We won’t delve too far into it again – why beat a dead horse? – but research has proven that most people’s passwords suck, plain and simple. Sophisticated geeks may shrug their shoulders and simply laugh at the newbs, but it’s in Microsoft’s interest to build a secure operating system – hence the whole Secure Boot thing. The company’s taking an interesting approach to passwords in the upcoming Windows 8, one that mixes personal pictures and touch/mouse gestures to create a log in experience that Microsoft claims is both faster and more secure than traditional alphanumeric passwords.
There is a lot of emphasis on computer security these days. Strong passwords, encryption, the whole nine yards. Apparently no one told a community called South Houston in Texas, USA. According to various confirmed reports, the municipality was using a simple three-character password to protect its Internet-facing SCADA system, which controls water and sewage systems. This system was accessed by a hacker known only as pr0f as a proof of concept. Yikes.
In case you missed it the first time around, research has already proved that your password probably sucks. That research, by Microsoft MVP Troy Hunt, was based on a sampling of roughly 37,000 leaked Sony Pictures passwords leaked by LulzSec earlier this year. 37,000 password is chump change to Splashdata, the makers of a password management app, who sifted through millions of passwords that were dumped online during the hacktastic year that was 2011 and came up a list of the 25 passwords used most often by hacking victims. Is yours on the list?
Even as Microsoft’s busy pulling the curtain back on its upcoming Windows 8 operating system, somebody’s trying to shove Linux, the open-source OS alternative, into a bag and toss it into a river. A couple of weeks ago, we reported that kernel.org, a Linux source code repository, fell victim to a hack attack that compromised users of the site (but not the Linux source code itself). Now, other Linux websites find themselves under assault, too.
Privacy advocates and seedy characters on the edge of Internet legality alike use Bitcoins as their virtual currency of choice. The anonymous, decentralized P2P nature of Bitcoins lets you transfer money without ever having to contact a bank or even know the true identity of the person on the other end of the transaction. Recent events have dragged the shadowy currency into the light of public scrutiny, and now its squirming users have another headache to deal with: a trojan designed specifically to pilfer your Bitcoin wallet.
Make strong passwords. Make strong passwords. Our high school computer teacher beat the mantra into our heads, at least until the day we forgot our log on, a non-dictionary jumble that consisted of 39 upper- and lower-case letters, numbers, ampersands, exclamation points and any other special characters we could jam in there. After restoring our account, Mr. O'Donnell changed the mantra to, "Make kinda strong passwords." Microsoft MVP Troy Hunt analyzed the user information leaked in the recent LulzSec hack of Sony Pictures, and discovered that most people's passwords not only aren't kinda strong, but usually down-right crappy.
Between the PlayStation Network fiasco that compromised millions of user accounts and Netflix terminating a call center employee for snooping on credit card records, connected users have reason to be on edge. To top it off, LastPass, makers of the self-titled password manager and form filler, and new owners of the Xmarks browser bookmarks syncing service, recently forced users to change their master passwords as a precautionary measure after witnessing "a network traffic anomaly" that could be hacker activity. Hit the jump for the latest update.
Google Chrome has become a leading browser in just a few years, thanks in part to the rapid pace of development. Google is frequently pushing out updates to the beta and developer channels, with the stable release getting the final product. It was just a month ago that version 9 became official, and Google has announced today that Chrome version 10 has left beta, bringing with it a slew of new features.
Keeping a list of complex hacker-vexing passwords is an absolute must for every computer user’s security plan. It’s also a royal pain in the neck. As we visit more and more sites, we consequently collect more login credentials, making for a motley collection of username and password combinations. In a bid to save their sanity, some PC owners opt to use the same login information for every site they frequent. Others resort to recording all of their login information on a piece of paper or pasting it into a Word document. With insecure stop-gap measures like these for keeping track of the keys to your digital kingdom, you may as well send hackers your personal information via email and be done with it.
Researchers at the Fraunhofer Institute Secure Information Technology in Germany have shown that an iPhone or iPad can be hacked to reveal passwords stored in Apple's keychain password manager. This can be accomplished even if the device is locked with a passcode. The attack requires no special circumstances, just an iPhone, jailbreaking software, and the code developed by the researchers.