Posts Tagged ‘passwords’

Yahoo!, Dropbox and Battle.net Hacked: Stopping the Chain Reaction

Thursday, February 14th, 2013

Major security breaches occur in quick succession one after another. Is it a chain reaction? How do we stop it?

  • January 2012: Zappos hacked, 24 million accounts accessed
  • June 2012: 6.5 Million encrypted LinkedIn passwords leaked online
  • July 2012: 420,000 Formspring passwords compromised in security breach
  • July 2012: Yahoo! Mail hacked
  • August 2012: Dropbox hacked, user accounts database leaked.
  • August 2012: Blizzard Battle.net hacked, user accounts leaked.
  • September 2012: Private BitTorrent tracker hacked, passwords leaked by Afghani hackers
  • September 2012: Over 30,000 usernames and passwords leaked from private torrent tracker RevolutionTT
  • September 2012: IEEE admits password leak, says problem fixed
  • November 2012: Adobe Connect Security Breach Exposes Personal Data of 150K Users
  • November 2012: Security breach hits Amazon.co.uk , 628 user id and password leaked
  • November 2012: Anonymous claims they hacked PayPal’s servers, leaks thousands of passwords online
  • December 2012: 100 million usernames and passwords compromised in a massive hack of multiple popular Chinese Web sites
  • January 2013: Yahoo! Mail hacked (again).
  • February 2013: Twitter breach leaks emails, passwords of 250,000 users
(more…)

Mind your passwords, make them different

Friday, September 17th, 2010

XKCD posted quite nice comics with a reallife problem behind them. It is very likely that some Web-services do as described, either sell such info to third parties or use it for evil purposes. Our recommendation is if you cannot trust some of the websites, choose another unique password for them. It would be even wiser if you had different passwords for all websites you visit. Some even unimportant websites can aslo be cracked and even if they (better to say your data stored there) have no value at all, your password, can be tried for Facebook or LinkedIn, hopefully in vain. :)

 

password reuse comics - click to enlarge

Password masking: myths and truths

Tuesday, July 7th, 2009

Password masking: myths and truthsEver heard of password masking problem? To be honest, I have not – until I’ve read the Stop Password Masking article by Jakob Nielsen (somewhere referred to as "usability guru"), followed by a lot of other publications, blog posts and comments (see ‘em all); so-called security guru Bruce Schneier wrote even two essays on that. 

Well, that reminded me of a very funny stupid CAPSoff Campaign

In brief, here is the "problem": for years (I think starting from Windows 3.0 released almost 20 years ago), the passwords are being masked as you type them (in most programs what have any kind of password protection, and an operating system itself), i.e. replaced with asterisks or black circles. What for? To prevent the password from being read by someone who stands behind you.

(more…)

Password Usage Behavior Survey Announced

Wednesday, June 3rd, 2009

ElcomSoft is launching a survey intended to collect more information on how people handle their passwords, which remain a major way for user authentication. Whether you are ElcomSoft customer or haven’t seriously thought about password security, we hope you will answer our questions.

The questionnaire is well designed and if you have no time you can simply tick the matching answers which are prepared for your convenience. If you have a special experience to share or lots of thoughts on passwords, please take a while and use empty spaces provided for your own answers.

The survey is set to run for several weeks in order to cover more people, for we understand that summer is the best season for vacations. After the survey is completed and results calculated, we will release a full report with facts and figures. We tried to put sensible questions in the belief that results’ analysis will help us find out which questions should be better and more deeply highlighted in our articles, whitepapers, as well as in our blog.

This is the first our empirical research and we hope you will find it interesting and enjoyable. You definitely have your own opinion on passwords, and as you understand this survey is a perfect way for you to share that opinion. So what do you think? Be frank and open, take the questionnaire, and help us let others know about it.

 

Secret Questions Are Vulnerable To Guessing Attacks, Study Says

Wednesday, May 20th, 2009

Although it is widely known that authentication via ‘secret’ questions is not secure, now we finally have statistical evidence to prove it. Microsoft Research and Carnegie Mellon University have conducted a study that measures how guessable answers to ‘secret’ questions are. The researchers looked at the questions used by AOL, Google, Microsoft, and Yahoo! in order to authenticate users who need to reset their forgotten passwords. The ability of users to memorize their answers was also questioned. (more…)

GPU Assisted Password Cracking at Troopers 2009

Tuesday, April 28th, 2009

Last week a colleague of mine, Andrey Belenko, gave a speech at the Troopers conference in Munich. Olga wrote about it in this blog. All the talks at Troopers were awesome. Soon the videos and slide shows will be available for downloading on Troopers website.

If you have an opportunity, visit Andrey’s talk about green password recovery at Infosec, London. It’s on Wednesday, April 29th, at 15:20, at the Technical Theare. Also visit our booth K35 at Earls Court for free software trials.

 

Password cracking with Microsoft cofee

Thursday, April 16th, 2009

No, it’s no a typo :). COFEE means Computer Online Forensic Evidence Extractor, actually. Never heard about it? Then read Microsoft supplies Interpol with DIY forensics tool. Just don’t ask where to get it. We have not seen it either.

Microsoft Office 14

Thursday, April 16th, 2009

According to CNET News, Office 14 technical preview will be available in Q3, and release version in the first half of 2010; Office 2010 will come in both 32-bit and 64-bit versions.

If password encryption will be improved there — of course, we’ll update Office Password Recovery accordingly. Though it is already good enough in Office 2007 — even with GPU acceleration, the password recovery speed is only thousands passwords per second (see some benchmarks at Distributed Password Recovery page), so even relatively short passwords are secure enough.

Windows Passwords

Wednesday, April 15th, 2009

Need more information on passwords in Active Directory environment — password policies, default settings, fine-graining? Then read Windows Passwords: Making them Secure article at WindowsSecurity.com. But we can also recommend using Proactive Password Auditor on a regular basis, to see how secure your passwords really are.

Surveillance Self-Defense Project fills the gaps in your security policy

Monday, April 13th, 2009

Michael Kassner placed an article about Surveillance Self-Defense in the TechRepublic, where he gives brief outline of the SSD website. Though some can endlessly brood over the grounds for the project foundation, for me one is clear that this site can be very much helpful to put all principal computer security guidelines together and close the gaps in your own security.
(more…)