Articles about password

Ransomware up. Breaches up. What do hackers want? Research, prototypes... all your secrets

Cyberespionage and ransomware attacks are on the increase, according to the latest annual edition of Verizon's breach report. Organisations in manufacturing, the public sector and education bore the brunt of spying attacks, it adds. Mounting high proliferation of propriety research, prototypes and confidential personal data …
John Leyden, 27 Apr 2017

Schneider Electric still shipping passwords in firmware

That “don't use hard-coded passwords” infosec rule? Someone needs to use a needle to write it on the corner of Schneider Electric's developers' eyes so they don't forget it. Yes, it's happened again, this time on the SCADA vendor's Schneider Modicon TM221CE16R, Firmware 1.3.3.3 – and without new firmware, users are stuck, …
Visa

Ever visited a land now under Islamic State rule? And you want to see America? Hand over that Facebook, Twitter, pal

US embassies have been told to examine social media accounts of visa applicants who have ever set foot in Islamic-State-controlled areas. The edict was sent out earlier this month by Secretary of State Rex Tillerson in diplomatic cables. These memos, leaked to journalists and revealed on Friday, direct officials to identify " …
Iain Thomson, 25 Mar 2017

'Sorry, I've forgotten my decryption password' is contempt of court, pal – US appeal judges

The US Third Circuit Court of Appeals today upheld a lower court ruling of contempt against an ex-cop who claimed he couldn't remember the password to decrypt his computer's hard drives. In so doing, the appeals court in Philadelphia avoided addressing a lower court's rejection of the defendant's argument that being forced to …
Thomas Claburn, 20 Mar 2017
Silhouette of spy discerning password from code uses a command on graphic user interface

Digital video recorder installers master password list 'leaked' – claims

Xiongmai, the vendor behind many Mirai-vulnerable DVRs, has earned the consternation of security watchers once again. The vendor's 2017 list of superuser passwords for certain DVRs – designed only for CCTV installers to access customer installations – appears to have leaked online. "If the creds are what we think they are, …
John Leyden, 11 Jan 2017
Password

Stolen passwords integrated into the ultimate dictionary attack

Targeted password guessing turns out to be significantly easier than it should be, thanks to the online availability of personal information, leaked passwords associated with other accounts, and our tendency to incorporate personal data into our security codes. In a paper [PDF] presented at the ACM Conference of Communication …
Thomas Claburn, 15 Nov 2016
WiFi Icon

Your body reveals your password by interfering with Wi-Fi

Modern Wi-Fi doesn't just give you fast browsing, it also imprints some of your finger movements – swipes, passwords and PINs – onto the radio signal. A group of researchers from the Shanghai Jaio Tong University, the University of Massachusetts at Boston, and the University of South Florida have demonstrated that analysing …
Groucho Marx in Duck Soup

Netflix reminds password re-users to run a reset

Netflix has reminded people whose user IDs are circulating in breach-lists to check their security and if necessary reset their passwords. The issue resurfaced late last week, when an Adweek writer posted that he'd received a “reset your password” message: “As part of our regular security monitoring, we discovered that …
Paul Winchell and dummy

You call it 'hacking.' I call it 'investigation'

Something for the Weekend, Sir? Here's a photo of what I had for lunch! Amazing!!! No it isn't amazing. It's your lunch. You gotta see the new 4k TV I bought today! Thanks for giving me a fascinating, if cursive, inventory of your consumer durables. Took Jonesy out for his walk and he chased a rabbit. Nice to have your pet's name. Could be useful. 28 …
Alistair Dabbs, 16 Sep 2016

Going! going! pwned? 200! million! Yahoo! logins! leaked! allegedly!

Updated What's claimed to be the login credentials for 200 million Yahoo! accounts is now on sale through a dark web cybercrime shack. The purported user database dump is being touted by someone called Peace – as in peace_of_mind, the same miscreant who previously sold LinkedIn and Yahoo-owned Tumblr logins – at an asking price of 3 …
John Leyden, 2 Aug 2016

Argos changes 150 easily guessed drop-off system passwords

UK catalogue store chain Argos has changed shop passwords for its drop-off store facility after a Reg reader inadvertently discovered staff relied on weak in-store access credentials to service orders. The reader – who asked not to be named – came across the issue when she went to send two eBay parcels via the Argos drop-off …
John Leyden, 29 Jul 2016
Silhouette of spy discerning password from code uses a command on graphic user interface

Carbonite online backup accounts under password reuse attack

If you're a user of online backup service Carbonite, you're getting a new password. Don't make it one you've used somewhere before. Carbonite has released a statement telling users it's run a system-wide password reset in the face of a password-reuse attack. The company claims its own systems haven't been compromised, but if …
Enter your password by https://www.flickr.com/photos/49889874@N05/ cc 2.0 attribution generic https://creativecommons.org/licenses/by/2.0/

GitHub presses big red password reset button after third-party breach

GitHub has reset the passwords of users targeted in an attack this week that relied on using stolen credentials from a breach at a third party site. The software repository itself has not suffered a breach. Hackers behind the assault were trying to break into the accounts of users who had inadvisedly used the same login …
John Leyden, 16 Jun 2016
Azure password rejection note

Microsoft bans common passwords that appear in breach lists

With LinkedIn providing yet more fodder for attackers' rainbow tables and login bots, Microsoft has decided to start blocking too-common passwords. As a result, Azure Active Directory's 10 million or so users will no longer be able to select a password that's appeared too many times on breach lists, or commonly appears in …

Google to kill passwords on Android, replace 'em with 'trust scores'

Google is planning to use “trust scores” to kill off traditional passwords on Android. The internet giant wants to get rid of password logins, at least for Android apps, by 2017. Google outlined its plans at its I/O conference last week. Google's Trust API technology would use a variety of metrics to create a trust score. …
John Leyden, 24 May 2016
dunce_cap_648

You say I mustn’t write down my password? Let me make a note of that

Something for the Weekend, Sir? My desk-side wastepaper basket is full. OK, sure, first world problems and all that, but it’s 8am and I have only just walked in to the office. Why would my bin be full? I haven’t put anything in it yet. Despite being full, this bin does not contain what an office bin is supposed to contain: there’s no half-full coffee cup, …
Alistair Dabbs, 11 Mar 2016
Mobile banking, image via Shutterstock

Third of US banks OK with passwords even social networks reject

Six of 17 major US banks have weaker password enforcement procedures than most social networking websites, according to a new study by an American university. The banks ask users to set up passwords that include letters and special symbols, but a study by researchers at the University of New Haven shows that in around a third …
John Leyden, 3 Mar 2016
SHUT UP!

Lenovo's file-sharing app uses hardwired password '12345678' ... or no password at all

Lenovo ShareIT users, get patching: the PC maker's file-sharing app is pretty much unsecured. The software runs on Windows and Android devices, and creates a Wi-Fi hotspot allowing data to be exchanged – from phone to PC, PC to phone, etc. But the wireless network is pretty much unsecured on both platforms. In ShareIT for …

Create a news alert about password, or find more stories about password.

Biting the hand that feeds IT © 1998–2017