Advertisements

General Musing

blaze your trail

Posts Tagged ‘passwd

Yahoo! Nooooooooo…. #security

leave a comment »

Yahoo! Nooooooooo….

*sigh* Yahoo! What did you do? Unencrypted passwords? Please tell me it isn’t so…

/me = speechless

Nearly Half a Million Yahoo Passwords Leaked – Slashdot

An anonymous reader writes “Some 450,000 email addresses and associated unencrypted passwords have been dumped online by the hacking collective “D33Ds Company” following the compromise of a Yahoo subd…

View or comment on Daniël Crompton’s post »

Advertisements

Written by Daniël W. Crompton (webhat)

July 12, 2012 at 2:46 pm

Posted in Uncategorized

Tagged with , , , ,

FromSpring Passwords Lost

leave a comment »

FromSpring Passwords Lost

Formspring managed to add itself to the list of companies to misshandle their user’s accounts and lose 420,000 passwords. Unlike LinkedIn, by all accounts, they handled it gracefully and informed their users quite quickly. Additionally, unlike LinkedIn, they disabled all passwords for all the accounts which is exactly what you should do if a breach is discovered. Whether the passwords are sha256 hashed+salted or plain text. The hash is merely a delaying mechanism to ensure that there is a window of time before a vendor needs to have discovered the security incident.

Something FormSpring did not do is ask users who use Twitter or FaceBook oauth to create a password when they sign up. Many sites do this to ensure that their users can login without FB or Twitter. This means that I did not need to change my password, as I only had my FB and Twitter accounts linked as my MAIN and only form of identification.

View or comment on Daniël Crompton’s post »

Written by Daniël W. Crompton (webhat)

July 12, 2012 at 12:34 pm

Posted in Uncategorized

Tagged with , , ,

Scandalous Insights

leave a comment »

Scandalous Insights

LinkedIn says in their blog: We are working hard to protect you, but there are also steps that you can take to protect yourself, such as:

  • Make sure you update your password on LinkedIn (and any site that you visit on the Web) at least once every few months.
  • Do not use the same password for multiple sites or accounts.
  • Create a strong password for your account, one that includes letters, numbers, and other characters.
  • Watch out for phishing emails and spam emails requesting personal or sensitive information.

LinkedIn – you can make it easier for your users to perform these tasks, you could auto expire passwords, have strength indicator, and even verify with other sites that they don’t have the same password: Login with the credentials given You can even implement SPF, DKIM, etc correctly to make your mail better. You don’t implement this security for UX and marketing reasons, instead you implement security to stop your users from being able to use your site better.

You don’t, instead you piss on your less tech savvy customers, and place part of the blame on them. I’ve offered multiple times to come and help you fix your stuff – free.

I’m sorry that you are idiots! And my offer still stands.

Taking Steps To Protect Our Members

View or comment on Daniël Crompton’s post »

Written by Daniël W. Crompton (webhat)

June 8, 2012 at 6:56 pm

Password Leak June

leave a comment »

Password Leak June
Today for you in Password Leak June: Last.FM

After earlier news that LinkedIn and others leaked passwords this week, Last.fm marketeers must have been wondering how they too could increase brand awareness.

Clearly this is a new meme, so much safer than planking. Although I will be skipping it as I like to have halfway decent software as a starting point.

Adrianus Warmenhoven
And now Last.fm has leaked passwords:

http://www.last.fm/passwordsecurity

Last.fm Password Security Update – Last.fm

The world’s largest online music catalogue, powered by your scrobbles. Internet radio, videos, photos, stats, charts, biographies and concerts.

View or comment on Daniël Crompton’s post »

Written by Daniël W. Crompton (webhat)

June 8, 2012 at 3:28 pm

Posted in Uncategorized

Tagged with , , , ,

6 Months of Security Links #2011

leave a comment »

I’m a regular curator of daily links, and like to give overviews of my collection of curated links and posts. This is partly as there are some good sources and articles in here and as I am working on a research project which I started based on a number of books I read.

I’m sure you’ll find something interesting in the items below – there are some gems in the list – and I dare to hazard the guess you might learn something you wanted to know. 🙂

Read the rest of this entry »

Written by Daniël W. Crompton (webhat)

July 15, 2011 at 4:10 pm

Posted in tagging

Tagged with , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

%d bloggers like this: