Group items tagged

""Privacy Not Included" is Mozilla's Christmas shopping (anti)-guide to toys and gadgets that spy on you and/or make stupid security blunders, rated by relative "creepiness," from the Nintendo Switch (a little creepy) to the Fredi Baby monitor (very creepy!). Mozilla's reviews include a detailed rationale for each ranking, including whether the product includes encryption, whether it forces a default password change, how easy to understand the documentation is, whether it shares your data for "unexpected reasons," whether it has known security vulnerabilities, whether it has parental controls and more."

"iTunes phishing scams Compromised phones or computers Celebrity passwords/emails as part of a larger password dump (such as the Adobe hack) Mobile-phone or computer-repair individuals abusing access Password reset questions guess Brute force"

"It happened when Hello Kitty's fan site, SanrioTown.com, had its database accessed in late 2015. Here's the catch - it wasn't hacked. According to security researcher Chris Vickery of Kromtech, no hack was necessary. Vickery stated that pretty much anyone could access, "…first and last names, birthday…, gender, country of origin, email addresses, unsalted SHA-1 password hashes, password hint questions, their corresponding answers…," and more."

Your e-mail password may be easier to access than you may have thought.

"They aren't limited by human notions of attention; they can watch everyone at the same time. So while it may be true that using encryption is something the NSA takes special note of, not using it doesn't mean you'll be noticed less. The best defense is to use secure services, even if it might be a red flag. Think of it this way: you're providing cover for those who need encryption to stay alive."

"Serious security flaws that could let attackers steal sensitive data, including passwords and banking information, have been found in processors designed by Intel, AMD and ARM. The flaws, named Meltdown and Spectre, were discovered by security researchers at Google's Project Zero in conjunction with academic and industry researchers from several countries. Combined they affect virtually every modern computer, including smartphones, tablets and PCs from all vendors and running almost any operating system."

32 million passwords compromised - yikes...

"This story is getting squrrelier and squrrelier. Yes, security companies love to hype the threat to sell their products and services. But this goes further: single-handedly trying to create a panic, and then profiting off that panic."

Justin Engler and Paul Vines will demo a robot called the Robotic Reconfigurable Button Basher (R2B2) at Defcon; it can work its way through every numeric screen-lock Android password in 19 hours.

"And if your password can be reverse-engineered to reveal something about you or others like you, how safe or unique is it really."

"But Computercop isn't security software -- quite the opposite; it's classic malware. The software, made in New York by a company that markets to law enforcement, is a badly designed keylogger that stores thingstyped into the keyboard -- potentially everything typed on the family PC -- passwords, sensitive communications, banking logins, and more, all stored on the hard drive, either in the clear, or with weak, easily broken encryption. And Computercop users are encouraged to configure the software to email dumps from the keylogger to their accounts (to spy on their children's activity), so that all those keystrokes are vulnerable to interception by anyone between your computer and your email server. "

""Closer investigation by our team confirmed that hackers were carrying out a sustained and determined attack on all parliamentary user accounts in an attempt to identify weak passwords. These attempts specifically were trying to gain access to our emails. "

"While biometrics may not be the long term alternative to passwords, they are safer to use. Rather than seeing them as separate methods to identify that you are who you say you are, they should instead be viewed as complementary methods that can be used together to verify an individual."

"At 221 of the Fortune 500 companies, Fortune magazine's list of the the top 500 U.S. public corporations ranked by gross revenue, employees' credentials are posted publicly online for hackers to steal and reuse in cyberattacks, according to new research from the web intelligence firm Recorded Future. "

"She recounts the moment when her 13-year-old son Jacob - now 16 - was sent to isolation for refusing to register his fingerprint to use the school canteen. "I went to school and said that I didn't give my consent. As a parent I want to be clear that the decisions I make that affect my children are in their best interests."

"When Vancouver tech retailer NCIX went bankrupt, it stopped paying its bills, including the bills for the storage where its servers were being kept; that led to the servers being auctioned off without being wiped first, containing sensitive data -- addresses, phone numbers, credit card numbers, passwords, etc -- for thousands of customers. Also on the servers: tax and payroll information for the company's employees."

"L&M used a credential stuffing attack: using email addresses gleaned from massive breaches to gain access by repeatedly trying different email/password combinations."