Items tagged with Passwords
A widely used banking Trojan that has been wreaking havoc in the wild for over a decade has developed a new ability. Called Qakbot (or Qbot for short), the Trojan has been found to be using an updated persistence mechanism that can make it more difficult for users to detect and subsequently remove from infected systems, security researchers say. On infected systems, Qakbot attempts to steal login credentials, with the ultimate goal of draining a victim's bank account. It does this by utilizing scheduled tasks to maintain persistence. However, those tasks have been updated to evade detection, making an already pesky piece of malware even more bothersome. "Victims of this malware are typically...
Read more...
There are few things more annoying in the modern world than having to change your password every few months. Experts have long argued that password reset rules do little to actually promote security. Microsoft is the latest company to propose dropping password expiration policies. Aaron Margosis the Principal Consultant with Microsoft Public Sector Services, recently remarked that, “periodic password expiration is an ancient and obsolete mitigation of very low value.” Margosis first noted that the amount of time between password changes is ridiculously long. If a password has been stolen, then the account password needs to be changed immediately. A 60-90 day interval will not prevent...
Read more...
It is bad practice to use the same password for multiple accounts, because even if only one of them is compromised in a security breach, then all of the accounts are compromised. That is where password managers like LastPass come in handy. Are they truly secure, though? A new report sheds light on the shortcomings of popular password managers. If you're not familiar with password managers, they generate and store hard-to-guess passwords, allowing you to secure your different accounts with different complex strings of characters and symbols. These are accessed by a master password. The benefit is that you only have to remember a single password, but can secure your many different accounts on the...
Read more...
The October 2018 Update for Windows 10 may have gotten off to a rocky start, but that has not deterred Microsoft from forging ahead with its next major update, which is due out sometime in the first half of this year. As work progresses on its next major update, Microsoft has made available a new test build to Windows Insiders who are subscribed to the Fast ring, and with it comes a few interesting changes. For one, Microsoft has disabled Cortana's voice-over instructions during the installation phase, based on user feedback. This default setting applies to Windows 10 Pro, Enterprise, and Education editions—if you're performing a clean installation of Windows 10 Home, Cortana will still...
Read more...
Have you ever used the same password for multiple accounts? Maybe it's not particularly secure, either, because the really good ones are harder to remember—and no, 'monalisa' is not a secure password. Most will agree that password management is a pain in the backside, and if you wish there was a better way, well, Microsoft hears you. If Microsoft has its way, traditional password entry will go the way of the dodo bird. "Nobody likes passwords. They are inconvenient, insecure, and expensive. In fact, we dislike them so much that we’ve been busy at work trying to create a world without them—a world without passwords," Microsoft states in a blog post. So what's the alternative?...
Read more...
How good are you at remembering passwords? If you're like most computer users, probably not very good at all. Given the dozens (or more) websites that we interact with on a daily basis, remembering long and complicated passwords can be a chore. Some users take advantage of browser autofill technology to help take the sting out of remembering tedious passwords, while others simply use the same basic, insecure password for every secure site that they visit. Those in the latter category are prone to being compromised, as we've recently reported. Given how insecure passwords have become these days, Microsoft is trying to push us towards what it thinks is a viable alternative. The answer, of course,...
Read more...
Imagine locking your front door with a strip of tape. Not even duct tape, mind you, but Scotch tape or an easily tearable strip of masking tape. That would be pretty foolish, right? We don't know of anyone who does that, but astonishingly, the most commonly used passwords to protect online accounts are just as weak. Security outfit SplashData complied a list of the 25 most prevalent passwords of 2017, and topping the list is "123456." That one has been a go-to password for several years now. One of the newer entries, however, is "starwars," which isn't all that surprising given the buzz around the Star Wars franchise and release of The Last Jedi. "Unfortunately, while the newest episode may be...
Read more...
We all know we should be changing our passwords on a frequent basis, at probably every quarter in general (and more or less often depending on the type of account and what information is accessible). It is easy to overlook, however, at least until something serves as a reminder. Well, let a recent leak hundreds of millions of email accounts by a spambot serve as that reminder. A security researcher in Paris who goes by "Benkow" is spreading the word on what he found, which is an open web server hosted in the Netherlands storing dozens of text files containing email addresses, passwords, and email servers used to send spam. Spammer's have been using those credentials for a massive malware campaign....
Read more...
In what is being described as the largest security breach of 2016, hackers stole over 400 million user credentials spanning two decades of customer data from Friend Finder Network, Inc., the company that owns and operates several adult-themed websites, including the online dating and hookup site AdultFriendFinder.com. This is also the second time in two years Friend Finder has been hacked. The bulk of compromised accounts came from AdultFriendFinder, the "world's largest sex and swinger community," which coughed up more than 339 million accounts. Hackers used a local file inclusion exploit to break in and steal customer data. Among the account information collected were over 15 million deleted...
Read more...
More details about a previously disclosed security breach at cloud storage provider Dropbox have come to light. The hack itself is old news—it occurred back in 2012—but what's new is how many users were affected by it. Hackers made off with details belonging to north of 68 million Dropbox users, prompting a mass password reset. The folks at Motherboard got their mitts on a sample of files containing email addresses and hashed passwords of users affected by the Dropbox hack. The information is contained in four files totaling about 5GB, with details of 68,680,741 accounts. Apparently a senior Dropbox employee confirmed with the site that the info is real. It's a bit sobering to see so many...
Read more...
Data breaches happen all too frequently to companies both big and small. The latest victim is Opera Software, the Scandinavian outfit behind the Opera browser that's especially popular on mobile devices. Opera's security team said it detected signs of a attack on its sync system, and though the hack was quickly blocked, it believes the culprit(s) still made off with some stolen data. Users who take advantage of Opera's sync feature had their account details compromised in the attack, including their passwords and login names. Though Opera only stores encrypted (for synchronized passwords) or hashed and salted (for authentication) passwords in its system, it took the precautionary step of resetting...
Read more...
Has it been a long time since you've changed up your passwords? Now is a good time to think about doing so. A hacker or band of hackers obtained the login credentials of 45 million Internet users spread across 1,100 websites and communities, including many major and popular online destinations such as Motorcycle.com, Mothering.com, and others. The folks at LeakedSource, a breach notification website, says VerticalScope and all of its domains were hacked in February of this year. It's not known how the attack was carried out, though LeakedSource surmises that VerticalScope stored too much data on interconnected servers—hacking into one server could have allowed the culprit(s) access to other...
Read more...
It doesn't matter who you are or how much money you make, if you don't practice good security habits on the web you're likely to get hacked. Case in point, Mark Zuckerberg, the billionaire whiz kid and co-founder of Facebook, the most popular social media site on the planet, had his Twitter and Pinterest accounts hacked into over the weekend. To be fair, Zuckerberg is a bigger target than most people, but that wasn't the real reason his social media accounts outside of Facebook were compromised. It's because he was lazy with security, both with the password he chose and in reusing the same one for multiple websites and services. That's a major no-no if you care at all about staying in control...
Read more...
Using passwords as a form of security may not be long for this world, not if Google gets its way. The Mountain View outfit's ATAP (Advanced Technology and Projects) division is hard at work on Project Abacus, a scheme that relies on biometric data to determine a person's identity rather than relying on traditional password input. Core to Project Abacus is a "Trust Score" that takes into account a variety of factors. One of the biggest ones is your physical location, though it's far from the only way Project Abacus calculates the likelihood that you are who you claim to be. It also analyzes things like how you type and speak, facial recognition, and so forth. "Last year we talked about Project...
Read more...
