might force visitors to America to divulge their social media logins as a condition of entry.
The combination of 2014's Supreme Court decision not to hear Cotterman (where the 9th Circuit held that the data on your devices was subject to suspicionless border-searches, and suggested that you simply not bring any data you don't want stored and shared by US government agencies with you when you cross the border) and Trump's announcement that people entering the USA will be required to give border officers their social media passwords means that a wealth of sensitive data on our devices and in the cloud is now liable to search and retention when we cross into the USA.
An analysis of passwords found in the 2009 breach of Rockyou — 32 million accounts — finds a large number of Biblical references ("jesus"," "heaven", "faith", etc), including a number of Bible verse references ("john316").
AdultFriendFinder was hacked (again) in October 2016. According to LeakedSource, which acquired a copy of the dataset, this amounts to more than 400m accounts, many with plaintext passwords, from AdultFriendFinder and associated websites.
The site was compromised with a local file inclusion exploit, which means the website's code allowed access to files on the server that aren't supposed to be public. — Read the rest
I-Dressup is a social media site aimed at teen and tween girls, where users play and interact with fashion. Six days ago, Ars Technica's Dan Goodin contacted I-Dressup to tell them that they were leaking more than 5.5 million cleartext passwords, and that a hacker had already downloaded 2.2 million of them. — Read the rest
The Internet of Things business model dictates that devices be designed with the minimum viable security to keep the products from blowing up before the company is bought or runs out of money, so we're filling our homes with net-connected devices that have crummy default passwords, and the ability to probe our phones and laptops, and to crawl the whole internet for other vulnerable systems to infect.
Gus the hacker puppeteer writes, "Last weekend was the Hackers On Planet Earth conference (where, ICYMI, Cory was the keynote address). I always come away from HOPE wishing there were easier ways to share what I learned there with friends and family. — Read the rest