password

Security researchers say a serious Android bug could let malware pose as a legitimate app and gain unwanted access to a phone's data and functions. The concept of the 'StrandHogg' bug has been known for several years, but now it's being actively ... exploited to target online banking. In simple terms, the bug has two unwanted effects: it can trick users into giving malware sensitive 'permissions' to access the phone, and it can hijack legitimate apps to trick users into handing over login details and sensitive information. Researchers at Promon explain the bug is with a security setting called ... (view more)

Password manager LastPass has suffered an embarrassing security glitch that reveals a user's last used password, though some security experts argue that pulling off the exploit would have been difficult at best. The purpose of LastPass is to solve ... the problem of people having too many passwords to remember, but not wanting to reuse passwords across multiple sites. Once somebody signs up to LastPass, they create a single master password which is completely secret. Even LastPass itself doesn't store this password, so if a user forgets it, they are out of luck. The master password then stores ... (view more)

Chrome may soon warn users if their passwords have been compromised. It works by checking inputted passwords against those exposed in public data breaches. The feature is already available for Chrome from an official Google extension known as ... Password Checkup, but users need to actively install this extension to use it. Web browser Mozilla Firefox already has a similar feature built-in. Now a similar feature named "password leak detection" has been spotted in the code of Chrome Canary. That's a version of Chrome that includes test features planned for release in the main Chrome edition in a ... (view more)

A security firm says hackers have hijacked 180,000 routers in Brazil alone so far this year. They target people who haven't changed the default login for the router's control system. According to Avast, there have been more than 4.6 million attempts ... to modify router settings remotely. Although the attacks were targeted at people using particular Internet service providers in Brazil, there's no reason the same tactics couldn't work elsewhere. The goal of the attacks is to change the DNS settings on a router. In simple terms, that's like the address book that a router uses to turn a website ... (view more)

An app designed to make it easier to get on public WiFi has accidentally exposed more than two million WiFi passwords. It appears to be a case of terrible design, rather than pure malice by the app designers. The app is called "WiFi Finder - connect ... to hotspots" and is listed on the Google Play store as having more than 100,000 downloads. In theory the app is part of a project to make using WiFi on the move more convenient. It's designed to be a massive database to which users can add public WiFi networks and the relevant passwords. For example, visitors to a coffee store could add the ... (view more)

The demise of the password has come a step closer this week with the adoption of a new standard for physical "keys" for logging in to websites. "WebAuthn," as it's called, makes it easier for sites to let users log in through a physical method - ... rather than relying on users having to remember a password. These methods range from USB devices that act like a physical key to biometric devices such as fingerprint or eye scanners. The big hope is that such devices reduce the need to rely on passwords which can be guessed or stolen in data breaches. Browsers Already On Board Having a ... (view more)

A security researcher says he's found a major security flaw in the Mac's password storage tool. But he's refusing to publish the details as a protest against Apple's "bug bounty" program. Linuz Henze has produced a video showing what he calls an ... exploit of the Keychain feature in MacOS Mojave, the current edition of the operating system for Mac computers. Keychain is an application on Macs that lets users save passwords for online accounts and digital certificates so that they don't have to type them in again. Users can also open Keychain and access a full list of passwords. Normally every ... (view more)

An extremely creative form of malware on Android devices uses motion sensors to help stay undetected. It's designed to combat one of the key methods used by malware scanning tools. Trend Micro says it found the malware hidden in two Google Play ... Store apps named "BatterySaverMobi" and "Currency Converter," which claimed to provide functions as their names suggest. (Source: arstechnica.com ) Once installed, the apps downloaded malware in the background, then used a fake system update message to trick the user into giving permission to install it. The malware, named " ... (view more)

Question site "Quora" has become the latest high-profile hacking victim, with details of more than 100 million users breached. Fortunately, the implications likely won't be as serious as some previous hacks. The site lets users post questions and ... then get answers from other users. A voting system means more helpful answers from its community means the best answers float to the top. Quora says its systems were accessed without authorization and that it discovered the breach on November 30, 2018. It says the exposed information included account information such as name, email address ... (view more)

Microsoft has announced several steps towards a world without passwords. It not so much a revolution at this stage, compared to a few measures towards convenience. The changes involve the way people login to Microsoft services such as the online ... edition of Office, Skype, Edge browser and the Xbox Live gaming service (on PCs) - all of which work via a single Microsoft account. Microsoft is building on "Windows Hello," an existing system for logging into a Windows 10 PC using a PIN code, facial recognition or a fingerprint reader, rather than relying on a password. Physical Keys An ... (view more)