How honest is your TV? Why do crooks like source code hacks? Should you brag when you publish a breach notification? Find out now in 60 Second Security.
Naked Security – Sophos
Despite the many, many cautionary tales we hear every day of e-mail, social media, and other Internet accounts being compromised, some people still haven’t heeded the warnings about using easily-guessed passwords. And it isn’t just the non-technical masses that are leaving themselves vulnerable.
I’ve railed in the past against the risks created, ironically, by companies having password policies that are too aggressive. But on the Internet, it’s already been established that nearly any password is vulnerable to cracking, no matter how elaborate.
Websites’ poor security often leaves them vulnerable to the bulk theft of password files—or, as in the case of the exposure at the Institute of Electrical and Electronics Engineers’ IEEE.org, sometimes passwords are just sitting there on servers unencrypted and waiting to be downloaded. Even when they’re encrypted, those password files can easily be cracked (as Dan Goodin reported) with a variety of readily-available “password recovery” tools—and thanks to software that uses the power of beefier graphics processor units and vast lists of previously cracked passwords, it’s getting increasingly easier.
Read 10 remaining paragraphs | Comments
Antivirus and security firm Trend Micro was the latest victim in what seems like never-ending hacks, dumps and hacker wars. Also named was SYKES, a company that allegedly runs support services for Trend Micro. The SYKES site states that it is “a global leader in providing customer contact management solutions and services in the business process outsourcing (BPO) arena.” Read more
NEW YORK — Walgreen Co. says a list of customers’ e-mail addresses has been breached and spam may have been sent out directing customers to enter personal data into outside Web sites. The company notified customers on Friday that their e-mail had been …
Read more
