Browsing category
Correct identification of an individual using a computer or service is important because it represents the accountability of the person identified. If you know my username on a computer system, you can check on what I do on that system through an audit trail, and I can therefore be held accountable for those actions. However,
Following the examples of Google, Facebook, Yahoo and DropBox, Twitter is reportedly ready to roll out a two factor sign in process for its millions of users. This comes in light of February’s attack when some 250,000 passwords were stolen.
In his summary of New Year predictions by security researchers here at ESET, Stephen Cobb pointed to expanded efforts by malware authors to target the Linux operating system. Looks like that might be right: A blog post published by Sucuri yesterday describes a backdoored version of the SSH daemon discovered on compromised servers. Interestingly, this
According to the Deloitte Technology Trends 2013 report more than 90 per cent of user-generated passwords are weak and vulnerable to hacking, including those considered strong by IT departments.
[UPDATE #1: (21 Dec 2012, 5:30PM) ESET Researcher Cameron Camp has just published the second part of this series on securing your Android device. Read it here on the ESET Threat Blog at Securing Your Holiday Tech Gifts, Part 2: Android Guide. AG] December is upon us, and whether you have a Christmas tree, menorah,
Online passwords are a pain, and not just when you have to type them to access your online bank account or shop at your favorite digital emporium. Password pain extends to the people who have to manage them. A few weeks ago we shared some initial findings from a recent poll of 2,129 U.S. adults
There is very little research data on PIN prevalence available, so analysis of a new dataset of 4-digit passcodes can’t be ignored.
Phish, Phowl, and Passwords I spend a lot of time defending educational as opposed to purely technical solutions to security. Not that I don’t believe in the usefulness of technical solutions: that is, after all, ESET’s basic business. However, there are many people in the security business who believe that education is a waste of
Sharing details of the hack that “wiped his life” has earned Mat Honan a place in the annals of information system security; the specific inter-dependence of flawed authentication systems that cost him so dearly–encompassing Apple, iCloud, Amazon.com, Gmail and more–would probably still exist if Mat had not gone public. Wired has the full story here
Changing the passwords on your online accounts might not sound like a fun weekend activity, but that’s what I did last weekend. Why? Because on Sunday I found out that one of my email addresses was in the list of Yahoo! logins whose passwords were exposed by sloppy handling of a credential file (an incident
If a service leaks your credentials, your options are limited, but changing all your passwords to something harder to guess/break is never a bad idea.
It’s important to know the worst password choices, but also the worst choices for numeric passcodes.
Employee use of personally-owned computing devices for work-related purposes–known as Bring Your Own Device or BYOD–is not a new trend and security professionals have been concerned about it for some time, but there is a widely held view that the trend has been transformed of late. Why? Waves of mobile digital devices flooding into the
A continuation on: Time to check your DNS settings? After 7 March 2012, lots of people potentially can be hit as their systems are infected by a DNS Changer. Several government-CERTs have already warned their users. Rather than using the ISP’s DNS Servers, the malware has changed the settings to use DNS Servers controlled by
Dazzlepod is saying … if your account name comes up, change your current password … why not assume that your account is compromised and go ahead and change it anyway and everywhere?
The Reuters news agency reported earlier today a sudden increase in violent and pornographic images and videos on Facebook. A quick review of my personal account and a check-in with my other Facebook-wielding colleagues revealed a couple of nothing more than a couple of suggestive pictures, complete with snarky comments embedded in them, from the
How do you know a service is legitimate and safe? We all have to trust by proxy sometimes, but it just doesn’t feel right to encourage people to accept reassuring statements as gospel.
Forensic software developer PassWare announced a new version of its eponymous software forensics kit on Tuesday. Already several news sources are writing about how the program can automatically obtain the login password from a locked or sleeping Mac simply by plugging in a USB flash drive containing their software and connecting it to another computer
…on the Twitter account owned by LulzSec that they had turned their attention to the NHS. Curiously enough, they seem to have been restrained and even responsible: while there’s an image out there of a message they claim to have sent to an administrator at an unidentified NHS site, they blacked out the details.
…here’s a blog in stark contrast to Urban Schrott’s blog about good password practice in Ireland … Troy Hunt ran an analysis of the subset of stolen Sony Pictures passwords put out as a torrent by those nice boys at LulzSec, some 37,608 of them…
Greetings Dear Reader, We have published guidance material previously on passwords and passphrases, some are blogs and some are lengthier depending on your liking (link & link). Even still it is always good practice to reinforce sensible password techniques. For this blog, I plan on sharing an analogous self-ritual, and one that relies on a