Smashing Security #146: Password secrets and baking brownies

In the latest edition of the “Smashing Security” podcast, hosted by computer security veterans Graham Cluley and Carole Theriault, Carole has suffered an injury, we journey back in time to one of our earliest episodes to discuss the perils of passwords, and Rachael Stockton from LastPass drops by for a chat.

55 sec read

LastPass users automatically updated to fix security vulnerability in browser extension

Popular password manager LastPass says that it has fixed a vulnerability in its Chrome and Opera browser extensions that could have potentially seen an attacker steal the username and password previously filled-in by the software.

1 min read

Umm.. that’s not a movies password update. That’s a downgrade

A cinema chain has given customers a password that any mischief-maker with half a brain cell could deduce.

53 sec read

Google stored business customers’ passwords in plaintext on its servers… for 14 years

Google has admitted that some of its business customers of G Suite (formerly known as Google Apps) had their passwords stored on the company’s internal servers for 14 years in plaintext.

Read more in my article on the Bitdefender Business Insights blog.

0 sec read

Zara Larsson wants your password so she can watch Game of Thrones

When a celebrity asks if you can share your password…

37 sec read

Hacker could locate thousands of cars and kill their engines remotely via poorly-secured GPS tracking apps

App accounts were “protected” by a default password. That password? 123456.

Read more in my article on the Hot for Security blog.

0 sec read

High school election hacked by candidate who exploited weak passwords

When Berkeley High School in California held its first ever elections for student government last month, things went about as well you probably expected…

1 min read

Some 2000 Facebook staff had access to millions of Facebook users’ passwords… stored in plaintext

Stretching back as far as 2012, Facebook has been storing the passwords of hundreds of millions of users unencrypted, in plaintext.

And those passwords were searchable by Facebook staff…

2 min read

Man arrested for selling one million Netflix, Spotify, Hulu passwords

The WickedGen website bragged that it had over 120,000 users and almost one million sets of account details, offering monthly and yearly membership plans for those who wanted “access to thousands of premium accounts across a huge range of services.”

Read more in my article on the Hot for Security blog.

0 sec read

Find QuadrigaCX’s missing $190 million, and you could win a $100,000 bounty

There has been another twist in the curious case of QuadrigaCX, a Canadian cryptocurrency exchange whose CEO unexpectedly and suddenly died without telling anyone else his password.

And it sounds like more troubling news for investors.

2 min read

Google Chrome extension warns if your password has been leaked

Google has released an optional extension for its Chrome browser that will trigger a visual warning if it determines you are using a username/password combination that it knows to be unsafe.

Read more in my article on the Tripwire State of Security blog.

0 sec read

Smashing Security #114: Darknet Diaries, death, and beauty apps

Jack Rhysider from the “Darknet Diaries” podcast joins us to chat about his interview with the elusive Hacker Giraffe, how a death is preventing cryptocurrency investors from reaching their money, and how ‘beauty camera’ apps are redirecting users to phishing websites and stealing their selfies.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast, hosted by computer security veterans Graham Cluley and Carole Theriault.

1 min read

Every day should be Safer Internet Day

To celebrate the day after Safer Internet Day, here are my top five tips for staying safe online.

1 min read

Got a Nest security camera? Enable two-step verification now

Two-step verification (2SV) combined with a unique password makes it harder for a hacker to see what you’re doing in your home.

56 sec read

The Collection #1 data breach – what you need to do about it

A huge collection of email addresses and passwords, which can be used in attempts to break into online accounts, has been discovered.

If you are one of the affected users, what should you do about it?

2 min read

Reddit users locked out of accounts after ‘security concern’

A large number of Reddit users are being told that they will have to reset their passwords in order to regain access to their accounts following what the site is calling a “security concern.”

The lockout has occurred as Reddit’s security team investigates what appears to have been an attempt to log into many users’ accounts through a credential-stuffing attack.

Read more in my article on the Tripwire State of Security blog.

0 sec read