Articles about passwords

Crypto-busters reverse nearly 320 MEELLION hashed passwords

The anonymous CynoSure Prime “cracktivists” who two years ago reversed the hashes of 11 million leaked Ashley Madison passwords have done it again, this time untangling a stunning 320 million hashes dumped by Australian researcher Troy Hunt. CynoSure Prime's previous work pales compared to what's in last week's post. Hunt, of …

Facebook users pwnd by phone with account recovery vulnerability

Facebook account recovery using pre-registered mobile numbers is poorly implemented and open to abuse, according to critic James Martindale. Martindale wrote an article on Medium, titled I kinda hacked a few Facebook accounts using a vulnerability they won't fix, highlighting his concerns in a bid to push the social network …
John Leyden, 17 Jul 2017

1Password won't axe private vaults. It'll choke 'em to death instead

The maker of password manager 1Password says it will not force its users to stop using private password vaults – as it sweeps this local storage functionality under the rug. There was growing alarm in the computer security community this week that 1Password local vaults were going to be a thing of the past. Basically, if you …
Shaun Nichols, 13 Jul 2017
sir_humphrey_screengrab_648

Russian hackers selling login credentials of UK politicians, diplomats – report

Russians hackers are trading the email addresses and passwords of top UK politicians and diplomats. The login credentials of thousands of British politicians, ambassadors and other top officials are getting traded on the dark net, The Times reports. Even though the data is old and in some ways past its sell-by date, it still …
John Leyden, 23 Jun 2017
Rabbani

Bloke charged under UK terror law for refusing to cough up passwords

British police have charged a man under antiterror laws after he refused to hand over his phone and laptop passwords. Muhammad Rabbani, international director of CAGE, was arrested at Heathrow in November after declining to unlock his devices, claiming they contained confidential testimony describing torture in Afghanistan as …
Iain Thomson, 18 May 2017
Mobile banking, image via Shutterstock

Realistic Brits want at least 3 security steps on bank accounts

Three in five Brits reckon that fewer than three security steps – including passwords, card readers or letters from a memorable word – are insufficient to assure their bank account is secure and not accessible by other people. The online survey, conducted by YouGov and sponsored by credit reference agency Equifax, found just …
John Leyden, 8 May 2017
Penguins surround laptop. Pic by Shutterstock

Kali Linux can now use cloud GPUs for password-cracking

Think passwords, people. Think long, complex passwords. Not because a breach dump's landed, but because the security-probing-oriented Kali Linux just got better at cracking passwords. Kali is a Debian-based Linux that packs in numerous hacking and forensics tools. It's well-regarded among white hat hackers and investigators, …
Simon Sharwood, 28 Apr 2017

After blitzing FlexiSpy, hackers declare war on all stalkerware makers: 'We're coming for you'

A Brit biz selling surveillance tools that can be installed on phones to spy on spouses, kids, mates or employees has been comprehensively pwned by hackers – who promise similar stalkerware peddlers are next. The miscreants, supposedly Brazilian and dubbing themselves the Decepticons, have explained how they, allegedly, easily …
Iain Thomson, 25 Apr 2017
password

'Password rules are bullsh*t!' Stackoverflow Jeff's rage overflows

Jeff Atwood, founder of the popular coding site Stack Overflow, has published an extended and entertaining rant about the lamentable state of password policy among developers. The post, subtly titled "Password rules are bullshit," points out that the current format for password rules, such as including a certain mix of …
Iain Thomson, 11 Mar 2017

Video intercom firm Doorbird wants $80 for device password resets

Video doorbell company Doorbird charges its customers $80 for a remote admin password reset, an outraged customer has said. Robin Hunt told The Register: “I bought a DoorBird IoT intercom. Then my mobile phone broke, which had the admin password on it, so I mailed them and asked what to do.” The company responded by sending …
Gmail icon photo by I AM NIKOM via Shutterstock

Mysterious Gmail account lockouts prompt hack fears

Updated A substantial number of Gmail users have been affected by a potential but unconfirmed hack of unknown origin or purpose. El Reg learnt of the issue following a tip from a self-described "very security conscious" IT professional who got locked out of his Gmail account. This happened after one of his security phone numbers was …
John Leyden, 24 Feb 2017
Semaphore hello

Boffins exfiltrate data by blinking hard drives' LEDs

That roll of tape you use to cover the Webcam? Better use some of it on your hard-drive LED, because it can be a data exfiltration vector. Exfiltration experts from Ben-Gurion University of the Negev's Cyber Security Research Center have added to previous techniques like fan modulation, GSM transmissions, or listening to the …
Stamos Tabriz fireside chat

Human memory, or the lack of it, is the biggest security bug on the 'net

Usenix Enigma 2017 The life of the security IT professional would be a lot easier if people were capable of remembering enough passwords so that they didn't need to reuse them. That was the considered opinion of Facebook’s head of security Alex Stamos and Google’s security princess (her actual Chocolate Factory job title) and Enigma 2017 …
Iain Thomson, 31 Jan 2017
Tripping over

You're taking the p... Linux encryption app Cryptkeeper has universal password: 'p'

Linux encryption app Cryptkeeper has a bug that causes it to use a single-letter universal decryption password: "p". The flawed version is in Debian 9 (Stretch), currently in testing, but not in Debian 8 (Jessie). The bug appears to be a result of a bad interaction with the encfs encrypted filesystem's command line interface: …
Darren Pauli, 31 Jan 2017
Donald Trump thumbs up photo via Shutterstock

Trump's 'cyber tsar' Giuliani among creds leaked in mass hacks

Passwords used by Donald Trump's incoming cybersecurity advisor Rudy Giuliani and 13 other top staffers have been leaked in mass hacks, according to a Channel 4 investigation. Giuliani, incoming national security advisor Lt Gen Michael Flynn and various cabinet members of Trump's administration had their details included in …
John Leyden, 20 Jan 2017

McDonald's forget hash, browns off security experts

Dutch software engineer Tijme Gommers has revealed a still-active reflected cross-site scripting vulnerability and borked password controls in McDonald's main website that could be fodder for phishing attacks. The attack, reported on Gommers' blog, is possible thanks to an Angular expression injection vuln present in mcdonalds …
Darren Pauli, 16 Jan 2017
fail

Just give up: 123456 is still the world's most popular password

The security industry's ongoing efforts to educate users about strong passwords appears to be for naught, with a new study finding the most popular passwords last year were 123456 and 123456789. Keeper Security wonks perused breached data dumps for the most popular passwords when they made the despondent discovery. Some 1.7 …
Darren Pauli, 16 Jan 2017
Hippie peace, image via Shutterstock

Peace-sign selfie fools menaced by fingerprint-harvesting tech

Researchers from Japan's National Institute of Informatics say people's fingerprints could be extracted from photographs using yet-to-be built technology. The eggheads warn that fingerprints can be copied from photographs snapped up to three metres from targets. Prints would need to be captured clearly in strong lighting, …
Darren Pauli, 12 Jan 2017

Create a news alert about passwords, or find more stories about passwords.

Biting the hand that feeds IT © 1998–2017