Items tagged with Passwords
If you use LastPass to manage your passwords, be advised that a recent update fixed a security issue that could allow an attacker to steal your login credentials. The issue is resolved in LastPass 4.33.0. However, if you do not have LastPass configured to update automatically, it is advised that you manually patch it as soon as possible. Tavis Ormandy, a security researcher with Google's Project Zero team, discovered the flaw and posted details on how to reproduce the issue. The attack vector leverages JavaScript, so an attacker need only configure a malicious webpage to exploit the vulnerabilities. It is not all that complicated for an attacker to pull this off. It essentially involves tricking...
Read more...
Microsoft is rolling out a new Windows 10 test build to Windows Insiders in the Fast ring. The new build (18936) contains a few new noteworthy features, the most interesting of which is a passwordless login. Not every Windows Insider will see the setting, however, as Microsoft is limiting the roll out to a "small portion" of users in the early going. Insiders can enable the feature by going to Settings > Accounts > Sign-in options and selecting On under Make your device passwordless. "Enabling passwordless sign in will switch all Microsoft accounts on your Windows 10 device to modern authentication with Windows Hello Face, Fingerprint, or PIN. Don’t have Windows Hello set up yet?...
Read more...
A widely used banking Trojan that has been wreaking havoc in the wild for over a decade has developed a new ability. Called Qakbot (or Qbot for short), the Trojan has been found to be using an updated persistence mechanism that can make it more difficult for users to detect and subsequently remove from infected systems, security researchers say. On infected systems, Qakbot attempts to steal login credentials, with the ultimate goal of draining a victim's bank account. It does this by utilizing scheduled tasks to maintain persistence. However, those tasks have been updated to evade detection, making an already pesky piece of malware even more bothersome. "Victims of this malware are typically...
Read more...
There are few things more annoying in the modern world than having to change your password every few months. Experts have long argued that password reset rules do little to actually promote security. Microsoft is the latest company to propose dropping password expiration policies. Aaron Margosis the Principal Consultant with Microsoft Public Sector Services, recently remarked that, “periodic password expiration is an ancient and obsolete mitigation of very low value.” Margosis first noted that the amount of time between password changes is ridiculously long. If a password has been stolen, then the account password needs to be changed immediately. A 60-90 day interval will not prevent...
Read more...
It is bad practice to use the same password for multiple accounts, because even if only one of them is compromised in a security breach, then all of the accounts are compromised. That is where password managers like LastPass come in handy. Are they truly secure, though? A new report sheds light on the shortcomings of popular password managers. If you're not familiar with password managers, they generate and store hard-to-guess passwords, allowing you to secure your different accounts with different complex strings of characters and symbols. These are accessed by a master password. The benefit is that you only have to remember a single password, but can secure your many different accounts on the...
Read more...
The October 2018 Update for Windows 10 may have gotten off to a rocky start, but that has not deterred Microsoft from forging ahead with its next major update, which is due out sometime in the first half of this year. As work progresses on its next major update, Microsoft has made available a new test build to Windows Insiders who are subscribed to the Fast ring, and with it comes a few interesting changes. For one, Microsoft has disabled Cortana's voice-over instructions during the installation phase, based on user feedback. This default setting applies to Windows 10 Pro, Enterprise, and Education editions—if you're performing a clean installation of Windows 10 Home, Cortana will still...
Read more...
Have you ever used the same password for multiple accounts? Maybe it's not particularly secure, either, because the really good ones are harder to remember—and no, 'monalisa' is not a secure password. Most will agree that password management is a pain in the backside, and if you wish there was a better way, well, Microsoft hears you. If Microsoft has its way, traditional password entry will go the way of the dodo bird. "Nobody likes passwords. They are inconvenient, insecure, and expensive. In fact, we dislike them so much that we’ve been busy at work trying to create a world without them—a world without passwords," Microsoft states in a blog post. So what's the alternative?...
Read more...
How good are you at remembering passwords? If you're like most computer users, probably not very good at all. Given the dozens (or more) websites that we interact with on a daily basis, remembering long and complicated passwords can be a chore. Some users take advantage of browser autofill technology to help take the sting out of remembering tedious passwords, while others simply use the same basic, insecure password for every secure site that they visit. Those in the latter category are prone to being compromised, as we've recently reported. Given how insecure passwords have become these days, Microsoft is trying to push us towards what it thinks is a viable alternative. The answer, of course,...
Read more...
Imagine locking your front door with a strip of tape. Not even duct tape, mind you, but Scotch tape or an easily tearable strip of masking tape. That would be pretty foolish, right? We don't know of anyone who does that, but astonishingly, the most commonly used passwords to protect online accounts are just as weak. Security outfit SplashData complied a list of the 25 most prevalent passwords of 2017, and topping the list is "123456." That one has been a go-to password for several years now. One of the newer entries, however, is "starwars," which isn't all that surprising given the buzz around the Star Wars franchise and release of The Last Jedi. "Unfortunately, while the newest episode may be...
Read more...
We all know we should be changing our passwords on a frequent basis, at probably every quarter in general (and more or less often depending on the type of account and what information is accessible). It is easy to overlook, however, at least until something serves as a reminder. Well, let a recent leak hundreds of millions of email accounts by a spambot serve as that reminder. A security researcher in Paris who goes by "Benkow" is spreading the word on what he found, which is an open web server hosted in the Netherlands storing dozens of text files containing email addresses, passwords, and email servers used to send spam. Spammer's have been using those credentials for a massive malware campaign....
Read more...
In what is being described as the largest security breach of 2016, hackers stole over 400 million user credentials spanning two decades of customer data from Friend Finder Network, Inc., the company that owns and operates several adult-themed websites, including the online dating and hookup site AdultFriendFinder.com. This is also the second time in two years Friend Finder has been hacked. The bulk of compromised accounts came from AdultFriendFinder, the "world's largest sex and swinger community," which coughed up more than 339 million accounts. Hackers used a local file inclusion exploit to break in and steal customer data. Among the account information collected were over 15 million deleted...
Read more...
More details about a previously disclosed security breach at cloud storage provider Dropbox have come to light. The hack itself is old news—it occurred back in 2012—but what's new is how many users were affected by it. Hackers made off with details belonging to north of 68 million Dropbox users, prompting a mass password reset. The folks at Motherboard got their mitts on a sample of files containing email addresses and hashed passwords of users affected by the Dropbox hack. The information is contained in four files totaling about 5GB, with details of 68,680,741 accounts. Apparently a senior Dropbox employee confirmed with the site that the info is real. It's a bit sobering to see so many...
Read more...
Data breaches happen all too frequently to companies both big and small. The latest victim is Opera Software, the Scandinavian outfit behind the Opera browser that's especially popular on mobile devices. Opera's security team said it detected signs of a attack on its sync system, and though the hack was quickly blocked, it believes the culprit(s) still made off with some stolen data. Users who take advantage of Opera's sync feature had their account details compromised in the attack, including their passwords and login names. Though Opera only stores encrypted (for synchronized passwords) or hashed and salted (for authentication) passwords in its system, it took the precautionary step of resetting...
Read more...
Has it been a long time since you've changed up your passwords? Now is a good time to think about doing so. A hacker or band of hackers obtained the login credentials of 45 million Internet users spread across 1,100 websites and communities, including many major and popular online destinations such as Motorcycle.com, Mothering.com, and others. The folks at LeakedSource, a breach notification website, says VerticalScope and all of its domains were hacked in February of this year. It's not known how the attack was carried out, though LeakedSource surmises that VerticalScope stored too much data on interconnected servers—hacking into one server could have allowed the culprit(s) access to other...
Read more...
