passwords

Son of Stuxnet: "invisible," memory-resident malware stalks the world's banks

Duqu 2.0 is a strain of clever, nearly undetectable malware, derived from Stuxnet, that stays resident in its hosts' memory without ever writing persistent files to the system's drives. Read the rest

After shutting down to protect user privacy, Lavabit rises from the dead

In 2013, Lavabit -- famous for being the privacy-oriented email service chosen by Edward Snowden to make contact with journalists while he was contracting for the NSA -- shut down under mysterious, abrupt circumstances, leaving 410,000 users wondering what had just happened to their email addresses. Read the rest

Apple Store employees fired after accusations of snooping on customers' devices for sexual selfies and sharing them

Last October, an Apple Store in Brisbane, Australia terminated some of its employees after they were accused of searching customers' devices for sexually explicit selfies and sharing them with colleagues, rating them on a scale of 1-10. Read the rest

Bible references make very weak passwords

An analysis of passwords found in the 2009 breach of Rockyou -- 32 million accounts -- finds a large number of Biblical references ("jesus"," "heaven", "faith", etc), including a number of Bible verse references ("john316"). Read the rest

Your smart meter is very secure (against you) and very insecure (against hackers)

In On Smart Cities, Smart Energy, And Dumb Security -- Netanel Rubin's talk at this year's Chaos Communications Congress -- Rubin presents his findings on the failings in the security of commonly deployed smart meters. Read the rest

Yahoo reveals hackers took a further 1 billion accounts (phone, DoB, names, emails)

Just a few months after Yahoo disclosed a 2014 breach of 500 million user accounts, the company today revealed this was preceded by a 1 billion account breach in 2013, in which the hackers took everything: hashed passwords, names, email addresses, phone numbers, dates of birth, and possibly the tools necessary to forge login cookies that would bypass password checks altogether.

Read the rest

This TV streaming service offers more than Hulu and Netflix for just $24

These days, we benefit from having a plethora of TV streaming options, but SelectTV had never been on my radar. SelectTV may be a less known option, but it actually offers significantly more content than the usual suspects. For that reason alone, I thought it was definitely worth checking out. 

As advertised, SelectTV delivers a massive library of TV shows, movies, live channels, and more—over 300,000 + TV episodes and 200,000 movies, to be exact. I appreciate that fact that it’s all available through the same interface, which means no more switching between windows or having to enter different passwords to watch what I want.

What's especially unique is that SelectTV also includes a Pay Per View service, which isn't usually an option with streaming services. This comes in handy for watching big fights and new movie releases. Plus, SelectTV connects to home TVs via Chromecast or an HDMI cable. 

If you love entertainment variety and enjoy not paying cable companies an arm and a leg, you owe it to yourself to check out this service. In fact, for a limited time, you’ll also get a free HD antenna from SelectTV post-purchase if you buy a one year ($24) or three year ($49) subscription Read the rest

Iphones secretly send your call history to Apple's cloud, even after you tell them not to

Apple has acknowledged that its Icloud service is a weak link in its security model, because by design Apple can gain access to encrypted data stored in its customers' accounts, which means that the company can be hacked, coerced or tricked into revealing otherwise secure customer data to law enforcement, spies and criminals. Read the rest

What's inside the windowless AT&T/NSA spying hub in lower Manhattan?

The windowless, 550'-tall AT&T tower at 33 Thomas Street in lower Manhattan is the building referred to as TITANPOINTE in the NSA documents leaked by Edward Snowden, and was likely the staging point for the NSA's BLARNEY operation, which illegally spied upon communications to and from "International Monetary Fund, the World Bank, the Bank of Japan, the European Union, the United Nations, and at least 38 different countries, including U.S. allies such as Italy, Japan, Brazil, France, Germany, Greece, Mexico, and Cyprus." Read the rest

300 million Adultfriendfinder accounts breached

Adultfriendfinder, "the world's largest sex & swinger community," has suffered a major breach, leaking 300,000,000 accounts' worth of personal information, namely email addresses, passwords, usernames, IP addresses and browser information. Read the rest

Plaintext passwords galore in huge AdultFriendFinder hack

AdultFriendFinder was hacked (again) in October 2016. According to LeakedSource, which acquired a copy of the dataset, this amounts to more than 400m accounts, many with plaintext passwords, from AdultFriendFinder and associated websites.

The site was compromised with a local file inclusion exploit, which means the website's code allowed access to files on the server that aren't supposed to be public.

Nearly a million accounts have the password "123456". More than 100,000 have the password "password".

The non-plaintext passwords were easily cracked anyway, apparently due to some roll-your-own encryption that involved lowercasing everything, SHA1ing it and going back to bed. The longest passwords were "pussy.passwordLimitExceeded:07/1" and "gladiatoreetjaimelesexetjaimefum", with a Blackadder fan in #3 with "antidisestablishmentarianism" and a sybarite who reads XKCD in #4 with "pussypussymoneymoneyweedweed."

Hotmail was the most common email provider, followed by Yahoo and gmail. These three accounted for the vast majority of registered addresses, with AOL and Live an order of magnitude down.

Leaked Source isn't making the data set publicly available; but if they have it, others might too. Read the rest

The internet's core infrastructure is dangerously unsupported and could crumble (but we can save it!)

Nadia Eghbal's Roads and Bridges: The Unseen Labor Behind Our Digital Infrastructure is a long, detailed report on the structural impediments to maintaining key pieces of free/open software that underpin the internet -- it reveals the startling fragility of tools that protect the integrity, safety, privacy and finances of billions of people, which are often maintained by tiny numbers of people (sometimes just one person). Read the rest

Unsecured Internet of Things gadgets get hacked within 40 minutes of being connected to the net

The Atlantic's Andrew McGill set up a virtual server on Amazon's cloud that presented to the internet as a crappy, insecure Internet of Things toaster; 41 minutes later, a hacked IoT device connected to it and tried to hack it. Within a day, the "toaster" had been hacked more than 300 times. Read the rest

China electronics maker will recall some devices sold in U.S. after massive IoT hack

A China-based maker of surveillance cameras said Monday it will recall some products sold in the United States after a massive "Internet of Things" malware attack took down a major DNS provider in a massive DDOS attack. The stunningly broad attack brought much internet activity to a halt last Friday.

Read the rest

If you bail on Yahoo Mail, forget about having your email forwarded

A week after the revelations that Yahoo illegally allowed American spies to access all Yahoo users' email (possibly via a dangerous rootkit), and two weeks after admitting that 500,000,000 Yahoo Mail users' passwords were leaked years previously, possibly to a "state actor," the company has disabled email forwarding for Yahoo Mail users. Read the rest

The malware that's pwning the Internet of Things is terrifyingly amateurish

Following the release of the sourcecode for the Mirai botnet, which was used to harness DVRs, surveillance cameras and other Internet of Things things into one of the most powerful denial-of-service attacks the internet has ever seen, analysts have gone over its sourcecode and found that the devastatingly effective malware was strictly amateur-hour, a stark commentary on the even worse security in the millions and millions of IoT devices we've welcomed into our homes. Read the rest

Company suspected of blame in Office of Personnel Management breach will help run new clearance agency

In 2014, the US Office of Personnel Management was hacked (presumably by Chinese spies), and leaked 22,000,000+ records of Americans who'd applied for security clearance, handing over the most intimate, compromising details of their lives (the clearance process involves disclosing anything that could be used to blackmail you in the future). This didn't come to light until 2015. Read the rest

Previous PageNext page