Search the Community
Showing results for tags 'passwords'.
Found 5 results
-
Data thieves used a massive “botnet” against professional networking site LinkedIn and stole member’s personal information, a new lawsuit reveals. The Mountain View firm filed the federal suit this week in an attempt to uncover the perpetrators. “LinkedIn members populate their profiles with a wide range of information concerning their professional lives, including summaries (narratives about themselves), job histories, skills, interests, educational background, professional awards, photographs and other information,” said the company’s complaint, filed in Northern California U.S. District Court. “During periods of time since December 2015, and to this day, unknown persons and/or entities employing various automated software programs (often referred to as ‘bots’) have extracted and copied data from many LinkedIn pages.” View the full article -
If you don’t already have iOS 9.3.3, you better download and install it — quick. Cisco Talos, a security and research group, recently discovered a bug in Mac and iPhones that allows hackers to steal passwords with a single text message. The researchers at Cisco Talos alerted Apple, and the tech company immediately worked on a patch, which was released this week. “This is very high severity issue,” Craig Wiliams, head of global outreach at Cisco Talos, told Fortune. “The fact that you have an exploit without any user interaction makes me very concerned.” Although the iOS update is out, it doesn’t automatically install itself — people who own iPhones have to download and install the update themselves. View the full article
-
Not two weeks ago, LinkedIn made big data breach news when hackers claimed to have more than 100 million usernames and passwords up for sale. Fortunately, the data wasn’t new, coming from a breach that happened four years ago. What was new was the size of the list that was up for sale, nearly 20 times the size of the 6.5 million passwords that were reported to have been stolen back in June 2012. The LinkedIn breach was made worse by the way the passwords were stored, using unsalted SHA-1 hashes. What that means is that although LinkedIn didn’t keep your actual password, it didn’t do enough to secure it against a breach. View the full article
-
QuickType, Apple’s new predictive keyboard featured on the iPhone, iPod touch and iPad devices running iOS 8, is reportedly plagued with a potentially dangerous oversight where the software would suggest parts of your passwords that you previously used on websites, as first reported by French-language blog iGen.fr [Google Translate]. A new thread on Apple’s Support Communities website includes a note by one user who reported the keyboard offering “OrangeJuice†as a suggestion each time he would type in “AppleUser†because QuickType remembered the “OrangeJuice!2†password he previously used to log in to Outlook Web App. View the full article
-
California-based password management software specialist SplashData has released the results of its annual list of the internet’s worst passwords. For the first time "password" has been knocked off the number one slot. This doesn’t mean people are getting more security minded, however, as it's been replaced by the equally obvious "123456". SplashData compiles the list from files containing stolen passwords posted online during the previous year. This year's list is heavily influenced by the large number of Adobe user passwords posted online following the company's 2013 security breach. Morgan Slain, CEO of SplashData says, "Seeing passwords like 'adobe123' and 'photoshop' on this list offers a good reminder not to base your password on the name of the website or application you are accessing". The list shows that people continue to put themselves at risk by using weak passwords. "Another interesting aspect of this year's list is that more short numerical passwords showed up even though websites are starting to enforce stronger password policies," Slain says. So password pickers, here are the top 25 worst choices of 2013: SplashData offers some tips on making your passwords more secure. These include using passwords that are eight characters or more in length and which use a mix of characters. But it warns that even passwords which use common l33t-style substitutions like "dr4mat1c" can be vulnerable to attackers' increasingly sophisticated technology. It recommends using passphrases, combinations of short words separated by spaces -- or other characters if the site doesn’t allow this -- for example "cakes years birthday" or "smiles_light_skip?" It also recommends not using the same password for multiple websites, especially risky is using the same password for websites as you do for banking or email. If you have trouble remembering all of your passwords, SplashData naturally recommends using a password manager application like its Splash ID Safe to take care of them. View the full article