(get it in RSS or Atom)

Anatomy of a brute force attack - how important is password complexity?


Is eight characters enough for a password?

If not, what about nine?

Just when you thought it was safe to go back in the water (closet)!


So many vulnerabilities are doom-and-gloom that you'd be forgiven for wondering if there are ever any at which you are allowed an uncomplicated chuckle.

The guys at Trustwave found one!

Lakeland hacked and passwords reset, customers advised to change passwords elsewhere

Lakeland hacked and passwords reset, customers advised to change passwords elsewhere

Lakeland has suffered a "sophisticated and sustained" attack in which two encrypted databases were accessed. It says it's found no evidence that data was stolen but has reset customers' passwords to be on the safe side.

Ubisoft customers told "change your passwords *now*"

Ubisoft customers told change your passwords *now*

Ubisoft is urging customers to change their passwords following a breach that exposed user names, email addresses and encrypted passwords.

Anatomy of a cryptoglitch - Apple's iOS hotspot passphrases crackable in 50 seconds


If you use your iPhone or iPad as a Wi-Fi hotspot, don't let it generate the passphrase for you.

A posse of German computer scientists has found that Apple's iOS passphrase generator may give you less than a minute of security.

Biostamps - freedom from password tyranny, or Hollywood science?

Biostamps - freedom from password tyranny, or Hollywood science?

Last week Motorola execs showed off experimental biostamps - digital "tattoos" capable of authenticating you to your phone. Could this be the ultimate solution to the problem of authentication and passwords, or is it just a sci-fi pipe dream?

What WERE they thinking? Internet-enabled cameras under the security lens once again...

Vulnerability researchers at Core Security recently turned their attention on internet-enabled cameras, finding lots of holes.

And when security holes arise from features, not bugs, you really do feel like shouting aloud, "What WERE they thinking?"

50,000,000 usernames and passwords lost as LivingSocial "special offers" site hacked

LivingSocial, the online offers site owned in largish part by Amazon, has just emailed its userbase, said to be 50,000,000-strong, to fess up to a data breach.

Another day, another shed-load of password hashes in the hands of crooks....

Beware Twitter "password check" sites - there are fakes, and there are fake fakes!


After a widely publicised hack or data breach, you'll often find "password check" sites springing up.

Some of them are legitimate, but other password check sites are as bogus as they sound on the surface...

55% of net users use the same password for most, if not all, websites. When will they learn?

55% of net users use the same password for most, if not all, websites

A study by Ofcom, the UK communications watchdog, has unearthed some appalling statistics which reveal just how badly the general public treat password security.

You won't believe how crazy this password infomercial is (and neither did Ellen DeGeneres) [VIDEO]

Password security infomerical leaves Ellen DeGeneres in disbelief.. and it will you too [VIDEO]

When there's nothing funny on American TV, you can always rely upon an infomerical selling some crazy product to have you chuckling or simply agog in disbelief that anyone would ever buy such a thing.

Watch this video, you won't believe your eyes.

WordPress blogs and more under global attack - check your passwords now!

If you have a web service that supports remote users, you will know that malevolent login attempts are an everyday occurrence.

But hosting providers worldwide are reporting an onslaught at well above average levels...

When is a password not a password? When Excel sees "VelvetSweatshop" [VIDEO]

When is a password not a password? When Excel sees VelvetSweatshop

Malware researcher Paul Baccas reveals how an Excel spreadsheet using the password "VelvetSweatshop" could be designed to put your computer at risk.

Anatomy of an exploit - Linksys router remote password change hole


A security researcher from California has published a how-to guide detailing a number of exploits against various Linksys routers.

Paul Ducklin looks at the ominous sounding "EA2700 Password Change Insufficient Authentication and CSRF Vulnerability"...

Movie site Vudu resets passwords after burglar nabs hard drives

Video site Vudu resets passwords after burglar nabs hard drives

Burglars broke into offices at video service Vudu late last month and stole hard drives containing customers' personal data, the company told customers in an email sent on Tuesday. boosts security for bloggers with two-factor authentication

With powering more than 60 million websites worldwide, anything to improve the safety and security of its users is to be welcomed.

Paul Ducklin tries out the new WordPress 2FA service on his Naked Security account...

Scribd, "world's largest online library," admits to network intrusion, password breach


San Francisco-based document sharing site Scribd has admitted to a network intrusion.

Details are scant, but fortunately a notification published by the company suggests that no more than 1% of users are at risk...

"Rude password - login denied": the AT&T April Fool that wasn't


Why, and more importantly, *how*, would you go about weeding out rude passwords?

Surely an April Fool?

Paul Ducklin takes a look...

Apple introduces two-factor verification for Apple IDs


After celebrity Web 2.0 journalist Mat Honan had all his iDevices remote-wiped by a cybercrook last year, Apple's login security has been under scrutiny.

Good news! Apple has finally bitten the bullet and started offering two-factor verification for Apple ID users...