In case you missed it the first time around, research has already proved that your password probably sucks. That research, by Microsoft MVP Troy Hunt, was based on a sampling of roughly 37,000 leaked Sony Pictures passwords leaked by LulzSec earlier this year. 37,000 password is chump change to Splashdata, the makers of a password management app, who sifted through millions of passwords that were dumped online during the hacktastic year that was 2011 and came up a list of the 25 passwords used most often by hacking victims. Is yours on the list?
Even as Microsoft’s busy pulling the curtain back on its upcoming Windows 8 operating system, somebody’s trying to shove Linux, the open-source OS alternative, into a bag and toss it into a river. A couple of weeks ago, we reported that kernel.org, a Linux source code repository, fell victim to a hack attack that compromised users of the site (but not the Linux source code itself). Now, other Linux websites find themselves under assault, too.
Privacy advocates and seedy characters on the edge of Internet legality alike use Bitcoins as their virtual currency of choice. The anonymous, decentralized P2P nature of Bitcoins lets you transfer money without ever having to contact a bank or even know the true identity of the person on the other end of the transaction. Recent events have dragged the shadowy currency into the light of public scrutiny, and now its squirming users have another headache to deal with: a trojan designed specifically to pilfer your Bitcoin wallet.
Make strong passwords. Make strong passwords. Our high school computer teacher beat the mantra into our heads, at least until the day we forgot our log on, a non-dictionary jumble that consisted of 39 upper- and lower-case letters, numbers, ampersands, exclamation points and any other special characters we could jam in there. After restoring our account, Mr. O'Donnell changed the mantra to, "Make kinda strong passwords." Microsoft MVP Troy Hunt analyzed the user information leaked in the recent LulzSec hack of Sony Pictures, and discovered that most people's passwords not only aren't kinda strong, but usually down-right crappy.
Between the PlayStation Network fiasco that compromised millions of user accounts and Netflix terminating a call center employee for snooping on credit card records, connected users have reason to be on edge. To top it off, LastPass, makers of the self-titled password manager and form filler, and new owners of the Xmarks browser bookmarks syncing service, recently forced users to change their master passwords as a precautionary measure after witnessing "a network traffic anomaly" that could be hacker activity. Hit the jump for the latest update.
Google Chrome has become a leading browser in just a few years, thanks in part to the rapid pace of development. Google is frequently pushing out updates to the beta and developer channels, with the stable release getting the final product. It was just a month ago that version 9 became official, and Google has announced today that Chrome version 10 has left beta, bringing with it a slew of new features.
Keeping a list of complex hacker-vexing passwords is an absolute must for every computer user’s security plan. It’s also a royal pain in the neck. As we visit more and more sites, we consequently collect more login credentials, making for a motley collection of username and password combinations. In a bid to save their sanity, some PC owners opt to use the same login information for every site they frequent. Others resort to recording all of their login information on a piece of paper or pasting it into a Word document. With insecure stop-gap measures like these for keeping track of the keys to your digital kingdom, you may as well send hackers your personal information via email and be done with it.
Researchers at the Fraunhofer Institute Secure Information Technology in Germany have shown that an iPhone or iPad can be hacked to reveal passwords stored in Apple's keychain password manager. This can be accomplished even if the device is locked with a passcode. The attack requires no special circumstances, just an iPhone, jailbreaking software, and the code developed by the researchers.
Google has announced today that the 2-step authentication system that was rolled out for Apps users a few months back is going to be available to everyone soon. This system will dramatically increase your account security to hopefully alleviate the risk that your account could be hacked, or your password phished. The set up process will only take about 15 minutes, and makes use of your mobile phone.
In a recent blog post, Webroot warned of a Firefox Trojan that forces the browser to save all login credentials by default and subsequently uses the stolen information to create a new user account (username: Maestro) on the compromised machine. It then sniffs out sensitive user data (data forms and login details) from the Windows Protected Storage Area. The data stolen from here is faithfully shipped out to a server once every minute.
The Trojan's author Salar “Salixem” Zeynali is an Iran-based crimeware hobbyist and heavy metal enthusiast, according to his Facebook profile. With Zeylani choosing his real name above a nom de plume to take credit for the malware, Webroot clearly didn't have to work too hard to get to him.
“His Facebook profile indicates he lives in Karaj, Iran; He sports an emo haircut, and likes heavy metal music and programming. And, apparently, Zeynali writes crimeware for fun, because he doesn’t sell his keylogger. He offers a keylogger creator tool as a free download from the message board he hangs out on,” Webroot's Andrew Brandt wrote in the blog post.
“Unfortunately, there are a lot of people who frequent the same message board Zeynali uses to post his keylogger code, and some of those people have clearly been using the keylogger creator tool Zeynali built to create and distribute Trojans.”
According to Brandt, no AV solution can automatically fix the nsLoginManagerPrompter.js file the Trojan modifies, but it is rather easy to fix manually: download and install the latest version of Firefox on top of the existing installation.