Go to Top

October 2016

Arrested Russian linked to theft of 117 million LinkedIn passwords

A Russian citizen arrested in Prague was wanted in connection to the theft of 117 million LinkedIn passwords and login credentials, the social networking firm confirmed. “Following the 2012 breach of LinkedIn member information, we have remained actively involved with the FBI’s case to pursue those responsible,” LinkedIn said in a statement. “We are thankful for the hard work and dedication of the FBI in its efforts to locate and …Read More

The psychological reasons behind risky password practices

Despite high-profile, large-scale data breaches dominating the news cycle – and repeated recommendations from experts to use strong passwords – consumers have yet to adjust their own behavior when it comes to password reuse. A Lab42 survey, which polled consumers across the United States, Germany, France, New Zealand, Australia and the United Kingdom, highlights the psychology around why consumers develop poor password habits despite understanding the obvious risk, and suggests …Read More

NSA could put undetectable “trapdoors” in millions of crypto keys

Researchers have devised a way to place undetectable backdoors in the cryptographic keys that protect websites, virtual private networks, and Internet servers. The feat allows hackers to passively decrypt hundreds of millions of encrypted communications as well as cryptographically impersonate key owners. The technique is notable because it puts a backdoor—or in the parlance of cryptographers, a “trapdoor”—in 1,024-bit keys used in the Diffie-Hellman key exchange. Read article: http://arstechnica.com/security/2016/10/how-the-nsa-could-put-undetectable-trapdoors-in-millions-of-crypto-keys/ Related …Read More

Europe to Push New Security Rules Amid IoT Mess

The European Commission is drafting new cybersecurity requirements to beef up security around so-called Internet of Things (IoT) devices such as Web-connected security cameras, routers and digital video recorders (DVRs). News of the expected proposal comes as security firms are warning that a great many IoT devices are equipped with little or no security protections. Read article: https://krebsonsecurity.com/2016/10/europe-to-push-new-security-rules-amid-iot-mess/ Related product: Cryptographic Development Kits

Yahoo helped US spies scan all its emails in real time for a single phrase

Yahoo built an unprecedented surveillance system in response to a government request last year, according to a bombshell report published today by Reuters’ Joseph Menn, which cites three persons familiar with the matter. The request asked for all arriving emails to be scanned for a specific string of characters, either in the body of an email or an attachment. Yahoo CEO Marissa Mayer chose to comply with the request. Crucially, …Read More

Security Design: Stop Trying to Fix the User

Every few years, a researcher replicates a security study by littering USB sticks around an organization’s grounds and waiting to see how many people pick them up and plug them in, causing the autorun function to install innocuous malware on their computers. These studies are great for making security professionals feel superior. The researchers get to demonstrate their security expertise and use the results as “teachable moments” for others. “If …Read More