Group items tagged

Justin Engler and Paul Vines will demo a robot called the Robotic Reconfigurable Button Basher (R2B2) at Defcon; it can work its way through every numeric screen-lock Android password in 19 hours.

"Dropbox is at the centre of a leak scandal, following the releasing of 400 usernames and passwords by an anonymous user on Pastebin. The hacker claims the initial dump is just a portion of the 6,937,081 Dropbox accounts he claims to have compromised on Tuesday. He then requested Bitcoins in payment before he would allow access to more accounts."

"Nearly 150 million people have been affected by a loss of customer data by Adobe, over 20 times more than the company admitted in its initial statement last week."

"And if your password can be reverse-engineered to reveal something about you or others like you, how safe or unique is it really."

"The hacker compromised the firm's global email server through an "administrator's account" that, in theory, gave them privileged, unrestricted "access to all areas". The account required only a single password and did not have "two-step" verification, sources said."

"TL;DR: all recent macOS devices are no longer safe to use if left alone, even if you have them powered down. The root of trust on macOS is inherently broken They can bruteforce your FileVault2 volume password They can alter your macOS installation They can load arbitrary kernel extensions"

"IDFC Bank has launched an app called Aadhaar Pay that aims to help millions of its citizens without a smartphone to pay for their purchases digitally with just their fingerprint.  Merchants will be able to download the app on their Android smartphones and attach a fingerprint scanner device. To make payments, buyers will only have to choose their bank name, input their unique Aadhaar number and scan their fingerprint, which acts as a password to make the payment directly from their bank account linked to their Aadhaar card."

"While biometrics may not be the long term alternative to passwords, they are safer to use. Rather than seeing them as separate methods to identify that you are who you say you are, they should instead be viewed as complementary methods that can be used together to verify an individual."

"With all the personal data it collects, your wrist-mounted wearable computer is almost definitely going to betray you at some point, whether that's a reminder to get up and do another 5,000 steps this afternoon or accidentally giving away your ATM PIN. According to a new paper, ominously titled "Friend or Foe?: Your Wearable Devices Reveal Your Personal PIN" it is surprisingly simple to determine your PIN or password by reverse-engineering motion sensor data from a smartwatch or fitness tracker."

"They aren't limited by human notions of attention; they can watch everyone at the same time. So while it may be true that using encryption is something the NSA takes special note of, not using it doesn't mean you'll be noticed less. The best defense is to use secure services, even if it might be a red flag. Think of it this way: you're providing cover for those who need encryption to stay alive."

"Naturally, you should do this - but be aware that this situation presents an ideal opportunity to phishers to start sending fake emails, complete with embedded links to the "change password" page - in reality, a website designed to harvest your details."

"Taken as a whole, the information Google collects about users is shockingly complete. The company can mine your emails and Drive documents, track your browsing history, track the videos you watch on YouTube, obtain your WiFi passwords and much more."

"But Computercop isn't security software -- quite the opposite; it's classic malware. The software, made in New York by a company that markets to law enforcement, is a badly designed keylogger that stores thingstyped into the keyboard -- potentially everything typed on the family PC -- passwords, sensitive communications, banking logins, and more, all stored on the hard drive, either in the clear, or with weak, easily broken encryption. And Computercop users are encouraged to configure the software to email dumps from the keylogger to their accounts (to spy on their children's activity), so that all those keystrokes are vulnerable to interception by anyone between your computer and your email server. "