passwords

(get it in RSS or Atom)

Thousands of computers open to eavesdropping and hijacking

Thousands of computers open to eavesdropping and hijacking

Many, many people and businesses are running a remote access tool, Virtual Network Computing, without a password. The tool lets people see everything we do online or reach through and take over our systems. The list of exposed sites is astonishing: everything from power stations to pharmacies to people watching porn.

The top 5 privacy failures - what's the most epic fail of all? [POLL]

Epic privacy fails

The list of culprits in our eroding privacy is long, but some privacy fails stand out above the rest. So we're calling out five privacy killers that deserve an extra level of shaming.

Take our poll, and help us crown the most epic privacy fail of all ...

The data breach apocalypse that wasn't - 60 Sec Security [VIDEO]

60ss-video-250

Malware, spam and hacking - and not all bad news, either!

Watch 60 Second Security for Aug 9, 2014...

SSCC 159 - What can we learn from the "honeybot"? [PODCAST]

chet-chat-logo-featured-250

For your listening pleasure!

Here's this week's episode of the Sophos Security Chet Chat podcast...

Mozilla database leaks 76,000 email addresses, 4,000 passwords

Mozilla database leaks 76,000 email addresses, 4,000 passwords

Email addresses and encrypted passwords of thousands of Mozilla developers were accidentally exposed for a month - and there are no guarantees that they were not snaffled up by those with ill intent.

Monday review - the hot 22 stories of the week

dow-250

Make sure you're up to date with everything we wrote in the last seven days - it's weekly roundup time.

How to burn a password into your brain

How to burn a password into your brain

It turns out that it can actually be surprisingly easy to train people to memorise a 56-bit password or passphrase, two researchers found.

World Cup security well executed if you don't count the Wi-Fi

Soccer250

The company providing security for one of the World Cup venues in Brazil accidentally posted a photo containing the secret Wi-Fi password. Does it really matter? Was it even a secret to begin with?

"Open the iPhone door, Siri!" - Apple's digital helper coughs up another lock screen hole

iphone-5-lock-screen-250

A hacker has found a way to bypass the iPhone 5 lock screen to get at your contacts. Ironically, he got in by asking Siri, Apple's voice-activated "helper."

Here's how to close the hole while you wait for Apple's fix...

AOL Mail accounts breached, users advised to change passwords

AOL Mail accounts breached, users advised to change passwords

AOL users, change your passwords. AOL said it is investigating a large-scale breach of AOL Mail accounts in which user passwords, security questions, mail addresses, and contact lists were compromised.

Samsung Galaxy S5 fingerprint reader hacked - it's the iPhone 5s all over again!

samsung_galaxy_s5_fingerprint_scanner-250

The Samsung Galaxy S5 fingerprint scanner can be fooled with wood glue, just like Apple's "Touch ID" sensor in the iPhone 5s.

So why are both Apple and Samsung touting fingerprint scanners as more secure than passwords?

Is Amazon hacking our apps? Or doing us all a security favour?

aws-1-250

A war of words that started out as a fairly stinging criticism of Amazon has mellowed out into praise for the cloud services behemoth.

It seems that Amazon is checking mobile apps for security risks, and heaping advice on developers who have wandered off the straight and narrow...

Twitter screws up, accidentally sends deluge of password-reset messages

Twitter screws up, sends deluge of password-reset messages

Twitter goofed, sending out a deluge of password-reset emails on Monday evening that turned out to have been triggered by a system error. Yes, it's a false alarm, but what the heck - any excuse to nag people about password reuse will do!

Kickstarter breached - change your passwords

Kickstarter Breach

Hackers gained unauthorised access to crowdfunding site kickstarter.com earlier this week. Compromised details include usernames, email addresses, mailing addresses, phone numbers and password hashes. Kickstarter users should change their passwords immediately.

Thousands of Tesco.com user passwords leaked online

2,239 Tesco.com user passwords leaked online

UK retailer Tesco has been forced to suspend 2,239 user accounts after a list of email addresses, passwords and Clubcard voucher balances was posted online.

SSCC 133 - Prize unicorns, Android malware, 2FA, Attack reports and Vote For Us! [PODCAST]

sscc-133-thumb-250

Chet and Duck review the week's news in their informed and entertainingly serious style, discussing the prizes on offer at this year's PWN2OWN competition, talking about a new twist in Android malware, and reviewing the latest attack reports from Yahoo and Target...

Starbucks admits "your security is incredibly important", updates password-spilling app

starlim-250

Starbucks got into and out of privacy trouble in over the past week.

The brouhaha started when a US security researcher publicly reported a rather serious data leakage problem in the Starbucks iOS mobile app...

Jailed terrorist gets extra time for refusing to divulge USB stick password

Jailed terrorist gets extra time for refusing to divulge USB stick password

A British man already in jail for terrorist activity was given another 4 months for refusing to give police the password to a memory stick that they couldn't crack. The convicted terrorist suddenly got his memory back when police said they were launching a new investigation into credit card fraud.

For nearly 20 years, the launch code for US nuclear missiles was 00000000

For nearly 20 years, the launch code for US nuclear missiles was 00000000

All those complicated passwords just slow you down when all you really want to do is blast the smithereens out of something fast.

SSCC 126 - Zero-day, Bitcoins, passwords and randomness [PODCAST]

Turn bad news into good with "what you can do better" advice from Chet and Duck.

Learn from: an XP zero-day, a spate of Bitcoin "bank robberies," the outcome of a European user security survey, and yet another cryptographic blunder, this time from Drupal.