SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
#password
4 May 2018

GitHub says bug exposed some plaintext passwords

GitHub has said a bug exposed some user passwords -- in plaintext. The code repository site, with more than 27 million users as of last year, sent an email to affected users Tuesday.

"During the course of regular auditing, GitHub discovered that a recently introduced bug exposed a small number of users' passwords to our internal logging system," said the email, received by some users. The email said that a handful of GitHub staff could have seen those passwords -- and that it's "unlikely" that any GitHub staff accessed the site's internal logs. "We have corrected this, but you'll need to reset your password to regain access to your account," the email added. 

Read more
Tags:
GitHub password information leaks
Source:
ZDNet
2658
12 Feb 2018

Researcher uses macOS app screenshot feature to steal passwords, tokens, keys

Malicious app developers can secretly abuse a macOS API function to take screenshots of the user's screen and then use OCR to programmatically read the text found in the image.

The function is CGWindowListCreateImage, often utilized by Mac apps that take screenshots or live stream a user's desktop. According to Fastlane Tools founder Felix Krause, any Mac app, sandboxed or not, can access this function and secretly take screenshots of the user's screen. Krause argues that miscreants can abuse this privacy loophole and utilize CGWindowListCreateImage to take screenshots of the screen without the user's permission.

Read more
Tags:
password information leaks
Source:
BleepingComputer
1616
7 Feb 2018

Mixpanel analytics accidentally slurped up passwords

The passwords of some people using sites monitored by popular analytics provider Mixpanel were mistakenly pulled into its software. Until experts’ inquiry, Mixpanel had made no public announcement about the embarrassing error beyond quietly emailing clients about the problem. Yet some need to update to a fixed Mixpanel SDK to prevent an ongoing privacy breach.

It’s unclear which clients were impacted due to confidentiality agreements, but Mixpanel lists Samsung, BMW, Intuit, US Bank and Fitbit as some of the companies it works with. “We can tell you that less than 25 percent of our customers were impacted,” the company’s spokesperson told. 

Read more
Tags:
password information leaks
Source:
TechCrunch
1606
29 Dec 2017

Ancestry.com data leak: RootsWeb server accidentally exposes 300,000 email addresses and passwords

Ancestry.com has confirmed that a leaky server on RootsWeb, its free community-driven genealogical website, inadvertently exposed a file containing 300,000 usernames, email addresses and passwords online.

In a statement issued over the weekend, Ancestry's chief information security officer Tony Blackham said a security researcher notified the company of the unsecured file on 20 December. Troy Hunt, security expert and creator of the data breach repository "HaveIBeenPwned.com" reported the existence of the file to Ancestry and said the data was compromised in 2015.

Read more
Tags:
password information leaks
Source:
IBTimes
1994
27 Dec 2017

"123456" remains most common password found in data dumps in 2017

For the second year in a row, "123456" remained the top password among the millions of cleartext passwords exposed online thanks to data breach incidents at various providers. While having "123456" as your password is quite bad, the other terms found on a list of Top 100 Worst Passwords of 2017 are just as distressing and regretful.

Some of these include an extensive collection of sports terms (football, baseball, soccer, hockey, Lakers, jordan23, golfer, Rangers, Yankees), car brands (Mercedes, Corvette, Ferrari, Harley), and various expressions (iloveyou, letmein, whatever, blahblah). 

Read more
Tags:
password information leaks
Source:
Bleeping Computer
1703
19 Dec 2017

Stolen California voter database held for bitcoin ransom

An Amazon AWS server believed to contain files on all of California’s registered voters was left exposed this year due to a misconfigured database, according to researchers at the Kromtech Security Center. The database was later stolen by cybercriminals demanding a ransom only payable in bitcoin.

Kromtech told that it collected samples from the database earlier this year while examining thousands of servers left publicly exposed. Each of the servers had installed a database platform known as MongoDB, which was widely misconfigured and vulnerable to attack. Kromtech discovered what appeared to be 4 GB of voter files linked to the State of California. 

Read more
Tags:
password information leaks
Source:
Gizmodo
1526
19 Dec 2017

Pre-installed password manager on Windows 10 lets hackers steal all your passwords

If you are running Windows 10 on your PC, then there are chances that your computer contains a pre-installed 3rd-party password manager app that lets attackers steal all your credentials remotely. Starting from Windows 10 Anniversary Update, Microsoft added a new feature called Content Delivery Manager that silently installs new "suggested apps" without asking for users’ permission.

According to a blog post published Friday on Chromium Blog, Google Project Zero researcher Tavis Ormandy said he found a pre-installed famous password manager, called "Keeper," on his freshly installed Windows 10 system which he downloaded directly from the Microsoft Developer Network. 

Read more
Tags:
password Windows 10
Source:
The Hacker News
1944
29 Nov 2017

Major Apple security flaw grants admin access on macOS High Sierra without password

If you're running macOS High Sierra, don't let anyone near your Apple Mac. It's possible for anyone to login to the Mac and get the admin level of access to change passwords, get access to all data on the main account and lock the original user out.

Fortunately, there's a fix that should solve the problem, even as Apple works to patch. First, the bug. In what may go down as one of the most embarrassing vulnerabilities in Apple history, all a "hacker" needs to do is sign in as an "Other" user, type in "root" for a username and no password. Then they're in. Experts tested the vulnerability and found it wide open, allowing a change of passwords for other accounts on the Mac. 

Read more
Tags:
password Apple information leaks
Source:
The Verge
1684
27 Oct 2017

How to turn your watch, shoes, or household junk into a password

One day, your household items and accessories could become a new way to authenticate yourself online, according to researchers. Many websites and online services are now enforcing or at least offering two-factor authentication (2FA) as a way to enhance the security of your accounts.

We all know passwords are less than ideal these days, being susceptible to brute-force hacking as many of us use simple, repetitive phrases -- not to mention the flood of data leaks taking place every day -- and so other methods are now needed. Two-factor authentication utilizes a second method of verification to check someone's identity. 

Read more
Tags:
password trends
Source:
ZDNet
1701
11 Oct 2017

Beware of sketchy iOS popups that want your Apple ID

One of iOS' rougher edges are the popups it produces on a regular but seemingly random basis. These popups require users to enter their Apple ID before they can install or update an app or complete some other mundane task.

The prompts have grown so common most people don't think twice about them. Mobile app developer Felix Krause makes a compelling case that these popups represent a potential security hole through which attackers can steal user credentials. In a blog post published Tuesday, he showed side-by-side comparisons, pictured above, of an official popup produced by iOS and a proof-of-concept phishing popup.

Read more
Tags:
iOS password information leaks Apple fraud hackers
Source:
The Hacker News
2443
SafeUM NEWS
27 Apr 2017 safeum news imgage Encrypted Group Chat
4 Apr 2017 safeum news imgage Each SafeUM user gets free anonymous phone number
10 Mar 2017 safeum news imgage SafeUM useful features to help you feel safe
28 Sep 2016 safeum news imgage Secure Messenger SafeUM
21 Jul 2015 safeum news imgage New secured zone of Google Play: secure messenger SafeUM for Android. Download, Install, Communicate
3 Apr 2015 safeum news imgage We are beginning to test SafeUM for Windows Phone
25 Feb 2015 safeum news imgage SafeUM messenger is available for public testing
20 Feb 2015 safeum news imgage Algorithms and encryption schemes used for secure messenger SafeUM
30 Jan 2015 safeum news imgage New "TOP Security!" app is on the App Store
22 Jan 2015 safeum news imgage Free "TOP Security!" app is available on Google Play
28 Oct 2014 safeum news imgage How are security keys generated in SafeUM?
19 Jun 2014 safeum news imgage SafeUM is the best messenger for data protection and information security
16 Jun 2014 safeum news imgage Become a SafeUM tester and get free PREMIUM subscription for a year
12 May 2014 safeum news imgage Why Premium secure messenger SafeUM cannot be free
25 Apr 2014 safeum news imgage Encrypted secure messaging for every mobile device
All news
First page Previous
1 2 3 4 . . 10
Next Last page
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015