Many of you may have read about, or even experienced firsthand, the recent DDoS attacks, especially if you have used popular sites such as Amazon, Pinterest, Tumblr, Netflix, Twitter, Reddit, and PayPal. From users’ perspective, it may have looked like these sites were down. Some of you might even have participated in the attack; or some would have you believe. So you might be wondering: Just how responsible are you for this massive attack?
Let’s begin with what a DDoS attack is. Here’s a quick analogy I wrote on the topic back in 2014: Continue reading How Responsible Are Consumers for the Insecurity of IoT?
The media recently reported that information from over 500 million Yahoo accounts was breached. According to USA Today, the information may have included “names, email addresses, telephone numbers, dates of birth, and, in some cases, encrypted or unencrypted security questions and answers.” Aside from Continue reading Account breaches and the CFAA
Researchers have developed a prototype of a “smart” keyboard that claims to be able to recognize its owner based on characteristics such as the pressure applied to keys and typing speed. The article hints that it may have applications for security, such as locking out someone else who knows the password but has a different typing style.
Here’s yet another reminder of why it’s a bad idea to use the same password on more than one site.
According to the Dropbox blog, “The usernames and passwords referenced in these articles were stolen from unrelated services, not Dropbox. Attackers then used these stolen credentials to try to log in to sites across the internet, including Dropbox.”
If you have trouble remembering a different password for every site, one option is to use a password manager. Password managers are not impervious to all types of attacks, but they can help to ensure that you have different, strong, and unique passwords for every online service.
In the recent leak of 5 million passwords, Google denies that the company itself was hacked. More than one expert agrees with Google that the passwords were likely obtained from other sources. Therefore, if any of the passwords still work on Gmail, it is probably because people used the same passwords for Gmail as they did on other sites. Google also says they have required the users of affected accounts to reset their passwords.
In short, if you use different, strong passwords for every site, then you probably have little to worry about from this leak. If you don’t, this is another reminder to start doing so before a more serious breach happens.
Update (September 2, 2014): Apple has released a statement providing an update on the situation. I made a new post commenting on the situation here.
Over the past 12 hours, there has been a leak of celebrity photos. Programmers are speculating that the leak was caused by an exploit in the “Find My iPhone” service that allowed brute-forcing of passwords.
To brute-force a password means to try every single possible password until you find the correct one. Online servers have a number of mechanisms that can be used to stop brute-force attacks. For example, a server can limit the number of login attempts from each IP address. After, say, Continue reading “Find My iPhone” Exploit Possibly Allowed Celebrity Photo Leak
1.2 billion usernames and 500 million emails have been stolen from 420,000 websites. The worst part is that we still don’t know exactly which websites were affected.
The everyday user may not be able to do much to convince companies to allocate their budgets so that they take security more seriously, but that doesn’t mean we are completely helpless.
Perhaps the most important lesson we can take away from this breach is Continue reading 1.2 Billion Usernames and 500 Million E-mails Stolen