tag
passwords

Gamigo game site hack lessons learned (and what should you do)

Gamigo learned a few months ago about a breach and alerted its users that they had been attacked. But now, we see an estimated 8+ million records just went public, no small amount for the attackers. What is interesting is that by one account, hash cracking was able to decrypt over 90% of the passwords,

Guarding against password reset attacks with pen and paper

With the recent announcements of password breaches at LinkedIn, and warnings from Google about state-sponsored attacks on Gmail accounts, it seems like a good idea now to review some password security basics.  In this blog post, we’re going to take a look at a rather low-tech solution to a decidedly high-tech problem:  How to guard

Mining Social Data Led to Johansson and Aguilera Hacks

News that the FBI has arrested the Florida man they suspect of criminally hacking into devices belonging to celebrities such as Scarlett Johansson and Christina Aguilera is welcome, definitely a win for law enforcement and society at large. But the good news comes with a warning. The technique used by the alleged perpetrator was to

LinkedIn Privacy: An Easy How-to Guide to Protecting Yourself

Introduction LinkedIn is a social network platform whose specialty is connecting professionals together to build relationships and create business opportunity. Recently the company became publicly traded and grabbed the attention of the world as its initial public stock offering more than doubled on the first day. Here we focus tools and options for user privacy

The Social Networking/Cybersafety Disconnect

Survey Reveals Chasm between Users’ Concerns and Behavior A recent Survey commissioned by ESET and conducted online by Harris Interactive from May 31-June 2, 2011 among 2,027 U.S. adults 18+ found a startling disconnect between user concerns about privacy and security and their actions on social networking sites. To start, the study found that 69%

Passwords, passphrases and past caring

First: a link to another article  for SC Magazine's Cybercrime Corner on password issues: Good passwords are no joke. However good your password is, your privacy still depends on rational implementation by the service provider. Also, one of the articles that sparked off that particular post: ESET Ireland's excellent blog post on a survey carried

Lockheed Martin breached by unknown digital assailants

In an unfortunate series of events related to the RSA SecurID technology, reports are coming in that Lockheed Martin's networks have been broken into by unknown perpetrators.  Jim Finkle and Andrea Shalal-Esa broke an exclusive story and reached out to folks in the industry to get to the truth. "They breached security systems designed to

Facebook Privacy: An Easy How-to Guide to Protecting Yourself

Introduction As the sun is setting and I breathe some of the night time air I am inspired to write about Facebook.  Yes, *the* Facebook, the third largest country if it were a physical place with boundaries under a common rule of law and government.  When many people use a service such as this, it

Back to the Basics – AKA Not Sony Again?

Yes, it is Sony again. This time it is their Canada web site and their Japan website. According to thehackernews.com, which I cannot vouch for, this is the 10th Sony hack. While we don’t know how the PlayStation Network hack happened, we do have some information about how some of the other attacks were performed

Hacking Sony for Fun and Profit (And Let’s Nail Your Company Too)

It’s been a really rough time for Sony. I have a hunch that in the past month “Sony CTO” has leapt past toilet cleaner on the list of least desirable jobs. Last month there was the massive Sony PlayStation/Qriocity breach that leaked more data than a Wall Street ticker leaks stock prices. Then a Sony

No chocolates for my passwords please!

Greetings Dear Reader, We have published guidance material previously on passwords and passphrases, some are blogs and some are lengthier depending on your liking (link & link).  Even still it is always good practice to reinforce sensible password techniques.  For this blog, I plan on sharing an analogous self-ritual, and one that relies on a

Good Password Practice: Not the Golden Globe Award

The Boston Globe suggested  that changing passwords is a waste of time, based on their interpretation of an article by Herley Cormac. Cormac's paper – well worth reading, by the way – reinforces a point that has been made many times both by me and by the "user education doesn't work" lobby. While I don't believe that education is useless,

12345 Oh My!

A short time ago I was watching someone I know type in a password to an important web site. I wasn’t looking to see what the password was, however I noticed it wasn’t long and it was all entered on the numeric keypad. This is someone who is not a security expert, but has heard

Does Your Email Account Give Me Access To Your Bank Account?

Wow, I knew it was a problem, but the scope is mind-boggling. At least one of you out there is probably making this mistake. According to the security firm Trusteer, 73% of people use their banks passwords at other sites as well. You can read the article on MSNBC In addition to that statistic, Trusteer

Ten Ways to Dodge Cyber-Bullets (Part 4)

[Part 4 of an occasional series, updating a blog series I ran in early 2009 to reflect changes in the threat landscape. This series will also be available shortly as a white paper.] Good Password Practice Use different passwords for your computer and on-line services. Also, it’s good practice to change passwords on a regular basis

Password Practice Revisited

A few months ago Randy and I put together a white paper on password "good practice" (http://www.eset.com/download/whitepapers/EsetWP-KeepingSecrets20090814.pdf).  In it, I quoted the following table of The Ten Most-Used Passwords (sourced from http://www.whatsmypass.com): 1 123456 2 password 3 12345678 4 1234 5 pussy 6 12345 7 dragon 8 qwerty 9 696969 10 mustang  Today, I came

New White Papers

A number of new papers have been added to the white papers page: Cristian Borghello’s "Playing Dirty" is a translation of his original Spanish paper, available on the ESET Latin America web site, and describes in detail how criminals make money out of stealing online gaming credentials and assets. http://www.eset.com/download/whitepapers/EsetWP-PlayingDirty20090812.pdf My paper "Social Security Numbers:

Fly By Wireless

No, nothing to do with drive-by downloads… Our colleagues in Europe came up with a nice idea: an article on the dangers of web surfing on free wi-fi and some tips on staying safe. (A topic dear to the hearts of all of us who find ourselves out and about with our laptops from time

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

26 articles related to:
Hot Topic
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.