Articles about password

Archer cracks the ISIS mainframe's password

Brit MP Dorries: I gave my staff the, um, green light to use my login

UK MP Nadine Dorries revealed yesterday that she shares her parliamentary login information with her staff. This was an attempt to defend recently resurfaced allegations about porn allegedly found on fellow politician Damian Green's office computer. Tweeting on Saturday, Dorries disputed the assertion that only Green could …
Business man dressed as a clown

Don't shame idiots about their idiotically weak passwords

Attempting to scare people by telling them their password choices are stupid or easily guessable is counterproductive: because it serves only to reassure them that they are just like everyone else. By saying users are stupid, you perpetuate a stereotype that people are the problem, according to Dr Jessica Barker. Security …
John Leyden, 27 Nov 2017
password

AI slurps, learns millions of passwords to work out which ones you may use next

Eggheads have produced a machine-learning system that has studied millions of passwords used by folks online to work out other passphases people are likely to use. These AI-guessed passwords could be used with today's tools to crack more hashed passwords, and log into more strangers' accounts on systems, than ever before. …
Iain Thomson, 20 Sep 2017

Azure blues: Active Directory Connect has password reset vuln

Microsoft is warning sysadmins to check their Azure Active Directory Connect configurations and implement a patch against a credential-handling vulnerability. The bug's in an Active Directory (AD) feature called password writeback. Azure AD can be configured to copy user passwords back to a local AD environment. A convenience …
Big Ben and Underground sign. Pic: Crown copyright/MoD

UK Parliament hack: Really, a brute-force attack? Really?

Comment Just under 90 Parliamentary email accounts were compromised by a brute force attack on the parliamentary network over the weekend. And there is a long-established technology which can normally see off this kind of attack. Two factor authentication (2FA) technology has been ubiquitous among enterprises as an verification …
John Leyden, 26 Jun 2017

Virgin Media router security flap follows weak password expose

Virgin Media has urged 800,000 customers to change their passwords to guard against possible hacking attack. The move follows an investigation by consumer mag Which? that discovered hackers could access the UK cableco's Super Hub 2 router, allowing access to IoT devices connected through the same home network. The issue stems …
John Leyden, 23 Jun 2017

Ransomware up. Breaches up. What do hackers want? Research, prototypes... all your secrets

Cyberespionage and ransomware attacks are on the increase, according to the latest annual edition of Verizon's breach report. Organisations in manufacturing, the public sector and education bore the brunt of spying attacks, it adds. Mounting high proliferation of propriety research, prototypes and confidential personal data …
John Leyden, 27 Apr 2017

Schneider Electric still shipping passwords in firmware

That “don't use hard-coded passwords” infosec rule? Someone needs to use a needle to write it on the corner of Schneider Electric's developers' eyes so they don't forget it. Yes, it's happened again, this time on the SCADA vendor's Schneider Modicon TM221CE16R, Firmware 1.3.3.3 – and without new firmware, users are stuck, …
Visa

Ever visited a land now under Islamic State rule? And you want to see America? Hand over that Facebook, Twitter, pal

US embassies have been told to examine social media accounts of visa applicants who have ever set foot in Islamic-State-controlled areas. The edict was sent out earlier this month by Secretary of State Rex Tillerson in diplomatic cables. These memos, leaked to journalists and revealed on Friday, direct officials to identify " …
Iain Thomson, 25 Mar 2017

'Sorry, I've forgotten my decryption password' is contempt of court, pal – US appeal judges

The US Third Circuit Court of Appeals today upheld a lower court ruling of contempt against an ex-cop who claimed he couldn't remember the password to decrypt his computer's hard drives. In so doing, the appeals court in Philadelphia avoided addressing a lower court's rejection of the defendant's argument that being forced to …
Thomas Claburn, 20 Mar 2017
Silhouette of spy discerning password from code uses a command on graphic user interface

Digital video recorder installers master password list 'leaked' – claims

Xiongmai, the vendor behind many Mirai-vulnerable DVRs, has earned the consternation of security watchers once again. The vendor's 2017 list of superuser passwords for certain DVRs – designed only for CCTV installers to access customer installations – appears to have leaked online. "If the creds are what we think they are, …
John Leyden, 11 Jan 2017
Password

Stolen passwords integrated into the ultimate dictionary attack

Targeted password guessing turns out to be significantly easier than it should be, thanks to the online availability of personal information, leaked passwords associated with other accounts, and our tendency to incorporate personal data into our security codes. In a paper [PDF] presented at the ACM Conference of Communication …
Thomas Claburn, 15 Nov 2016
WiFi Icon

Your body reveals your password by interfering with Wi-Fi

Modern Wi-Fi doesn't just give you fast browsing, it also imprints some of your finger movements – swipes, passwords and PINs – onto the radio signal. A group of researchers from the Shanghai Jaio Tong University, the University of Massachusetts at Boston, and the University of South Florida have demonstrated that analysing …
Groucho Marx in Duck Soup

Netflix reminds password re-users to run a reset

Netflix has reminded people whose user IDs are circulating in breach-lists to check their security and if necessary reset their passwords. The issue resurfaced late last week, when an Adweek writer posted that he'd received a “reset your password” message: “As part of our regular security monitoring, we discovered that …
Paul Winchell and dummy

You call it 'hacking.' I call it 'investigation'

Something for the Weekend, Sir? Here's a photo of what I had for lunch! Amazing!!! No it isn't amazing. It's your lunch. You gotta see the new 4k TV I bought today! Thanks for giving me a fascinating, if cursive, inventory of your consumer durables. Took Jonesy out for his walk and he chased a rabbit. Nice to have your pet's name. Could be useful. 28 …
Alistair Dabbs, 16 Sep 2016

Going! going! pwned? 200! million! Yahoo! logins! leaked! allegedly!

Updated What's claimed to be the login credentials for 200 million Yahoo! accounts is now on sale through a dark web cybercrime shack. The purported user database dump is being touted by someone called Peace – as in peace_of_mind, the same miscreant who previously sold LinkedIn and Yahoo-owned Tumblr logins – at an asking price of 3 …
John Leyden, 2 Aug 2016

Argos changes 150 easily guessed drop-off system passwords

UK catalogue store chain Argos has changed shop passwords for its drop-off store facility after a Reg reader inadvertently discovered staff relied on weak in-store access credentials to service orders. The reader – who asked not to be named – came across the issue when she went to send two eBay parcels via the Argos drop-off …
John Leyden, 29 Jul 2016
Silhouette of spy discerning password from code uses a command on graphic user interface

Carbonite online backup accounts under password reuse attack

If you're a user of online backup service Carbonite, you're getting a new password. Don't make it one you've used somewhere before. Carbonite has released a statement telling users it's run a system-wide password reset in the face of a password-reuse attack. The company claims its own systems haven't been compromised, but if …

Create a news alert about password, or find more stories about password.

Biting the hand that feeds IT © 1998–2017