Mozilla on Friday notified users of its Mozilla Developer Network (MDN) about the “accidental disclosure” of over 76,000 email addresses and around 4,000 “salted” passwords. These MDN user credentials remained exposed to the public for around a month until one of the outfit’s web developers discovered their presence on a server accessible to the general public around a couple of weeks back.
Perhaps one day you won't need a password to log into your accounts
Everyone knows you're not supposed to use the same password for multiple websites and services. If you follow that advice right down to the letter, then you're juggling numerous passwords, depending on how many banking sites, forums, auction portals, and everything else you're signed up for. It's a pain, and perhaps an unnecessary one -- device-based authentication could render passwords a thing of the past.
Managed to log in to dad’s account with simple trick
Each month, the Microsoft Security Response Center publishes a list of security researchers to whom it is thankful for privately disclosing bugs in its online services and, often, working with it to fix them. On the surface, the latest list may not seem too different from the previous ones, but that’s only until you realize that one of the over three dozen security researchers on it is actually a five-year-old kid.
Security on the Internet is terrible. That’s always been true, but it’s wildly obvious these days. Right and left, people are losing their passwords, ending up in botnets, and some days it seems like you might as well post your bank details onPastebin, just to get it over with.
Adobe suffered a major security breach last month that compromised at least 38 million user accounts. In the wake of that attack, however, the top 100 passwords used by milliions of Adobe account holders have come to light, and it doesn't look pretty. If you're in a scolding mood, you could say that many Adobe users compromised themselves by using lazy passwords that are easy to guess.
For years, we’ve been touting the virtues of KeePass Password Safe, a free open-source program for storing all your website passwords and associated notes behind a single master password. And to synch KeePass across multiple machines, we’ve been recommending that readers store the encrypted database on Dropbox. However, we got to wondering whether the popular browser-based password manager LastPass was a superior, one-stop solution. So this month, we invited the two free password trappers to duke it out for bragging rights.
Note: This article originally appeared in the August 2013 issue of the magazine.
Customer information and product source code at risk
AdobeChief Security Officer Brad Arkin has revealed that Adobe’s servers were attacked in a successful attempt to access customer data and product source code. 2.9 million customers are affected with “names, encrypted credit or debit card numbers, expiration dates, and other information relating to customer orders,” taken.
Game publisher Ubisoft today confirmed that one of its websites suffered a security breach and that the person or people responsible made off with usernames, email addresses, and encrypted passwords. Ubisoft stressed that it doesn't store any personal payment information, meaning no debit or credit card data was stolen as a result of this server hack. Nevertheless, Ubisoft recommends that you change your password right away.
Do you use Yahoo Voice? If so, go change your password immediately. Hackers collectively known as D33Ds Company are taking credit for an SQL injection attack on a Yahoo subdomain believed to belong to Yahoo Voice. The hackers posted a document containing 453,492 plaintext Yahoo user accounts and passwords. The original website where the stolen information was posted appears to be down for the moment, but there are no do-overs on the Internet, and all that sensitive data is currently floating around torrent sites and other portals.
By now most everyone with an Internet connection and even a passing interest in technology news knows about LinkedIn's recent security breach, the one in which 6.5 million LinkedIn hashed passwords were swiped from the site's servers and posted on a Russian website. LinkedIn has been in full damage control ever since, including a post over the weekend outlining steps it's taking to protect its members.