Security

Wed
20
Dec
John Lister's picture

'Password' Still a Common Password in 2017

A security company has released its list of the worst passwords of 2017. As always with this annual survey, it tells us more about culture than security practices. The list comes from SplashData, which compiles the rankings based on how many times ... particular passwords appears in leaked lists of user databases (mainly among English language users). The survey this year totaled more than five million passwords, though it's worth noting the company deliberately excluded leaks of passwords from adult sites. (Source: cnet.com ) The most common are hardly any surprise with "123456" beating out " ... (view more)

Thu
14
Dec
John Lister's picture

Trio Admits Hijacking Home Devices

Three Americans have plead guilty to hijacking more than 100,000 internet-connected devices. The group of infected machines (known as a "botnet") was then used to attack websites using a distributed denial of service attack (DDoS) to make websites ... unavailable. While most DDoS attacks are carried out on PCs, this attack in particular targeted weaknesses in smaller devices that use the Internet. This included routers, digital video recorders and wireless cameras. That's a significant point, as the tech security community has generally treated security flaws in such devices as a lower ... (view more)

Thu
30
Nov
John Lister's picture

'Spectacular' Apple Flaw Left Macs Wide Open for Attack

Apple has been forced to fix a major security flaw in the latest edition of the Mac operating system. The fix makes it far easier for a thief to access a computer's files. The bug is in MacOS High Sierra, which was released two months ago. It's ... widely used as its compatible with most Mac computers released in the past eight years or so. The problem is with root access on the system. That's the highest level of access, giving complete control of the computer and even the opportunity to alter key system files. Normally only the most confident users would enable root access (which then acts a ... (view more)

Wed
29
Nov
John Lister's picture

New Google Tool Makes Snoopers Vomit Rainbows

Google researchers are working on a way to warn users when someone else might be sneaking a peek at your smartphone. They say it can spot a gaze in just two milliseconds. The project is the work of Hee Jung Ryu and Florian Schroff, who'll ... demonstrate their work at a conference on Neural Information Processing Systems. It's based on a remarkably simple concept with some smart technology. Front Camera is Key to Tool In its current form, the system runs on a Google Pixel phone and takes advantage of the front-facing camera - the one typically used for face / video conferencing before it became ... (view more)

Fri
24
Nov
John Lister's picture

Windows Bugs Could Be Much More Serious

A key security feature in Windows doesn't work as planned. It's not a vulnerability in itself, but means that hackers who find bugs in software are much more likely to be able to do damage. The problem is with Address Space Layout Randomization ... (ASLR). It deals with the way a computer organizes different programs in memory. As an analogy, it's like organizing vehicles of different sizes and makes in a parking lot. Most operating systems support ASLR, which means that when a program starts up and needs to use the computer's memory, it's assigned a random location. In the analogy, think of cars ... (view more)

Wed
22
Nov
John Lister's picture

Website User Tracking 'A Major Security Risk'

More than 400 leading websites could be compromising user security by collecting everything the user types - whether or not the user is aware. A Princeton University study also found the collected information was not always adequately protected and ... anonymized. The problem highlighted by the study was the use of third-party tools that website owners can use to find out more about how people navigate their site. These tools often track precisely where the user moves a mouse cursor along with information they type in, even if they then delete it. In principle these "session replay" tools can be ... (view more)

Tue
07
Nov
John Lister's picture

Bogus 'WhatsApp' Chat Client Downloaded 1 Million Times

Scammers used a computer code loophole to trick more than a million people into downloading a rogue Android app. The fake variant of WhatsApp appears to have been designed to distribute ads. The bogus app took advantage of the popularity of the ... genuine WhatsApp Messenger, which has been downloaded more than 60 million times on Google Play alone. It's a tool for exchanging messages with friends or groups over the Internet rather than eating into SMS text message allowances. Extra Space Went Unseen "Update What's App Messenger" was one of numerous bogus apps that tried to mislead users with ... (view more)

Tue
17
Oct
John Lister's picture

New Wi-Fi Crack can Intercept Your Data: What You Need to Know

One of the key security protections in WiFi has a serious vulnerability, a researcher has revealed. The exploit has to do with the protocol "WPA2" - currently considered the most secure protocol commonly used on WiFi routers and hotspots. Here's ... what you need to know about the WPA2 exploit. What's the problem and what does it affect? Security researcher Mathy Vanhoef has published a demonstration for what he's called "KRACKs," short for key reinstallation attacks. That's a way of exploiting a weakness in WPA2 (WiFi Protected Access II), the security system that is most ... (view more)

Thu
12
Oct
John Lister's picture

T-Mobile Bug Revealed Email Address, Name, and More

T-Mobile has fixed a bug that let hackers get sensitive personal data just by using a phone number. In theory, it could have been possible to collect details on all the company's customers, though T-Mobile denies this. The problem was discovered by ... Karan Saini, a security researcher who discussed the problem with the Motherboard Vice website. The site then approached T-Mobile about the problem. It said "we were alerted to an issue that we investigated and fully resolved in less than 24 hours. There is no indication that it was shared more broadly." (Source: vice.com ) The bug had to do with T ... (view more)

Wed
11
Oct
John Lister's picture

Bogus 'Adblock Plus' Opens More Ads

Users of a popular ad-blocking tool have been warned to watch out for a bogus version of the tool. One copy of the fake Adblock Plus was downloaded 37,000 times before being removed from the Google Chrome store. The legitimate version of Adblock ... Plus is one of the most popular tools available as a Chrome extension: a third-party tool that can be added directly to the browser itself. The makers claim that more than a hundred million devices are actively using the tool. The bogus version is particularly ironic, though not in a way that victims would appreciate: rather than block ads, it ... (view more)

Pages

Subscribe to RSS - Security