Fixing the petname-as-my-password dogma.

Popular pet names Rover, Cheryl and Kate could be a thing of the past. Banks are now advising parents to think carefully before naming their child’s first pet. For security reasons, the chosen name should have at least eight characters, a capital letter and a digit. It should not be the same as the name …

Mac OS X Flashback Trojan

Two months ago, a new variant of the Flashback Trojan started exploiting a security hole in Java to silently infect Mac OS X machines. Apple has since patched Java, but this was only on April 3rd. More than 600,000 Macs are currently infected with the Flashback Trojan, which steals your user names and passwords to …

Intercepting LinkedIn Passwords

At the Microsoft TechDays 2012 in Belgium, white hat Paula Januszkiewicz shows how the tool Fiddler can be used to intercept the password of a LinkedIn user. The reason is because the password is not being encrypted by LinkedIn, although https is being used. Not that wow imho, as it’s basically a man in the …

Facebook flaw allows access to private photos

Looks like the newly appointed Facebook Chief Privacy Officers have some explaining to do: Users are able to report “inappropriate profile photos” on a user’s profile. By checking the box “nudity or pornography”, the user is granted an opportunity to help Facebook “take action by selecting additional photos to include with your report”. Facebook will …

BozoCrack MD5 Password Hash Cracker

BozoCrack is a depressingly effective MD5 password hash cracker with almost zero CPU/GPU load. Instead of rainbow tables, dictionaries, or brute force, BozoCrack simply finds the plaintext password … via Google. Specifically, it Googles the MD5 hash and hopes the plaintext appears somewhere on the first page of results. It works way better than it …

iPad 2 + iOS5 + Smart Cover = Fail

In a pretty sizable and scary (and weird!) security bug, Apple’s Smart Cover can be used to unlock any iPad 2, even if there’s a passcode on it. Ouch! Should be noted though that you don’t get full access to the device, only the last app that was up (or the homescreen if no app …

Security Vulnerability of the day: Skype

Security researchers discovered several serious security and privacy flaws in Skype that even a ‘high school-age hacker’ could use to track not only users’ locations over time but also their P2P file-sharing activity. The security team warned that this information could easily be used for “stalking, blackmail or fraud.” And For example, they tracked one …

Security/Data Vulnerability of the day: HTC Android

Regarding HTC Android Devices (EVO 3D, 4G, Thunderbolt, Others): In recent updates to some of its devices, HTC introduces a suite of logging tools that collected information. Lots of information. Currently, any app that requests a single android.permission.INTERNET (which is normal for any app that connects to the web or shows ads) can get its …