Password Management

WordPress attacks showcase botnet owner's expanding tricks

By

More than 90,000 IP addresses were used to crack admin accounts on the blogging platform.

GAO scolds EPA for poor security

By

In a report released this week, the federal Government Accountability Office (GAO) found that the EPA, which just announced a server breach resulting in the personal information compromise of 7,800 people, is falling short in several areas.

Apple, Amazon respond to reporter's hacking nightmare

By

Both companies strengthened identity verification policies for customers after a tech writer's online accounts were hacked.

Password security can improve, but the hackers will still get in

Password security can improve, but the hackers will still get in

Considering the endless march of breaches, it may be time to scrap the belief that adequate passwords -- or even passphrases -- can prevent hackers from breaking into corporate environments. Instead, security pros should focus their efforts on gaining visibility into their networks.

Billabong is latest password breach victim, 21k exposed

Another day, another major company is hacked of its members' passwords. This time it is Billabong, the Australia-based surfwear manufacturer, and the credentials reportedly were publicly posted and unencrypted.

Yahoo confirms breach, passwords appear not encrypted

By

Another password compromise has befallen a major company. This time Yahoo confirmed Thursday that its Contributor Network was raided of the usernames and passcodes of 400,000 members.

The real impact of the leaked password attacks

The real impact of the leaked password attacks

Yes, LinkedIn failed to have the proper technology in place to protect its users' passwords, but as we share more information with websites, some of the burden is on the users to safeguard their personal data.

LinkedIn confirms that posted passwords are of its members

By

Business-networking site LinkedIn is looking into the possibility of a data breach which may have led to the theft of nearly 6.5 million user passwords.

Trojan designed to take screenshots of hotel payment apps

By

A new development in the criminal underground is to peddle trojans that steal credit card data from hotels.

Are security basics getting lost under the cover of cloud and mobile?

Are security basics getting lost under the cover of cloud and mobile?

Be wary of vendor messaging in light of today's threats, as it may be misguided. Organizations can cope with the latest concerns by applying tried-and-true security best practices.

Hackers target Medicaid claim forms in Utah

By

Hackers, believed to be operating out of Eastern Europe, breached a server at the Utah Department of Health (UDOH) to access thousands of Medicaid records.

Shutting access to passwords

Shutting access to passwords

Imagine a mobile device falling into the wrong hands - resulting in the draining of bank accounts co-opting of identities.

Opinion: The password is dead

Opinion: The password is dead

The massive fallout from the breaches of Gawker, Sony and others involving weak password authentication schemes show that the current password system is dead.

Phishing email leads to Denver area health care breach

By

Hackers may have accessed the personal health data belonging to patients of Denver area-based Metro Community Provider Network, a nonprofit health care provider for low-income individuals and families.

Yahoo deploys two-factor authentication for email

By

The feature, which is currently available for users in the U.S. Canada, India, and the Philippines, requires a second form of verification beyond a password for any "suspicious" login attempt.

Microsoft YouTube channel hacked

By

Hackers over the weekend accessed Microsoft's YouTube channel to swap out videos with their own. It is unclear what the intruders' motive was, but they may have been able to access the account by stealing its login credentials from a Microsoft employee, Graham Cluley, senior technology consultant at anti-virus firm Sophos, said in a blog post Sunday. One of the unauthorized videos posted was titled "Bingo" and featured an animated video game character shooting another character. By Monday morning, the channel was operating normally. The incident followed hackers last week taking over the Sesame Street YouTube channel to display pornographic videos.

Porn hackers take over "Sesame Street" YouTube station

By

The YouTube channel for the long-running television series "Sesame Street" was back operating normally on Monday after hackers briefly gained access to swap out educational videos with X-rated pornography.

Mac OS X Lion flaw allows illicit password changes

By

An Apple operating system flaw could allow any user to obtain stored password hash data through an openly readable directory.

"Morto" worm spreading via Remote Desktop connections

By

Security firms have just spotted a new worm, but experts don't think it will run rampant because there is no vulnerability involved.

Microsoft's 16 patches include one for "cookiejacking"

By

Microsoft is prepping a large security update for Tuesday, with plans to deliver 16 patches to fix 34 vulnerabilities across its product line.

If I ran the zoo

What might a hacker do with the Sony PlayStation Network database?

GAO slams IRS for data protection missteps

By

With the tax filing deadline a month away, the IRS is feeling the heat from the U.S. Government Accountability Office over lax data security practices.

The domino effect of Gawker's poor password practices

The domino effect of Gawker's poor password practices

Poor authentication standards encourage bad passwords and enable the data breach at Gawker to harm security across the web.

Gawker breach prompts LinkedIn, Yahoo password resets

By

The recent theft of approximately 1.3 million account details from the servers of Gawker has prompted password resets at a number of popular websites.

Twitter spam campaign linked to Gawker breach

By

A massive spam campaign that has rapidly spread on Twitter has been linked to a recent security breach of online media company Gawker Media.

Google releases security checklist

By

Google has created an 18-part checklist to help users better secure their computer, browser, Google account and Gmail settings. Among the tips Google suggests are that users choose unique passwords for their various online accounts, that they "periodically" change their passwords and that they never respond to messages or phone calls requesting their usernames or passwords. — DK

Microsoft fixes Ormandy zero-day, four other bugs

By

Microsoft on Tuesday pushed out four patches to address five vulnerabilities in Microsoft Windows and Office. It also marks the last security update for Windows 2000 and XP Service Pack 2.

Widespread attacks continue against WordPress sites

By

A new campaign to hack WordPress websites and serve rogue anti-virus is underway, according to security researchers.

Brokerage firm fined $375,000 over breach

By

The Financial Industry Regulatory Authority (FINRA) announced Monday it has fined Montana-based brokerage firm D.A. Davidson & Co. over a December 2007 breach that exposed the personal information of approximately 192,000 customers. The company's database was compromised via SQL injection, allowing attackers to steal the names and Social Security numbers of customers. Prior to the breach, D.A. Davidson did not have adequate safeguards, such as encryption, to protect customer information, FINRA said. A company spokeswoman told SCMagazineUS.com that no clients have fallen victim to ID theft, but the company settled to put the matter behind it. — AM

Apache.org hit by targeted XSS attack

By

The Apache Software Foundation is advising users to change their passwords after hackers launched a successful attack against its infrastructure.

Sign up to our newsletters

RECENT COMMENTS

FOLLOW US