LastPass hacked, but says user data's safe


The password management service was hacked last week, but its layers of security prevented a serious breach. Here's what users should do to make sure they're unaffected.

Tl;dr: change your master password.

LastPass says in its blog entry, “Encrypted user vaults were not compromised.” This is a critical fact because changing your master password will immediately make the stolen password information useless. If crackers had stolen vaults, they would be able to churn on them forever or return to them to the future and crack them with more advanced or powerful technology. Since people often don’t change passwords for years at a time or forever, that could have still been a risk.

LastPass also advises changing your password at any other account for which you use the identical password

Photo: Shutterstock. Read the rest

On ethics in information technology

Our field requires ethical frameworks we accept, instead of rules that remain technically unbroken while we hackers violate their spirit with as much ingenuity as we can muster.

Self-sustaining botnet made out of hacked home routers

Telcos send routers with default passwords to their customers, who never change them, and once they're compromised, they automatically scan neighboring IP space for more vulnerable routers from the same ISP. Read the rest

Your cyberpunk games are dangerous

How roleplaying games and fantasy fiction confounded the FBI, confronted the law, and led to a more open web

Virgin Media's "plain text password" problem (Update: never mind)

Hacker News noticed that Virgin Media's staff can view users' passwords.

However, it may be just in reference to a temporary ones issued for phone support—though Virgin isn't responding in any hurry to the concerns.

Storing passwords in plain text is considered bad.

Update: Virgin has clarified that the "password" in question is just a different identifier used for phone support. Actual account passwords are properly encrypted. Read the rest

Encrypting your laptop demystified

On The Intercept, Micah Lee follows up on his great primer on NSA-proof passwords with a soup-to-nuts tutorial on encrypting your laptop. Read the rest

Arkansas cops send malware to whistleblowers' lawyers

An Arkansas lawyer representing ex-cops who blew the whistle on corruption in the Fort Smith Police Department says that when he gave the police brass a blank hard-drive for discovery documents, they returned it laden with sneaky malware, including a password-sniffing keylogger and a backdoor that would let the police department spy on their legal opponents. Read the rest

Surveillance self-defense kit for LGBTQ youth

The latest addition to the Electronic Frontier Foundation's Surveillance Self-Defense series is a set of tools and instructions aimed specifically at LGBTQ kids, who have unique threat models (being outed) and adversaries (homophobic friends, parents, pastors). Read the rest’s first smartwatch winds down

There’s a new smartwatch that lets you make phone calls right from your wrist. No, not that one.

NSA-proof passwords

The Intercept's Micah Lee explains how to use Diceware's to generate a passphrase that can survive the NSA's trillion-guess-per-second cracking attempts -- but which can still be easily memorized. Read the rest

Brute-force iPhone password guesser can bypass Apple's 10-guess lockout

The IP Box costs less than £200 and can guess all possible four-digit passwords in 111 hours. Read the rest

Imaginary ISIS attack on Louisiana and the twitterbots who loved it

Gilad Lotan has spotted some pretty sophisticated fake-news generation, possibly from Russia, and possibly related to my weird, larval twitterbots, aimed at convincing you that ISIS had blown up a Louisiana chemical factory. Read the rest

Albuquerque PD encrypts videos before releasing them in records request

Har-har-fuck-you, said Albequerque's murderous, lawless police department, as they fulfilled a records request from Gail Martin, whose husband was killed by them, by sending her encrypted CDs with the relevant videos, then refusing to give her the passwords. Read the rest

Security researcher releases 10 million username and password combinations

Security researcher Mark Burnett has released 10,000,000 username/password combos he's downloaded from well-publicized hacks, citing the prosecution of Barrett Brown and the looming Obama administration crackdown on security researchers as impetus to do this before it became legally impossible. Read the rest

Modern farm equipment has no farmer-servicable parts inside

Ifixit's Kyle Wiens writes about the state of modern farm equipment, "black boxes outfitted with harvesting blades," whose diagnostic modes are jealously guarded, legally protected trade secrets, meaning that the baling-wire spirit of the American farm has been made subservient to the needs of multinational companies' greedy desire to control the repair and parts markets. Read the rest

Canada's spying bill is PATROIT Act fanfic

Madeline Ashby writes, "I wrote this column about Canada's Bill C-51, which would allow Canada's spy agency CSIS to detain people for simply 'promoting' terrorism, promises it can wipe terrorist content from the Internet, expands no-fly lists, and is basically a piece of Patriot Act fanfic. I thought you guys might like to know that years after Bush left office, his fans are trying to keep the tradition alive." Read the rest

Barrett Brown’s sentence is unjust, but it may become the norm for journalists

Jailed, in part, because he shared a link to a stolen document that he did not steal, and despite the fact that this is not a crime.

Previous PageNext page