passwords – Page 5 – SSL and internet security news

Using a Smartphone’s Microphone and Speakers to Eavesdrop on Passwords

September 5, 2018 infossl

authentication, cellphones, hacking, passwords, phones, Security technology, sidechannelattacks

It’s amazing that this is even possible: “SonarSnoop: Active Acoustic Side-Channel Attacks“: Abstract: We report the first active acoustic side-channel attack. Speakers are used to emit human inaudible acoustic signals and the echo is recorded via microphones, turning the acoustic system of a smart phone into a sonar system. The echo signal can be used … Read More “Using a Smartphone’s Microphone and Speakers to Eavesdrop on Passwords” »

1Password’s Travel Mode

July 23, 2018 infossl

computersecurity, lies, passwords, Security technology

The 1Password password manager has just introduced “travel mode,” which allows you to delete your stored passwords when you’re in other countries or crossing borders: Your vaults aren’t just hidden; they’re completely removed from your devices as long as Travel Mode is on. That includes every item and all your encryption keys. There are no … Read More “1Password’s Travel Mode” »

Reasonably Clever Extortion E-mail Based on Password Theft

July 16, 2018 infossl

extortion, passwords, pornography, Security technology

Imagine you’ve gotten your hands on a file of e-mail addresses and passwords. You want to monetize it, but the site it’s for isn’t very valuable. How do you use it? You convince the owners of the password to send you money. I recently saw a spam e-mail that ties the password to a porn … Read More “Reasonably Clever Extortion E-mail Based on Password Theft” »

WPA3

July 12, 2018 infossl

passwords, secrecy, Security technology, securitystandards, wifi

Everyone is writing about the new WPA3 Wi-Fi security standard, and how it improves security over the current WPA2 standard. This summary is as good as any other: The first big new feature in WPA3 is protection against offline, password-guessing attacks. This is where an attacker captures data from your Wi-Fi stream, brings it back … Read More “WPA3” »

Recovering Keyboard Inputs through Thermal Imaging

July 10, 2018 infossl

academicpapers, passwords, Security technology, sidechannelattacks

Researchers at the University of California, Irvine, are able to recover user passwords by way of thermal imaging. The tech is pretty straightforward, but it’s interesting to think about the types of scenarios in which it might be pulled off. Abstract: As a warm-blooded mammalian species, we humans routinely leave thermal residues on various objects … Read More “Recovering Keyboard Inputs through Thermal Imaging” »

PROPagate Code Injection Seen in the Wild

July 9, 2018 infossl

malware, passwords, Security technology

Last year, researchers wrote about a new Windows code injection technique called PROPagate. Last week, it was first seen in malware: This technique abuses the SetWindowsSubclass function — a process used to install or update subclass windows running on the system — and can be used to modify the properties of windows running in the … Read More “PROPagate Code Injection Seen in the Wild” »

Bypassing Passcodes in iOS

June 26, 2018 infossl

apple, encryption, hacking, ios, passwords, Security technology

Last week, a story was going around explaining how to brute-force an iOS password. Basically, the trick was to plug the phone into an external keyboard and trying every PIN at once: We reported Friday on Hickey’s findings, which claimed to be able to send all combinations of a user’s possible passcode in one go, … Read More “Bypassing Passcodes in iOS” »

Impersonating iOS Password Prompts

October 12, 2017 infossl

apple, impersonation, ios, passwords, Security technology, socialengineering, spoofing, vulnerabilities

This is an interesting security vulnerability: because it is so easy to impersonate iOS password prompts, a malicious app can steal your password just by asking. Why does this work? iOS asks the user for their iTunes password for many reasons, the most common ones are recently installed iOS operating system updates, or iOS apps … Read More “Impersonating iOS Password Prompts” »

Changes in Password Best Practices

October 10, 2017 infossl

nist, passwords, Security technology

NIST recently published their four-volume SP800-63-3 Digital Identity Guidelines. Among other things, they make three important suggestions when it comes to passwords: Stop it with the annoying password complexity rules. They make passwords harder to remember. They increase errors because artificially complex passwords are harder to type in. And they don’t help that much. It’s … Read More “Changes in Password Best Practices” »

Deloitte Hacked

September 29, 2017 infossl

breaches, cloudcomputing, databreaches, disclosure, hacking, passwords, Security technology

The large accountancy firm Deloitte was hacked, losing client e-mails and files. The hackers had access inside the company’s networks for months. Deloitte is doing its best to downplay the severity of this hack, but Bran Krebs reports that the hack “involves the compromise of all administrator accounts at the company as well as Deloitte’s … Read More “Deloitte Hacked” »