General Musing

blaze your trail

Posts Tagged ‘security

Spreading Passwords over Multiple Locations #security

leave a comment »

Spreading Passwords over Multiple Locations #security ??RSA’s new approach is a version of a technique known as threshold cryptography, which has long been explored by researchers. They split the password in chunks and store the chunks over multiple servers.

http://www.technologyreview.com/news/429498/to-keep-passwords-safe-from-hackers-just-break/

To Keep Passwords Safe from Hackers, Just Break Them into Bits – Technology Review

Millions of passwords have been stolen from companies such as LinkedIn and Yahoo. A new approach aims to prevent future heists.

View or comment on Dani??l Crompton’s post »

Advertisements

Written by Daniël W. Crompton (webhat)

October 10, 2012 at 3:26 pm

Posted in algorithm, database, security

Tagged with ,

Yahoo! Password Leak #security

leave a comment »

Yahoo! Password Leak

Gina Smith writes about the Yahoo! password leak inTechRepublic and adds a link were you can check whether your password was leaked.

I changed my password as soon as I heard, and hope you did too. Luckily my password was not exposed in a form that Sucuri could detect. Even if you were not in the list you should change your password, as this could just have been a partial list and your password could still be floating around.

View or comment on Daniël Crompton’s post »

Written by Daniël W. Crompton (webhat)

July 13, 2012 at 7:56 pm

Posted in Uncategorized

Tagged with , , ,

Yahoo! Nooooooooo…. #security

leave a comment »

Yahoo! Nooooooooo….

*sigh* Yahoo! What did you do? Unencrypted passwords? Please tell me it isn’t so…

/me = speechless

Nearly Half a Million Yahoo Passwords Leaked – Slashdot

An anonymous reader writes “Some 450,000 email addresses and associated unencrypted passwords have been dumped online by the hacking collective “D33Ds Company” following the compromise of a Yahoo subd…

View or comment on Daniël Crompton’s post »

Written by Daniël W. Crompton (webhat)

July 12, 2012 at 2:46 pm

Posted in Uncategorized

Tagged with , , , ,

FromSpring Passwords Lost

leave a comment »

FromSpring Passwords Lost

Formspring managed to add itself to the list of companies to misshandle their user’s accounts and lose 420,000 passwords. Unlike LinkedIn, by all accounts, they handled it gracefully and informed their users quite quickly. Additionally, unlike LinkedIn, they disabled all passwords for all the accounts which is exactly what you should do if a breach is discovered. Whether the passwords are sha256 hashed+salted or plain text. The hash is merely a delaying mechanism to ensure that there is a window of time before a vendor needs to have discovered the security incident.

Something FormSpring did not do is ask users who use Twitter or FaceBook oauth to create a password when they sign up. Many sites do this to ensure that their users can login without FB or Twitter. This means that I did not need to change my password, as I only had my FB and Twitter accounts linked as my MAIN and only form of identification.

View or comment on Daniël Crompton’s post »

Written by Daniël W. Crompton (webhat)

July 12, 2012 at 12:34 pm

Posted in Uncategorized

Tagged with , , ,

Bol.com Hacked by Housewife #security

leave a comment »

Bol.com Hacked by Housewife

Bol.com, a European online retailer, had a leak which exposed the details of 84000 people. The leak was discovered by the organisation of Hacker Housewives at the beginning of this year, and probably due to responsable disclosure agreements was not made public until this last week.

Article (in Dutch)

View or comment on Daniël Crompton’s post »

Written by Daniël W. Crompton (webhat)

July 3, 2012 at 8:42 am

Posted in Uncategorized

Tagged with , , , , ,

Encrypted Disks #security #privacy

with one comment

Encrypted Disk

I just saw this question: I have an external 3Tb Hard drive formatted as Mac OS Extended (Journaled, Encrypted) with 10.7.1. Just wondering if 10.6 can also access this external hard drive ?

And saw this answer: I strongly recommend against encrypting anything unless you really really really have to. The only one it will ultimately keep away from your data is yourself.

 

It’s stupid answers like this that allow people to lose their identity when their phone, computer or harddisk is stolen. By encrypting your data you are wisely protecting your data from theft, and ensuring that when you do suffer the loss of a device you don’t compound that loss with your identity or other valuable data. It is in exceptional circumstances that you lose your data due to the encryption, this is not likely to happen.
The first thing I do on my computer is set up an encrypted disk, you should too.
Image source: Sebastian Fritzon 

View or comment on Daniël Crompton’s post »

Written by Daniël W. Crompton (webhat)

June 28, 2012 at 2:53 pm

Privacy Settings

leave a comment »

Privacy Settings

I like many of the apps that show you the importance of having you privacy settings set up right. Personally I would prefer to have most everything public, with a few exception. I just don’t post anything I wouldn’t tell a stranger. 🙂

View or comment on Daniël Crompton’s post »

Written by Daniël W. Crompton (webhat)

June 28, 2012 at 7:32 am

Posted in Uncategorized

Tagged with ,

%d bloggers like this: