Researchers have unearthed dozens of Android apps in the official Google Play store that expose user passwords because the apps fail to properly implement HTTPS encryption during logins or don't use it at all.
The roster of faulty apps have more than 200 million collective downloads from Google Play and have remained vulnerable even after developers were alerted to the defects. The apps include the official titles from the National Basketball Association, the Match.com dating service and the PizzaHut restaurant chain. They were uncovered by AppBugs, a developer of a free Android app that spots dangerous apps installed on users' handsets.
Read moreSome of the most effective scams are often very simple; take for example dressing up as a police officer and asking someone to hand over the keys to their car. The average person on the street would probably hand them over without question and this is why impersonating a police officer is classed as a very serious crime the world over.
This scam has two things going for it: its simplicity and the fact that people have an overwhelming tendency to trust figures of authority. These two qualities work just as well in the world of cybercrime and we recently came across a case that proves just that.
Read moreAn online password manager can make your life much easier by automatically entering individual passwords for each website and service you visit. It is a very convenient tool – unless it is hacked.
In that instance, by discrediting a single password, cyber criminals can receive access to invaluable information, including banking credentials. LastPass, a popular password manager, has recently disclosed a network breach. Attackers compromised user email addresses, password reminders, per-user salts and authentication hashes. The passwords themselves were not compromised, as the service doesn’t store them in its cloud.
Read moreA security expert demonstrated how to exploit a vulnerability in Apple IOS system to steal user password with a phishing email. A new vulnerability that affects Apple’s iOS could be exploited by hackers to collect user passwords by using a single email.
A security and forensic expert has developed a tool, the iOS 8.3 Mail.app inject kit, that could be used to create malicious iCloud password phishing emails. He explained that he exploits an unpatched bug affecting Apple iOS. The iOS 8.3 Mail.app inject kit exploits a vulnerability in the Apple operating system’s native email client that allows and attacker to display a realistic pop-up.
Read moreA team of researchers has developed a system that makes it much harder for hackers to obtain usable passwords from a leaked database, which could help blunt the damage from a data breach.
The new system is aimed at throwing off hackers who use methods to crack passwords. Hackers will still be able to crack that file, however the passwords they will get back are fake passwords or decoy passwords. Passwords are typically encrypted when stored by organizations. The passwords are encrypted using an algorithm, and that output -- called a hash -- is stored. Hashes are considered safer to store than plain-text passwords.
Read moreHacks happen all the time. While some exploits are caused by insanely technical code created to dupe even the most advanced machines, more often it's simple human actions that are to blame.
Hackers are not necessary interested in someone’s money or secrets, so what drives them to be what they are? It is very interesting, but 86% of hackers are sure they would not be punished for their deeds. The best way to protect yourself is to know what you're doing that may be unsafe. Even the best protection software won't help someone with unsafe online practices. Here's a list of nine common things people do that quite often leads to them getting hacked.
Read moreI'm a little tired of writing about passwords. But like taxes, email, and pinkeye, they're not going away any time soon. When hackers or penetration testers compromise a system and want access to clear text passwords from a database dump, they must first crack the password hashes that are stored.
Here's what I know to be true, and backed up by plenty of empirical data: no matter what you tell them, users will always choose simple passwords and no matter what you tell them, users will re-use the same password over and over on multiple devices, apps, and websites. If you are lucky they might use a couple passwords instead of the same one.
Read moreWhen hackers or penetration testers compromise a system and want access to clear text passwords from a database dump, they must first crack the password hashes that are stored.
Many attackers approach this concept headfirst: They try any arbitrary password attack they feel like trying with little reasoning. This discussion will demonstrate some effective methodologies for password cracking and how statistical analysis of passwords can be used in conjunction with tools to create a time boxed approach to efficient and successful cracking. Password cracking is a dying enterprise.
Read moreFor years, the most popular password was "password," until last year when it got bumped by "123456" which is, of course, no better, because your password security can be compromised.
The problem is we're lazy and having to memorize a complicated string of letters, numbers, and characters for each of our private accounts. Edward Snowden has bad news for you: Your computer password is probably terrible. For somebody who has a very common 8-character password, it can literally take less than a second for a computer to pull that password out. Less than one second.
Read moreOne dollar could buy you a stolen password to an Uber account and free car rides around town. Vendors on dark net sites are offering active Uber username and login details for $1.
Motherboard said it was able to verify that some of the accounts were still in use by Uber members and that, in one case, a previously hacked Amazon password was likely used to get into an Uber account because the passwords were the same. The company said it investigated the issue, and found no evidence of a breach. In May 2014, the company suffered a security breach that affected thousands of Uber's current and former drivers.
Read moreAxarhöfði 14,
110 Reykjavik, Iceland