Why a good password isn’t good enough, COVID vaccine documents altered in a hack and intimate photos found unprotected.
Welcome to Cyber Security Today. It’s Wednesday January 20th. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com. To hear the podcast click on the arrow below:
Another successful password attack to tell you about. It was against the OpenWRT Project. This is a group that offers a free Linux-based operating system for wireless routers, smartphones and other embedded systems. On Saturday a hacker broke into the account of an administrator of the project’s forum. That’s where software developers exchange ideas. The hacker was able to download a copy of the forum’s user list, which includes email addresses and the users’ forum names, although these may not be their real names. In a security notice the project says the victimized administrator had a good password. But they didn’t use two-factor authentication as extra protection against compromise. The hacker didn’t get user passwords. But knowing email addresses will be enough to launch phishing email against them with malicious attachments. And some of those in the forum may work for IT companies, which could be compromised if a forum member clicks on a link. As a result the forum is advising all users to change their passwords.
The lesson here is everyone should use two-factor authentication as an extra step to protect logins, especially administrators. No site is too small to be hacked.
Last week I reported that a regulator called the European Medicines Agency had been hacked and information on the Pfizer COVID-19 vaccine was stolen. Here’s an update: Some of the data has been published on the Internet by the attackers. Not only that, some of the correspondence between people was altered in a way that could undermine trust in vaccines. In a statement the EMA makes it clear authorizations of vaccines are granted only when the evidence shows convincingly that the benefits of a serum are greater than the risks.
Police regularly warn people not to post intimate photos of themselves on social media, or text or email them to friends. You never know where they’ll end up. The…