Posts Tagged ‘security’
Spreading Passwords over Multiple Locations #security
 |
Spreading Passwords over Multiple Locations #security ??RSA’s new approach is a version of a technique known as threshold cryptography, which has long been explored by researchers. They split the password in chunks and store the chunks over multiple servers.
http://www.technologyreview.com/news/429498/to-keep-passwords-safe-from-hackers-just-break/ To Keep Passwords Safe from Hackers, Just Break Them into Bits – Technology Review
Millions of passwords have been stolen from companies such as LinkedIn and Yahoo. A new approach aims to prevent future heists.
|
 |
Yahoo! Password Leak #security
|
Yahoo! Password Leak
Gina Smith writes about the Yahoo! password leak inTechRepublic and adds a link were you can check whether your password was leaked. I changed my password as soon as I heard, and hope you did too. Luckily my password was not exposed in a form that Sucuri could detect. Even if you were not in the list you should change your password, as this could just have been a partial list and your password could still be floating around.  |
|
Yahoo! Nooooooooo…. #security
|
Yahoo! Nooooooooo….
*sigh* Yahoo! What did you do? Unencrypted passwords? Please tell me it isn’t so… /me = speechless  Nearly Half a Million Yahoo Passwords Leaked – Slashdot
An anonymous reader writes “Some 450,000 email addresses and associated unencrypted passwords have been dumped online by the hacking collective “D33Ds Company” following the compromise of a Yahoo subd…
|
|
FromSpring Passwords Lost
|
FromSpring Passwords Lost
Formspring managed to add itself to the list of companies to misshandle their user’s accounts and lose 420,000 passwords. Unlike LinkedIn, by all accounts, they handled it gracefully and informed their users quite quickly. Additionally, unlike LinkedIn, they disabled all passwords for all the accounts which is exactly what you should do if a breach is discovered. Whether the passwords are sha256 hashed+salted or plain text. The hash is merely a delaying mechanism to ensure that there is a window of time before a vendor needs to have discovered the security incident. Something FormSpring did not do is ask users who use Twitter or FaceBook oauth to create a password when they sign up. Many sites do this to ensure that their users can login without FB or Twitter. This means that I did not need to change my password, as I only had my FB and Twitter accounts linked as my MAIN and only form of identification.  |
|
Bol.com Hacked by Housewife #security
|
Bol.com Hacked by Housewife
Bol.com, a European online retailer, had a leak which exposed the details of 84000 people. The leak was discovered by the organisation of Hacker Housewives at the beginning of this year, and probably due to responsable disclosure agreements was not made public until this last week.  |
|
Encrypted Disks #security #privacy
|
Encrypted Disk
I just saw this question: I have an external 3Tb Hard drive formatted as Mac OS Extended (Journaled, Encrypted) with 10.7.1. Just wondering if 10.6 can also access this external hard drive ? And saw this answer: I strongly recommend against encrypting anything unless you really really really have to. The only one it will ultimately keep away from your data is yourself.  It’s stupid answers like this that allow people to lose their identity when their phone, computer or harddisk is stolen. By encrypting your data you are wisely protecting your data from theft, and ensuring that when you do suffer the loss of a device you don’t compound that loss with your identity or other valuable data. It is in exceptional circumstances that you lose your data due to the encryption, this is not likely to happen.
The first thing I do on my computer is set up an encrypted disk, you should too.
Image source: Sebastian Fritzon
|
|
Privacy Settings
|
Privacy Settings
I like many of the apps that show you the importance of having you privacy settings set up right. Personally I would prefer to have most everything public, with a few exception. I just don’t post anything I wouldn’t tell a stranger. 🙂  |
|
Scandalous Insights
 |
Scandalous Insights
LinkedIn says in their blog: We are working hard to protect you, but there are also steps that you can take to protect yourself, such as:
LinkedIn – you can make it easier for your users to perform these tasks, you could auto expire passwords, have strength indicator, and even verify with other sites that they don’t have the same password: Login with the credentials given You can even implement SPF, DKIM, etc correctly to make your mail better. You don’t implement this security for UX and marketing reasons, instead you implement security to stop your users from being able to use your site better. You don’t, instead you piss on your less tech savvy customers, and place part of the blame on them. I’ve offered multiple times to come and help you fix your stuff – free. I’m sorry that you are idiots! And my offer still stands. Taking Steps To Protect Our Members  |
|
Password Leak June
|
Password Leak June
Today for you in Password Leak June: Last.FM
After earlier news that LinkedIn and others leaked passwords this week, Last.fm marketeers must have been wondering how they too could increase brand awareness. Clearly this is a new meme, so much safer than planking. Although I will be skipping it as I like to have halfway decent software as a starting point. |
 |
Adrianus Warmenhoven
And now Last.fm has leaked passwords:
 Last.fm Password Security Update – Last.fm
The world’s largest online music catalogue, powered by your scrobbles. Internet radio, videos, photos, stats, charts, biographies and concerts.
|
|
Advantage of Saved Passwords
|
Advantage of Saved Passwords
The only password you ever need to remember is the password for your mailaccount, so use complex passwords you can’t remember and have them saved by your browser – preferably with a password on you browser store. When your computer crashes it doesn’t matter as you can simply reset your password for the service as long as you remember to remember your mail password. Chrome
 FireFox
 |
|
