hash

(get it in RSS or Atom)

Canadian spam, New York taxis and Brazilian passwords - 60 Sec Security [VIDEO]

60ss-video-250

Canada goes "opt in", NYC makes a hash, and Brazil forgets its punctuation.

It's 60 Second Security for 28 June 2014!

New York City makes a hash of taxi driver data disclosure

What do you do in your spare time if you're a self-confessed "urbanist, data junkie and civic hacker," like New York resident Chris Whong?

Use Freedom of Information Laws to find out more about NYC's taxi movements, of course...

SourceForge's turn to reset passwords - this time in a good cause!

sf-250

Hot on the heels of eBay's password problems comes a password reset notification from SourceForge.

The good news is that SourceForge's reset is a *proactive* measure, not a reactive one.

SSCC 135 - Flappy Bird frenzy, Talking Angela talkfest, NBC hype, Kickstarter and Forbes [PODCAST]

sscc-135-thumb-250

What happened to Flappy Bird? Why was Talking Angela so talked about? Is internet access at the Winter Olympics in Sochi really a "special danger" situation? What can we learn from the database breaches at Kickstarter and Forbes?

Syrian Electronic Army hacks Forbes, spills 1M user records - here's what you need to know

forbes-500

The SEA made off with more than a million records from the Forbes user database - perhaps including yours! - and published them online.

We already "cracked" a quarter of the Forbes staffer's accounts...Paul Ducklin looks at how well everyone else's password might hold up.

Serious Security: How to store your users' passwords safely

crack-250

Following our popular article explaining what Adobe did wrong with its users' passwords, a number of readers asked us, "Why not publish an article showing the rest of us how to do it right?"

Here you are...

Forum software vendor vBulletin breached - apparently by vBulletin hack

vbull-250

Forum software vendor vBulletin has owned up to a username-and-password breach on its forum.

Guess which forum software the company uses?

Facebook locks users in a closet for using same passwords/emails on Adobe

Facebook locks users in a closet for using same passwords/emails on Adobe

Blessed be Facebook for using this real-world example to 100% back up Naked Security when we proselytize about the evils of password reuse. And if you're worried that Facebook's mining of breached Adobe customer records and quarantining of users is Big Brother-ish, fear not: the company didn't have to store passwords in clear text or pull any other boneheaded security move to know just what its customers' reused passwords are.

Anatomy of a password disaster - Adobe's giant-sized cryptographic blunder

abr-250

Learn how cryptanalysts think, and why cryptographers feel such terrible dismay when companies that really ought to know better make mammoth mistakes.

Paul Ducklin deconstructs the data leaked in Adobe's latest megabreach...

Lessons to learn from the MongoHQ database breach

mongo-hq-250

Cloud-based database services company MongoHQ is in "we'd better fix things" mode this week, following a network intrusion that proves the old adage that once you've been breached, all security bets are off.

Ubisoft customers told "change your passwords *now*"

Ubisoft customers told change your passwords *now*

Ubisoft is urging customers to change their passwords following a breach that exposed user names, email addresses and encrypted passwords.

SSCC 108 - WW2 crypto, Bitcoin mining, internet cameras, password breaches [PODCAST]

image-108-250

Chester calls home from Interop in Las Vegas to record the latest episode of the Sophos Security Chet Chat.

Join Chester and guest Paul Ducklin in their regular quarter-hour podcast as they laugh about (and lament) the latest goings-on in the world of computer security.

50,000,000 usernames and passwords lost as LivingSocial "special offers" site hacked

LivingSocial, the online offers site owned in largish part by Amazon, has just emailed its userbase, said to be 50,000,000-strong, to fess up to a data breach.

Another day, another shed-load of password hashes in the hands of crooks....

Scribd, "world's largest online library," admits to network intrusion, password breach

scribd-250

San Francisco-based document sharing site Scribd has admitted to a network intrusion.

Details are scant, but fortunately a notification published by the company suggests that no more than 1% of users are at risk...

"Rude password - login denied": the AT&T April Fool that wasn't

rude-password-250

Why, and more importantly, *how*, would you go about weeding out rude passwords?

Surely an April Fool?

Paul Ducklin takes a look...

Twitter hacked, at least 250,000 users affected: what you can do to protect yourself

Twitter is the latest web property to admit that intruders seem to have been wandering around its network for some time.

Paul Ducklin investigates and offers some advice on what to do next...

Kim Dotcom's coders hacking on Mega's cryptography even as we speak - true "perpetual beta" style

Kim Dotcom's new venture, Mega, wants to shield itself from accusations of failing to take action against piracy.

It does so by using cryptography to make sure it doesn't see, and indeed cannot tell, what you've uploaded. But you have to get the crypto right...

Kim Dotcom takes issue with critics taking issue with his new MEGA service

The party-time news of the past weekend was the launch of Kim Dotcom's comeback file sharing service, Mega.

Crypto critics have already taken issue with some aspects of Mega's implementation, and Dotcom has taken issue right back at them...

Windows passwords: "Dead in Six Hours" - paper from Oslo password hacking conference

Windows passwords: "Dead in Six Hours" - paper from Oslo password hacking conference

The total number of Windows passwords you can construct using eight keyboard characters is vast: one followed by 16 zeros, or near enough.

Gone in six hours.

Plus you get to heat your house at the same time.

Cracked passwords from the alleged 'Egyptian hacker' Adobe breach

Cracked passwords from the alleged 'Egyptian hacker' Adobe breach

An allegedly Egyptian hacker going by the name ViruS_HimA has allegedly hacked into Adobe.

Wherever the data actually comes from, it reveals yet more poor password hygiene at both the client and the server...find out just how bad.