Articles about password

Azure blues: Active Directory Connect has password reset vuln

Microsoft is warning sysadmins to check their Azure Active Directory Connect configurations and implement a patch against a credential-handling vulnerability. The bug's in an Active Directory (AD) feature called password writeback. Azure AD can be configured to copy user passwords back to a local AD environment. A convenience …
Big Ben and Underground sign. Pic: Crown copyright/MoD

UK Parliament hack: Really, a brute-force attack? Really?

Comment Just under 90 Parliamentary email accounts were compromised by a brute force attack on the parliamentary network over the weekend. And there is a long-established technology which can normally see off this kind of attack. Two factor authentication (2FA) technology has been ubiquitous among enterprises as an verification …
John Leyden, 26 Jun 2017

Virgin Media router security flap follows weak password expose

Virgin Media has urged 800,000 customers to change their passwords to guard against possible hacking attack. The move follows an investigation by consumer mag Which? that discovered hackers could access the UK cableco's Super Hub 2 router, allowing access to IoT devices connected through the same home network. The issue stems …
John Leyden, 23 Jun 2017

Ransomware up. Breaches up. What do hackers want? Research, prototypes... all your secrets

Cyberespionage and ransomware attacks are on the increase, according to the latest annual edition of Verizon's breach report. Organisations in manufacturing, the public sector and education bore the brunt of spying attacks, it adds. Mounting high proliferation of propriety research, prototypes and confidential personal data …
John Leyden, 27 Apr 2017

Schneider Electric still shipping passwords in firmware

That “don't use hard-coded passwords” infosec rule? Someone needs to use a needle to write it on the corner of Schneider Electric's developers' eyes so they don't forget it. Yes, it's happened again, this time on the SCADA vendor's Schneider Modicon TM221CE16R, Firmware 1.3.3.3 – and without new firmware, users are stuck, …
Visa

Ever visited a land now under Islamic State rule? And you want to see America? Hand over that Facebook, Twitter, pal

US embassies have been told to examine social media accounts of visa applicants who have ever set foot in Islamic-State-controlled areas. The edict was sent out earlier this month by Secretary of State Rex Tillerson in diplomatic cables. These memos, leaked to journalists and revealed on Friday, direct officials to identify " …
Iain Thomson, 25 Mar 2017

'Sorry, I've forgotten my decryption password' is contempt of court, pal – US appeal judges

The US Third Circuit Court of Appeals today upheld a lower court ruling of contempt against an ex-cop who claimed he couldn't remember the password to decrypt his computer's hard drives. In so doing, the appeals court in Philadelphia avoided addressing a lower court's rejection of the defendant's argument that being forced to …
Thomas Claburn, 20 Mar 2017
Silhouette of spy discerning password from code uses a command on graphic user interface

Digital video recorder installers master password list 'leaked' – claims

Xiongmai, the vendor behind many Mirai-vulnerable DVRs, has earned the consternation of security watchers once again. The vendor's 2017 list of superuser passwords for certain DVRs – designed only for CCTV installers to access customer installations – appears to have leaked online. "If the creds are what we think they are, …
John Leyden, 11 Jan 2017
Password

Stolen passwords integrated into the ultimate dictionary attack

Targeted password guessing turns out to be significantly easier than it should be, thanks to the online availability of personal information, leaked passwords associated with other accounts, and our tendency to incorporate personal data into our security codes. In a paper [PDF] presented at the ACM Conference of Communication …
Thomas Claburn, 15 Nov 2016
WiFi Icon

Your body reveals your password by interfering with Wi-Fi

Modern Wi-Fi doesn't just give you fast browsing, it also imprints some of your finger movements – swipes, passwords and PINs – onto the radio signal. A group of researchers from the Shanghai Jaio Tong University, the University of Massachusetts at Boston, and the University of South Florida have demonstrated that analysing …
Groucho Marx in Duck Soup

Netflix reminds password re-users to run a reset

Netflix has reminded people whose user IDs are circulating in breach-lists to check their security and if necessary reset their passwords. The issue resurfaced late last week, when an Adweek writer posted that he'd received a “reset your password” message: “As part of our regular security monitoring, we discovered that …
Paul Winchell and dummy

You call it 'hacking.' I call it 'investigation'

Something for the Weekend, Sir? Here's a photo of what I had for lunch! Amazing!!! No it isn't amazing. It's your lunch. You gotta see the new 4k TV I bought today! Thanks for giving me a fascinating, if cursive, inventory of your consumer durables. Took Jonesy out for his walk and he chased a rabbit. Nice to have your pet's name. Could be useful. 28 …
Alistair Dabbs, 16 Sep 2016

Going! going! pwned? 200! million! Yahoo! logins! leaked! allegedly!

Updated What's claimed to be the login credentials for 200 million Yahoo! accounts is now on sale through a dark web cybercrime shack. The purported user database dump is being touted by someone called Peace – as in peace_of_mind, the same miscreant who previously sold LinkedIn and Yahoo-owned Tumblr logins – at an asking price of 3 …
John Leyden, 2 Aug 2016

Argos changes 150 easily guessed drop-off system passwords

UK catalogue store chain Argos has changed shop passwords for its drop-off store facility after a Reg reader inadvertently discovered staff relied on weak in-store access credentials to service orders. The reader – who asked not to be named – came across the issue when she went to send two eBay parcels via the Argos drop-off …
John Leyden, 29 Jul 2016
Silhouette of spy discerning password from code uses a command on graphic user interface

Carbonite online backup accounts under password reuse attack

If you're a user of online backup service Carbonite, you're getting a new password. Don't make it one you've used somewhere before. Carbonite has released a statement telling users it's run a system-wide password reset in the face of a password-reuse attack. The company claims its own systems haven't been compromised, but if …
Enter your password by https://www.flickr.com/photos/49889874@N05/ cc 2.0 attribution generic https://creativecommons.org/licenses/by/2.0/

GitHub presses big red password reset button after third-party breach

GitHub has reset the passwords of users targeted in an attack this week that relied on using stolen credentials from a breach at a third party site. The software repository itself has not suffered a breach. Hackers behind the assault were trying to break into the accounts of users who had inadvisedly used the same login …
John Leyden, 16 Jun 2016
Azure password rejection note

Microsoft bans common passwords that appear in breach lists

With LinkedIn providing yet more fodder for attackers' rainbow tables and login bots, Microsoft has decided to start blocking too-common passwords. As a result, Azure Active Directory's 10 million or so users will no longer be able to select a password that's appeared too many times on breach lists, or commonly appears in …

Google to kill passwords on Android, replace 'em with 'trust scores'

Google is planning to use “trust scores” to kill off traditional passwords on Android. The internet giant wants to get rid of password logins, at least for Android apps, by 2017. Google outlined its plans at its I/O conference last week. Google's Trust API technology would use a variety of metrics to create a trust score. …
John Leyden, 24 May 2016

Create a news alert about password, or find more stories about password.

Biting the hand that feeds IT © 1998–2017