Tag Archive for: experts

Death of the computer password is just around the corner, tech experts say – WSB-TV Channel 2

/in


If you don’t count hackers, phishers and pirates, most computer users hate passwords.

>> Read more trending news

Tech giants have been predicting the death of passwords since 2004 when Bill Gates foretold of their inevitable demise, according to a new story in Insider.

The author, Shubham Agerwal, said he tried out a beta system a few weeks ago that could be a “game changer.” It’s as easy as “signing into an iPhone” with nothing to remember or manage, he said.

Agerwal said that we’re still a long way from a password-free future, but it’s getting closer, experts agree.

The system was developed by FIDO Alliance (Fast Identity Online), formed in 2013 when Apple, Amazon, Google and other big tech companies joined forces to eliminate the antiquated password system with a system called “passkeys,” according to Insider.

Passkeys are a “replacement for passwords that provide faster, easier and more secure sign-ins to websites and apps across a user’s devices.” Passkeys are always strong, resistant to phishing, and will simplify the registration of devices, according to the FIDO alliance. They will also work on most of a user’s devices and even other devices within physical proximity, according to the group’s website.

FIDO’s mission is to shift security to technology and not users, Insider reported. Right now, it’s becoming ever more evident that passwords alone don’t work.

According to Insider, something that millions of computer users already know: passwords are ridiculously easy to crack. Hacker technology has become so sophisticated that it’s far ahead of even the latest, more complex, algorithm-driven security systems.

Users must rely only on their memory. Even the computer-generated long, complex passwords that Google and other operating systems and sites create are not totally secure.

Most humans, many of whom have dozens of sites to log onto at work, will use one password over multiple sites to save time. This leads to a domino effect when one of those passwords is compromised — all the other sites using that password can crack in a split second.

And simple, vulnerable passwords like “Password4Me” and “ABC123″ are far more prevalent than one…

Source…

“Worst-case scenario”: Cybersecurity experts confirm school security blueprints stolen in MPS ransomware attack

/in


MINNEAPOLIS — It was known then but it’s even more apparent now: the ransomware attack against Minneapolis Public Schools was massive.

Mark Lanterman, former member of the U.S. Secret Service Electronic Crimes Task Force, described it as a “worst-case scenario,” and confirmed that highly sensitive security information, including campus blueprints, alarm schematics and the placement of surveillance cameras, were all among the documents stolen.

“My advice to the school district – get new IT staff because someone fell asleep at the wheel during this event,” Lanterman said bluntly. “The faucet of data was on for a long time. This was not a transfer of data like downloading a movie on iTunes that took 10 minutes. This took hours if not days if not longer. There are hundreds of thousands of files here.”

Emails from Minneapolis Public School officials obtained by WCCO show a nearly two-week delay before the district acknowledged that staff and family members’ personal data could be compromised.

Hackers have since released information onto the dark web, where users are untraceable. Cybersecurity experts warn that anyone associated with the district — current and former students, parents, staff and vendors — should assume they have been compromised until they’ve been told otherwise, and take action to protect themselves.

“Understanding how this breach affects each specific family is important because it will either put your mind at ease or give you and your legal representative a course of action. This should not have happened,” Lanterman added, while also urging parents to demand answers to a series of questions. “What information about my family are you currently storing and how are you storing it? Is it encrypted? Who has access? Is it being stored on a system that’s connected to the internet?”

The breach was first discovered on Feb. 17. A short email sent to Interim Superintendent Rochelle Cox says there was a “system incident that has impacted many MPS systems.” The district’s IT services says it was “determining scope and restoring services as quickly as possible.”

An email went out to district families on Feb. 21, which noted that “no data will be lost due to the…

Source…

Twitter’s new encrypted message feature criticized by security and privacy experts

/in



Washington
CNN
 — 

Privacy and security experts widely panned a new feature that Twitter unveiled Wednesday that encrypts some direct messages between users, raising questions about the future of user safety on the platform.

Twitter’s early efforts at securing direct messages with encryption appear to be riddled with caveats, flaws and risks that may endanger users, the experts said after the company rolled out its initial release.

With the first iteration of the feature, only users who are paying subscribers to Twitter Blue or whose organizations have paid to be verified with the company may use encrypted messages.

In addition, encrypted messages may only be sent between two individuals, not groups. Encrypting images, video and other media is not supported. Both participants must either have exchanged direct messages in the past, or the recipient of an encrypted message must already follow the sender.

Perhaps most crucially, Twitter acknowledged that even with the encryption feature enabled, the company itself, and other third parties, can still potentially access user messages.

“I’m trying to be positive about Twitter deploying encrypted DMs even though there are so many things about this system that make it feel like a v0.1 release, or are just obnoxious,” said Matthew Green, a cryptographer and computer science professor at Johns Hopkins University, in a tweet.

Twitter’s former chief information security officer, Lea Kissner, publicly pleaded with Twitter’s current engineering team to improve the feature quickly.

“Twitter folks, seriously. I left some design docs somewhere. Please use them,” Kissner said on Bluesky, a rival platform.

Twitter has described encrypted messaging as key to the company’s future of becoming “the most trusted platform on the internet.” But the rollout provides another example of how, under CEO Elon Musk, Twitter has forged ahead with significant changes to the platform over the warnings of independent researchers about potential unintended consequences…

Source…

experts call for increased investment in internet security – The Sun Nigeria

/in


….As CBN, EFCC, CDS, others brainstorm

In order to combat the current incidence of internet fraud in Nigeria, information technology (IT) professionals on the platform of the Nigeria Computer Society (NCS) have said that the country has to invest significantly in cyber security, develop local skills, and take IT more seriously.

NCS President, Prof Adesina Sodiya stated this at the opening of the Annual Cyber Security Forum and Workshop organised by the organisation, Wednesday in Abuja.

Sodiya said the workshop, which was attended by representatives of the Central Bank of Nigeria (CBN), the the Economic and Financial Crimes Commission (EFCC), Chief of Defence Staff, among other top government institutions and functionaries, was to provide a platform for experts to come together and discuss how the nation’s cyber security challenges could be solved.

According to him, “A lot is going on in the financial and other sectors. You just heard from the EFCC guy where he confirmed that they are facing a lot of challenges in the area of cyber security. The issue is that so many of our young men, mostly due to unemployment are taking into cyber crimes. If you know what our youths can do, you would be amazed.”

Speaking further, he recommended that, “The first thing we need to do to address the issue of cyber insecurity is to invest more in cyber security protection. Critical information infrastructure protection. Some people in government, still do not know the level of threat that we have and even when some IT professionals are mentioning these threats, they feel that they want to use the opportunity to get money and so on and so forth but, the truth remains that we need to invest more on cyber security.

“We also need to truly make cyber security a business. Some of these guys that are experts, we should find a way of harnessing their skills for something that is go for the nation.

“Then again, government should take the issue of IT very seriously. The issue of IT is not something they should play with. Look at what happened to INEC, we told them that they needed to prepare well for cyber security. We sent proposals to them. Eventually, one of the…

Source…