passwords

Apple Bye Bye

my fallen knight

I was clumsy, and I spilled some beer on the keyboard of my Mac Air laptop, bought July 9, 2014. I immediately started drying my precious computer, overturning it, and my greedy Mac didn't gulp all that much beer, but.... Read the rest

Head of NSA's hacker squad explains how to armor networks against the likes of him

Rob-Joyce-NSA-TAO-582x435

Rob Joyce runs the NSA's Tailored Access Operations group, the spies who figure out how to hack systems, publishing a spook's version of the Skymall catalog, filled with software and hardware that other spies can order for use. Read the rest

2015's worst password was 123456

shutterstock_58757608

SplashData's report on the most commonly-used passwords finds a number of traditional disastrously bad choices performing well: "123456" comes out on top, followed by "password".

Other popular choices this year were sports, like "football" and "baseball." And "starwars," a newcomer to the list, ranked as the 25th most popular breached password, probably thanks to excitement over the release of the newest movie in the franchise.

Passwords are the banes of our increasingly online lives: Nearly everything we sign up for needs a password, and creating a secure one can be a pain. Even when we come up with a good one, we always need more because reusing passwords can leave us exposed if a service we use gets breached.

Read the rest

Snowshoeing: small-batch spam that's less targeted than spear-phishing

Snowshoe_(PSF)

Snowshoe spam has a "small footprint" -- it is sent is small, semi-targeted batches intended to sit below the trigger threshold for cloud-email spam filters, which treat floods of identical (or near-identical) messages as a solid indicator of spam. Read the rest

Time Warner Cable says data from 320K customers stolen

Time Warner Cable store in NYC, May 26, 2015.   REUTERS/Mike Segar
Internet and cable TV provider Time Warner Cable Inc. today revealed that up to 320,000 customers may have had their email passwords stolen.

Read the rest

Intel futurist Brian David Johnson heads to ASU's Center for Science and the Imagination

maxresdefault

Brian David Johnson (previously) is the futurist and theorist who used design fiction to help the company think about how its products would work in the future (I wrote him a story about the painful death of passwords). Read the rest

Paypal rolls out the welcome mat for hackers

online_payment (2)

It's not bad enough that Paypal is prone to shutting down your account and seizing your dough if you have a particularly successful fundraiser -- they also have virtually no capacity to prevent hackers from changing the email address, password and phone numbers associated with your account, even if you're using their two-factor authentication fob. Read the rest

Payment system security is hilariously bad

056c026d-1c66-4d42-9fae-a8e96df290c5-1020x910

In Shopshifting: The potential for payment system abuse, Karsten Nohl and Fabian Bräunlein showed attendees at Hamburg's Chaos Communications Congress just how poor the security in payment terminals is, and demonstrated several attacks that would let them harvest card numbers and PINs, make undetectable phantom charges and refunds to merchant accounts, and commit other mischief. Read the rest

Save 75% on elite password protection from Sticky Password

No need to struggle with remembering long and complicated passwords, Sticky Password is your password management and form filler solution, available for Mac, Windows, iOS, and Android. This lifetime Sticky Password Premium subscription protects your online identity by providing strong encrypted passwords for all your accounts, managed by a single master password known by you, and only you.

Strong, unique passwords, whenever and wherever you need themAutomatically log-in to recognized sitesCreated by the team behind AVG AntivirusChoose between cloud-based or local storageFill out forms instantlyUnbeatable security Support for all your devicesIntuitive interface

Get a Sticky Password Premium: Lifetime Subscription for only $25 in the Boing Boing Store Today Read the rest

3.3 million Hello Kitty website accounts leaked

056c026d-1c66-4d42-9fae-a8e96df290c5-1020x906

Last week, security researcher Chris Vickery discovered a database containing 3.3 million accounts from Sanriotown, a commercial Hello Kitty fansite operated by Sanrio, Hello Kitty's corporate owners. Read the rest

Israeli company's product can (allegedly) pwn any nearby mobile phone

056c026d-1c66-4d42-9fae-a8e96df290c5-1020x909

The Interapp from Tel Aviv's Rayzone Group is an intrusion appliance that uses a cache of zero-day exploits against common mobile phone OSes and is marketed as having the capability to infect and take over any nearby phone whose wifi is turned on. Read the rest

US State Department staffer sexually blackmailed women while working at US embassy

Phishing_Login

Michael C. Ford has pleaded guilty to accusations that he spent at least two years coercing at least 75 women into sending him naked photos of themselves and other women he demanded that they covertly photograph in dressing rooms and changing rooms. Ford worked at the US embassy in London while committing his crimes. Read the rest

How to stay safe online

safety-illustration-narrow

The scale and virulence of internet harassment often lingers in the news, but three women who have faced down the bullies are sharing their guide to staying safe online.

The advice is eminently sensible, well thought-out and derives, sadly, from all-too-familiar experience.

Feeling overwhelmed? Don’t have time to read the whole thing? Start with these three steps:

Set up two step verification Create unique, complex passwords Remove potential doxxing information

Created by Feminist Frequency's Anita Sarkeesian, Women, Action & the Media founder Jaclyn Friedman and Saying Abortion Aloud author Renee Bracey Sherman, the guide was made necessary by "the failure of social media services to adequately prevent and deal with the hateful targeting of their more marginalized users."

As this guide details, forcing individual victims or potential targets to shoulder the costs of digital security amounts to a disproportionate tax of in time, money, and emotional labor. It is a tax that is levied disproportionately against women, people of color, queer and trans people and other oppressed groups for daring to express an opinion in public.

Even if you're an old hand with the online safety basics, the miscellaneous tips are still unexpected and useful. For example, did you know can use free, throwaway VOIP numbers from Google to conceal your real cell number? Read the rest

Vtech breach dumps 4.8m families' information, toy security is to blame

image_thumb11

Vtech is a ubiquitous Hong Kong-based electronic toy company whose kiddy tablets and other devices are designed to work with its cloud service, which requires parents to set up accounts for their kids. 4.8 million of those accounts just breached, leaking a huge amount of potentially compromising information, from kids' birthdays and home addresses to parents passwords and password hints. Read the rest

France declares state of emergency, gives government Web-blocking, device search powers

France's National Assembly  lit with the colors of the French flag in Paris, Nov. 19, 2015, to honor victims of terrorist attacks. [Reuters]

In the wake of the Paris attacks, the French National Assembly has declared a state of emergency with sweeping powers, without any substantial debate. Included in the bill are the power to order the nation's ISPs to block websites without any judicial review or court order, and for authorities to seize and search electronic devices without a warrant.

Read the rest

Hospitals are patient zero for the Internet of Things infosec epidemic

mri

As I have often noted, medical devices have terrifyingly poor security models, even when compared to the rest of the nascent Internet of Things, where security is, at best, an afterthought (at worst, it's the enemy!). Read the rest

13 million passwords compromised in webhost hack

reset
The web-hosting service 000Webhost stored user passwords as plain text. We know this because 13 million of them were exposed in a five-month old hack whose consequences are only now becoming clear. Read the rest

Previous PageNext page