It’s been a rough week for Sony execs ( million-dollar salaries notwithstanding ). And things are only going to get worse . Which would almost be enough to make you feel bad for the poor schmucks in IT—that is, until you realize that they hid their most sensitive password data under the label “Passwords.” Go ahead and slam your head against something hard. We’ll wait. Read more…
More:
Sony Kept Thousands of Passwords in a Folder Named "Password"
Your home network is your fortress. Inside it lies tons of valuable information—unencrypted files, personal, private data, and perhaps most importantly, computers that can be hijacked and used for any purpose. Let’s talk about how you can, with the power of evil, sniff around your home network to make sure you don’t have any uninvited guests. Read more…
More:
How to Tap Your Network and See Everything That Happens On It
An anonymous reader writes Dropbox has denied that they have been hacked, and that the login credentials leaked by a unknown individual on Pastebin are those of Dropbox users. “Your stuff is safe. The usernames and passwords referenced in these articles were stolen from unrelated services, not Dropbox. Attackers then used these stolen credentials to try to log in to sites across the internet, including Dropbox, ” Anton Mityagin from the Dropbox security department noted in a post. Read more of this story at Slashdot.
More:
Dropbox Wasn’t Hacked, Says Leaked Credentials Are From Unrelated Services
After an already rough morning , Dropbox is now facing something far more menacing. After first surfacing Reddit, several Pastebin files have been found to contain hundreds of Dropbox users’ usernames and passwords—and the anonymous poster claims that there are millions more to come. Read more…
Taken from:
Change Your Password: Hackers Are Leaking Dropbox User Info
New submitter poseur writes: If you’re looking for an alternative to TrueCrypt, you could do worse than VeraCrypt, which adds iterations and corrects weaknesses in TrueCrypt’s API, drivers and parameter checking. According to the article, “In technical terms, when a system partition is encrypted, TrueCrypt uses PBKDF2-RIPEMD160 with 1, 000 iterations. For standard containers and other (i.e. non system) partitions, TrueCrypt uses at most 2, 000 iterations. What Idrassi did was beef up the transformation process. VeraCrypt uses 327, 661 iterations of the PBKDF2-RIPEMD160 algorithm for system partitions, and for standard containers and other partitions it uses 655, 331 iterations of RIPEMD160 and 500, 000 iterations of SHA-2 and Whirlpool, he said. While this makes VeraCrypt slightly slower at opening encrypted partitions, it makes the software a minimum of 10 and a maximum of about 300 times harder to brute force.” Read more of this story at Slashdot.
Continue Reading:
VeraCrypt Is the New TrueCrypt — and It’s Better
According to the Daily Dot, nearly 5 million usernames and passwords to Gmail accounts have been leaked on a Russian Bitcoin forum. Here’s what you should know. Read more…
Read More:
5 Million Gmail Passwords Leaked, Check Yours Now
Not only the US military want to make an Iron Man suit, they also want to give the soldiers the same self-healing powers of the Wolverine, the Marvel superhero that can accelerate the healing of injuries and chronic diseases. DARPA calls the project ElectRx. Their description is fascinating. Read more…
View article:
US military working on turning soldiers into the Wolverine
An anonymous reader writes: New research shows that wireless routers are still quite vulnerable to attack if they don’t use a good implementation of Wi-Fi Protected Setup. Bad implementations do a poor job of randomizing the key used to authenticate hardware PINs. Because of this, the new attack only requires a single guess at the hardware PIN to collect data necessary to break it. After a few hours to process the data, an attacker can access the router’s WPS functionality. Two major router manufacturers are affected: Broadcom, and a manufacturer to be named once they get around to fixing it. “Because many router manufacturers use the reference software implementation as the basis for their customized router software, the problems affected the final products, Bongard said. Broadcom’s reference implementation had poor randomization, while the second vendor used a special seed, or nonce, of zero, essentially eliminating any randomness.” Read more of this story at Slashdot.
See more here:
Wi-Fi Router Attack Only Requires a Single PIN Guess
Trailrunner7 writes The GameOver Zeus malware had a nice run for itself, making untold millions of dollars for its creators. But it was a run that ended with a multi-continent operation from law enforcement and security researchers to disassemble the infrastructure. Now researchers have identified a new variant of the Cridex malware that has adopted some of the techniques that made GOZ so successful in its day. Researchers at IBM’s X-Force research team have seen a new version of Cridex, which is also known as Bugat and Feodo, using some of the same techniques that GOZ used to such good effect. Specifically, the new strain of malware has adopted GOZ’s penchant for using HTML injections, and the researchers say the technique is nearly identical to the way that GOZ handled it. “There are two possible explanations for this. First, someone from the GOZ group could have moved to the Bugat team. This would not be the first time something like this has happened, which we’ve witnessed in other cases involving Zeus and Citadel; however, it is not very likely in this case since Bugat and GOZ are essentially competitors, while Zeus and Citadel are closely related. The second and more likely explanation is that the Bugat team could have analyzed and perhaps reversed the GOZ malware before copying the HTML injections that made GOZ so highly profitable for its operators, ” Etay Maor, a senior fraud prevention strategist at IBM, wrote in an analysis of the new malware. Read more of this story at Slashdot.
View the original here:
New Cridex Malware Copies Tactics From GameOver Zeus
badger.foo (447981) writes Peter Hansteen reports that a new distributed and slow-moving password guessing effort is underway, much like the earlier reports, but this time with a twist: The users they are trying to access do not exist. Instead, they’re taken from the bsdly.net spamtrap address list, where all listed email addresses are guaranteed to be invalid in their listed domains. There is a tiny chance that this is an elaborate prank or joke, but it’s more likely that via excessive automation, the password gropers have finally Peak Stupid. Read more of this story at Slashdot.
Read More:
Password Gropers Hit Peak Stupid, Take the Spamtrap Bait