Security

Mon
19
Feb
John Lister's picture

Fake LastPass Gets Vetted by App Store

A fake app pretending to be from password manager LastPass not only made it into the Apple App Store but had a five star rating. It's arguably among the worst possible types of bogus app to bypass Apple's usually strict vetting process. LastPass is ... one of the best known password manager tools. It lets users store their passwords in an encrypted vault, accessible only with a master password. The service can also generate secure passwords. The company's name is based on the idea that the master password is the last password the user will ever need to create or remember. The big catch, of course ... (view more)

Fri
16
Feb
John Lister's picture

Toothbrush Botnet Army Story Was Bogus

Reports that 3 million "smart" toothbrushes were hacked and weaponized turn out to be misleading at best. It appears to have been a mistranslation or misunderstanding. The reports first surfaced last week in Switzerland and involved toothbrushes ... supposedly running the Java computer language. They were said to have been hacked and used for a distributed denial of service (DDoS) attack that caused huge disruption and financial costs to a targeted business. Not every element of the story is as completely ridiculous as it might seem. "Smart" toothbrushes do exist, with connections to smartphone ... (view more)

Wed
07
Feb
John Lister's picture

German Train Company Seeks Windows 3.11 Experts

If you still have the skills for Windows 3.11, you may have been a candidate for a recent job ad in Germany. It appears the role, using the 30-year-old system, has been filled. The vacancy was advertised by national railway company Deutsche Bahn. ... The successful candidate would be assigned to Siemens, which is responsible for the rail tech division for the train control system. The role would involve keeping old systems operational so that train drivers could get real time information about equipment. The Register notes that although Windows 3.11's release in November 1993 is almost ... (view more)

Mon
05
Feb
John Lister's picture

Windows 10 Support Deadline Raises Questions

Windows 10 devices are set to become insecure next year unless users pay an extra fee. But with warnings of 240 million devices "going to landfill", it remains possible Microsoft will blink at the last moment. That Windows 10 reaches the end of its ... support period on October 14, 2025 is no secret: it's long been on Microsoft's support calendar and is in line with the company's policy of 10 years support. From that date, Microsoft will no longer issue free security updates. As happened with Windows 7, Microsoft will offer a paid update service for people in "circumstances that could prevent you ... (view more)

Mon
29
Jan
John Lister's picture

26 Billion User Records Compromised

A leak of around 26 billion user records has been labeled "the mother of all breaches." It's a major reminder of the downsides of reusing the same passwords on multiple sites. The collection of records is not a single stolen database. Instead, it ... appears to be a massive compilation of databases that have either been leaked before or sold on the black market. The database was spotted online by security researchers, likely a sign that whoever compiled it screwed up somewhere by mistakenly making it accessible. The researchers noted the database was extremely well indexed and organized. The ... (view more)

Mon
15
Jan
John Lister's picture

23andMe Blames Victims for Information Hack

DNA and ancestry site 23andMe has told victims of a major hack that it's their fault for not using unique passwords. The claim came in a letter aimed deterring victims from proceeding with a class action case. The site admitted last month that ... almost 7 million customers have been affected by a data breach. Hackers directly accessed personal data including DNA information of about 14,000 people. However, they were able to get some personal data of another 6.9 million people that enabled a feature to share information with potential relatives. Unsurprisingly, this led to legal action from ... (view more)

Mon
18
Dec
John Lister's picture

iPhones Get Extra Security Measure

Apple is beefing up security measures to reduce the damage caused by iPhone thefts. The new "Stolen Device Protection" feature is opt-in, possibly because it comes at the expense of convenience. The feature is designed for cases when somebody steals ... a device and successfully enters the passcode. That could happen when a thief spots somebody typing in the passcode before they steal the handset. It could also happen if the thief knows some details about the victim and they have a predictable passcode such as a birth date. Anyone who unlocks a phone will still be able to use it and access apps ... (view more)

Mon
11
Dec
John Lister's picture

New Law Demands Five Years Of Security Patches

Tougher rules mean digital device and software manufacturers will have to report security breaches more quickly. They'll also have to offer security patches for at least five years. The rules come from the European Union. They technically only cover ... products sold in EU member countries, though in many such cases manufacturers change their behavior worldwide to comply with the rules. The financial penalties for breaking the rules take into account global turnover. The rules, which will become the Cyber Resilience Act, cover "products with digital elements." These include smart and connected ... (view more)

Mon
27
Nov
John Lister's picture

Mac Users Targeted In Browser Scam

Mac users have been warned to watch out for bogus updates to the Safari and Chrome browsers. It's a scam to spread data-stealing malware. The AMOS malware, also called Atomic Stealer, is particularly nasty as it targets data stored or transmitted by ... web browsers. This includes login details, passwords, and credit card numbers. It also looks for cryptocurrency wallets, which give access to Bitcoin and other cryptocurrencies that can be stolen and turned into cash. (Source: malwarebytes.com ) The malware has been around since the spring when the scammers targeted people searching for popular ... (view more)

Fri
24
Nov
John Lister's picture

Security Glitch Undermines Encryption Keys

Around one in a million computer encryption keys are faulty and could be compromised according to researchers. While it sounds like an obscure issue, it could be exploited by security agencies at both friendly and hostile governments. The problem is ... with the RSA encryption that's widely used for online security. It works by users having two security keys (lengthy codes), one public and one private. The public key is used for encrypting data, while the private key is needed to decrypt it. The system also allows users to "sign" encrypted messages so that recipients know the supposed sender is ... (view more)

Pages

Subscribe to RSS - Security