The top 5 worst passwords from the Star Trek universe | Agile Blog
Don’t be like Starfleet.
Make it much, much harder to commandeer or blow up your ship.
That's No Space Station
Showing 29 posts tagged security
tech, humor, and nuance by David Chartier—tech distiller, freelance writer, Macworld contributor, wrangler of Finer Things in Tech
Liked Posts
Outlook.com claims my account has been doing creepy things, so to verify that you may or may not be a creepy person who knows how to use a phone, we need your phone number.
(Never mind that the only thing I’ve done with the account is send a test email to one of my other addresses and the password is a mile long thanks to 1Password)
Ok, fine.
Outlook.com needs to send my number—which in no way, shape, or form could be a throwaway from Google Voice or a trillion other services—a verification code. Sure, send it.
Never arrives.
Send again.
Nope.
Once more.
Sorry you’ve sent too many codes, now you’re double extra locked out with a cherry on top.
High-res
Whether it’s the Chinese army or someone else, it’s starting to sound like these people took “hack the planet” a bit literally:
EXCLUSIVE: Apple said it was attacked by hackers who infected “small number” of its Mac computers. Apple says the hackers also hit Facebook and other small companies.
Apple says there is “no evidence that any data left Apple,” adding that the company is working with law enforcement to identify hackers. More soon on Reuters.com.
“
One risk to the undisclosed sharing noted by Nolan was that, “with the information I have available to me through the checkout portal I could track down and harass users who left negative reviews or refunded the app purchase.”
A greater risk its that, with millions of names being distributed to every vendor of paid apps on Google Play, the likelihood of a security breach through malware becomes very high. Customers who entrusted their details to Google are now having their information spread across a variety of developers who may not even have a security policy.
”AppleInsider: Google asks journalists to tone done story of “massive” Google Play security flaw
“As you may have read, there’s been a recent uptick in large-scale security attacks aimed at U.S. technology and media companies. Within the last two weeks, the New York Times and Wall Street Journal have chronicled breaches of their systems, and Apple and Mozilla have turned off Java by default in their browsers. This week, we detected unusual access patterns that led to us identifying unauthorized access attempts to Twitter user data. We discovered one live attack and were able to shut it down in process moments later. However, our investigation has thus far indicated that the attackers may have had access to limited user information – usernames, email addresses, session tokens and encrypted/salted versions of passwords – for approximately 250,000 users.”
Twitter Blog: Keeping our users secure
I got a Twitter password reset email, and a whole bunch of people replied the same. Twitter says the attack was quite sophisticated and believes that more companies beyond the New York Times and Wall Street Journal were hit. This is getting even bigger.
Nokia: Yes, we decrypt your HTTPS data, but don’t worry about it — GigaOM
Under absolutely no circumstance, case study, excuse, hypothetically theoretical, situation, or imaginary scenario is it ok for Nokia to decrypt secure HTTPS traffic, let alone route that traffic through its servers. This is appalling, I hope they get taken to the mat for it.
Skype Knew of Security Flaw Since November 2010, Researchers say - WSJ
Oops.
The hard drives most likely to expose your data aren't your own - Ars Technica
AppleInsider: Serious security flaws discovered in Android phones, Samsung and HTC ignore issuex
From the paper (PDF link) AppleInsider found:
By exploiting these leaked capabilities, an untrusted app on these affected phones can manage to wipe out the user data on the phones, send out SMS messages (e.g., to premium numbers), record user conversation, or obtain user geolocations all without asking for any permission.
In other words: Android OEMs are playing fast and loose with customer privacy and security when tinkering with Android’s underpinnings, adding features, or making modifications to suit their priorities.
Researcher’s Video Shows Secret Software on Millions of Phones Logging Everything | Wired.com
Manufacturers and carriers have been installing what is basically a rootkit on millions of Android, BlackBerry, and Nokia phones to record everything their users do, “ostensibly so carriers and phone manufacturers can do quality control.”
Wired has a video of the software in action, showing how it records a security researcher’s Google search for “hello world” despite using HTTPS (it’s recording keystrokes), as well as every phone number dialed. Numbers are uploaded to Carrier IQ, the company that created this rootkit for carriers and manufacturers, before the phone call is even placed.
Despicable.
