Farewell Lastpass, We don't need more data breach

You鈥檝e heard it again and again: You need to use a password manager to generate strong, unique passwords and keep track of them for you. And if you finally took the plunge with a free and mainstream option, particularly during the 2010s, it was probably LastPass. For the security service鈥檚 25.6 million users, though, the company made a worrying announcement last week: A security incident the firm previously reported on November 30 was actually a massive and concerning data breach that exposed encrypted password vaults鈥攖he crown jewels of any password manager鈥攁long with other user data....

December 29, 2022 路 2 min 路 369 words 路 Omid Farhang

Evernote is suspect of a hack, change your password

Cross-posted from Evernote blog: Evernote鈥檚 Operations & Security team has discovered and blocked suspicious activity on the Evernote network that appears to have been a coordinated attempt to access secure areas of the Evernote Service. As a precaution to protect your data, we have decided to implement a password reset. Please read below for details and instructions. In our security investigation, we have found no evidence that any of the content you store in Evernote was accessed, changed or lost....

March 2, 2013 路 2 min 路 415 words 路 Omid Farhang

Cloud service cracks VPN passwords in 24 hours

h-online: At the Black Hat hacker conference in Las Vegas, encryption expert Moxie Marlinspike promised that his CloudCracker web service was able to crack any VPN or WiFi connection secured using MS-CHAPv2 within 24 hours. The cost? Around $200. MS-CHAPv2 is based on the eminently crackable encryption algorithm DES. The problem was first documented in 1999 by Bruce Schneier working with two other researchers. A large number of processor cores are still required to crack the encryption within a reasonable time 鈥 the number of possible keys makes trying to perform a brute force attack on a normal PC a hopeless task....

July 31, 2012 路 2 min 路 293 words 路 Omid Farhang

Password leak at meetOne

h-online: A data leak at the meetOne dating site allowed anyone to access private data including the plaintext passwords, email addresses and real names of the site鈥檚 approximately 900,000 members. To obtain the data, an attacker simply needed to increment a URL parameter. After they were informed by The H鈥榮 associates at heise Security, the operators soon closed the hole. When news of a data leak in one of the dating portal鈥檚 custom APIs was disclosed to heise Security, the editors managed to reproduce the problem and access the data of a specially created test profile....

July 26, 2012 路 2 min 路 364 words 路 Omid Farhang

11 million passwords leaked from online gaming platform

h-Online: A file with 11 million password hashes belonging to users of the online games platform Gamigo has been circulated on the internet. According to an analysis by ZDNet, 8.2 million different email addresses are also part of the 478MB file. Around 3 million of these belong to users from the US, 2.4 million are German addresses and 1.3 million are supposed to originate in France. The list also includes corporate email addresses from companies such as IBM, Siemens, Deutsche Bank and the German insurance company Allianz....

July 24, 2012 路 2 min 路 323 words 路 Omid Farhang

Millions of Last.fm passwords leaked

The H-Online: A list with several million passwords belonging to users of the music community site Last.fm has been posted on the internet. The site owners have posted a statement saying that the company is investigating the leak and that all users of the service should change their passwords immediately. This is the third major compromise of a popular web site鈥檚 passwords in as many days. The H鈥檚 associates at heise Security are in possession of a list containing approximately 2....

June 9, 2012 路 1 min 路 212 words 路 Omid Farhang

LinkedIn passwords in circulation

H-Online: Internet forums are currently circulating a list containing over six million password hashes which allegedly originate from LinkedIn. The passwords are being cracked collaboratively with about 300,000 passwords already published as plaintext. The list contains pure SHA1 hashes with no name or email addresses. If decrypted, the passwords will not easily give access to an appropriate account. However, it is probable that the person who captured the hashes also has the corresponding email addresses....

June 6, 2012 路 2 min 路 303 words 路 Omid Farhang

Digital Playground porn passwords exposed by hackers

SophosLabs: A group of hackers are claiming to have stolen the details of more than 70,000 users of the Digital Playground porn website. The group, calling itself 鈥淭he Consortium鈥, appears to have scooped up some 40,000 financial details (including credit card numbers, names, CCV numbers, and expiration dates) as well as the email addresses and passwords of 72,000 users. According to the hackers, who appear to be affiliated with the Anonymous movement, the sensitive information was not encrypted....

March 13, 2012 路 3 min 路 437 words 路 Omid Farhang

YouPorn passwords available for download, thousands of users exposed [Updated]

SophosLabs: Want a free password for one of the world鈥檚 most popular adult websites? YouPorn, one of the world鈥檚 most popular porn video websites and one of the top 100 websites of any kind in the world, appears to have been caught with its pants down 鈥 after a list of many of its users鈥 email addresses, passwords and dates of birth were left exposed on a public-facing server. According to security blogger Anders Nilsson, the credentials of well over a million YouPorn users were publicly accessible....

February 23, 2012 路 2 min 路 383 words 路 Omid Farhang

Chrome may get a password generator

The H-Online: Google鈥檚 solution for the problem of getting better passwords on the net 鈥 a combination of browser sign-in andOpenID 鈥 will take some time to implement as it involves persuading sites to switch to using OpenID. The developers on the Chrome project think that they can at least improve the security of passwords on sites, by generating passwords for the user. A new Password Generation proposal for the Chromium and Chrome browsers attempts to address that by assuming that once the user is signed into the browser, it can take over the handling of password creation....

February 21, 2012 路 2 min 路 281 words 路 Omid Farhang