passwords

A security researcher says he's found a major security flaw in the Mac's password storage tool. But he's refusing to publish the details as a protest against Apple's "bug bounty" program. Linuz Henze has produced a video showing what he calls an ... exploit of the Keychain feature in MacOS Mojave, the current edition of the operating system for Mac computers. Keychain is an application on Macs that lets users save passwords for online accounts and digital certificates so that they don't have to type them in again. Users can also open Keychain and access a full list of passwords. Normally every ... (view more)

Question site "Quora" has become the latest high-profile hacking victim, with details of more than 100 million users breached. Fortunately, the implications likely won't be as serious as some previous hacks. The site lets users post questions and ... then get answers from other users. A voting system means more helpful answers from its community means the best answers float to the top. Quora says its systems were accessed without authorization and that it discovered the breach on November 30, 2018. It says the exposed information included account information such as name, email address ... (view more)

Infopackets Reader Sam G. writes: " Dear Dennis, I get emails from hackers a few times a week saying that they have cracked my email account. As proof, they have supplied me with the correct password for the account. The message goes on to say that ... they have planted a Trojan on my computer which allows them to spy on me. Here's where it gets interesting. The hackers say I have been visiting websites of people in the buff. They are demanding I pay them bitcoin (worth $831) to keep this quiet, otherwise they will send images from the purported site I've visited and also a picture of me on my ... (view more)

Infopackets Reader Marjie H. writes: " Dear Dennis, I just received an email offer from Norton Security asking if I would like to enroll in the Norton Identity Protection. In order to do so, the form says I need to provide my social insurance ... number. The protection being offered is free, so long as I renew my Norton Antivirus subscription. From what I understand, this service includes protection against personal credit, credit cards, bank, social insurance number (SSI), etc. My question is - with all this information they are asking for, what is the possibility they could be hacked and all my ... (view more)

A security company has released its list of the worst passwords of 2017. As always with this annual survey, it tells us more about culture than security practices. The list comes from SplashData, which compiles the rankings based on how many times ... particular passwords appears in leaked lists of user databases (mainly among English language users). The survey this year totaled more than five million passwords, though it's worth noting the company deliberately excluded leaks of passwords from adult sites. (Source: cnet.com ) The most common are hardly any surprise with "123456" beating out " ... (view more)

More than 700 million email addresses and passwords have been leaked online. While many are bogus, enough appear to be genuine that security experts have advised users to change their email passwords. The collection of account details does not ... appear to have been used for identity theft or other fraud. Instead, the collection has been marketed as a way to send spam messages. The idea is that spammers can login to the compromised accounts in order to send their unsolicited emails. This effectively flies under the spam radar, as most spam comes from IP addresses without any reputation. In this ... (view more)

The man behind some of the most commonly held advice on creating passwords says he was wrong on several points. Bill Burr says the real problem with his tips were that they led to predictable behavior. Burr's advice came in a short 2003 document ... produced by the National Institute of Standards and Technology. Because of the institute's prestige, the advice was widely adopted and cited, with both employers and sites often insisting that passwords meet the guidelines. (Source: wsj.com ) Mix of Characters Hard to Remember One part of the advice was to use a mix of capital letters, lower ... (view more)

Infopackets Reader Sean S. writes: " Dear Dennis, I own three Windows 10 PC's at home - my own PC, my wife's laptop and my son's laptop. Each laptop is set up to access my main PC using network shared folders (I have the same user names and ... passwords also set up on my main machine to create a password protected share). Recently my wife tried to access a shared folder on my PC but now receives an error 'the password of this user has expired'. The same day I also received an error message on my Windows 10 login screen that 'the password for this account has expired' and I need to reset it. Is ... (view more)

An unfortunate error has led to a massive leak of confidential data online. It's led to calls from users to review their passwords and change the most sensitive ones. The leak involves Cloudflare, which ironically is a security company. It offers a ... service by which it acts a little like a gatekeeper for websites, passing on valid requests for data and blocking those designed to cause disruption. In particular, it combats denial of service attacks (DoS) that aim to bring a website down by sheer weight of incoming traffic - usually bogus traffic. As part of Cloudflare's operations, it ... (view more)

Lately we've been posting a lot of articles about websites and services that have been hacked . One of the primary recommendations we have also repeated is that users should use unique and hard-to-guess passwords for each site, as this will help to ... prevent any further breaches. The reasoning is that if user account data is stolen on one site ( Yahoo is a good example ), the same username and passwords may also be valid on other sites - but only if users are using the same account names, passwords or password hints. Unfortunately this is often the case, because using the same passwords on ... (view more)