passwords – Page 2 – SSL and internet security news

Passwords Are Terrible (Surprising No One)

February 1, 2023 infossl

cracking, national security policy, passwords, Security technology, Uncategorized

This is the result of a security audit: More than a fifth of the passwords protecting network accounts at the US Department of the Interior—including Password1234, Password1234!, and ChangeItN0w!—were weak enough to be cracked using standard methods, a recently published security audit of the agency found. […] The results weren’t encouraging. In all, the auditors … Read More “Passwords Are Terrible (Surprising No One)” »

LastPass Breach

December 26, 2022 infossl

breaches, cloud computing, data breaches, Password Safe, passwords, Security technology, Uncategorized

Last August, LastPass reported a security breach, saying that no customer information—or passwords—were compromised. Turns out the full story is worse: While no customer data was accessed during the August 2022 incident, some source code and technical information were stolen from our development environment and used to target another employee, obtaining credentials and keys which … Read More “LastPass Breach” »

LastPass Security Breach

December 2, 2022 infossl

breaches, passwords, Security technology, Uncategorized

The company was hacked, and customer information accessed. No passwords were compromised. Powered by WPeMatico

Failures in Twitter’s Two-Factor Authentication System

November 17, 2022 infossl

authentication, cybersecurity, passwords, Security technology, sms, twitter, two-factor authentication, Uncategorized, vulnerabilities

Twitter is having intermittent problems with its two-factor authentication system: Not all users are having problems receiving SMS authentication codes, and those who rely on an authenticator app or physical authentication token to secure their Twitter account may not have reason to test the mechanism. But users have been self-reporting issues on Twitter since the … Read More “Failures in Twitter’s Two-Factor Authentication System” »

Recovering Passwords by Measuring Residual Heat

October 12, 2022 infossl

cameras, computer security, machine learning, passwords, Security technology, Uncategorized

Researchers have used thermal cameras and ML guessing techniques to recover passwords from measuring the residual heat left by fingers on keyboards. From the abstract: We detail the implementation of ThermoSecure and make a dataset of 1,500 thermal images of keyboards with heat traces resulting from input publicly available. Our first study shows that ThermoSecure … Read More “Recovering Passwords by Measuring Residual Heat” »

Leaking Passwords through the Spellchecker

September 26, 2022 infossl

browsers, data protection, leaks, passwords, Security technology, Uncategorized

Sometimes browser spellcheckers leak passwords: When using major web browsers like Chrome and Edge, your form data is transmitted to Google and Microsoft, respectively, should enhanced spellcheck features be enabled. Depending on the website you visit, the form data may itself include PII—including but not limited to Social Security Numbers (SSNs)/Social Insurance Numbers (SINs), name, … Read More “Leaking Passwords through the Spellchecker” »

When Security Locks You Out of Everything

June 28, 2022 infossl

authentication, cybersecurity, passwords, Security technology, two-factor authentication, Uncategorized

Thought experiment story of someone who lost everything in a house fire, and now can’t log into anything: But to get into my cloud, I need my password and 2FA. And even if I could convince the cloud provider to bypass that and let me in, the backup is secured with a password which is … Read More “When Security Locks You Out of Everything” »

Bypassing Two-Factor Authentication

April 1, 2022 infossl

computer security, passwords, Security technology, two-factor authentication, Uncategorized

These techniques are not new, but they’re increasingly popular: …some forms of MFA are stronger than others, and recent events show that these weaker forms aren’t much of a hurdle for some hackers to clear. In the past few months, suspected script kiddies like the Lapsus$ data extortion gang and elite Russian-state threat actors (like … Read More “Bypassing Two-Factor Authentication” »

“Change Password”

March 17, 2022 infossl

passwords, Security technology, Uncategorized

Oops: Instead of telling you when it’s safe to cross the street, the walk signs in Crystal City, VA are just repeating ‘CHANGE PASSWORD.’ Something’s gone terribly wrong here. Powered by WPeMatico

Vulnerability in the Kaspersky Password Manager

July 6, 2021 infossl

Password Safe, passwords, random numbers, Security technology, Uncategorized, vulnerabilities

A vulnerability (just patched) in the random number generator used in the Kaspersky Password Manager resulted in easily guessable passwords: The password generator included in Kaspersky Password Manager had several problems. The most critical one is that it used a PRNG not suited for cryptographic purposes. Its single source of entropy was the current time. … Read More “Vulnerability in the Kaspersky Password Manager” »