Free Republic

The election’s over – but Hillary Clinton’s emails are still coming to light. And they help illustrate why the FBI declared she was “extremely careless” with the information flowing across her secret server. A new batch of messages released by the State Department on Tuesday shows the former secretary of state and her team routinely shared her upcoming schedules, talking points and sensitive items – such as her iPad password – via the homebrewed system. Other newly revealed emails, which were posted as the result of litigation, show Clinton’s top advisers griping about her during her time as secretary of...

A new federal court ruling could make sharing your passwords for subscription services -- covering everything from Netflix to HBO GO -- a federal crime punishable by prison time, according to a judge who opposed the decision. The ruling, issued by the Ninth Circuit Court of Appeals last week, pertained to a trade-secrets case and found that certain instances of sharing passwords are prosecutable under the Computer Fraud and Abuse Act (CFAA) - legislation predominantly concerned with hacking. The case involved David Nosal, a headhunter who left his former company Korn/Ferry and then used the password of an employee to...

Apple has quietly changed a policy that has resulted in iPhone and iPad owners having to more frequently enter passwords to unlock their devices.Users must now enter a passcode anytime the device’s Touch ID fingerprint sensor hasn’t been used in the past eight hours or when the device hasn’t been unlocked with a passcode in the last six days. In such cases, Touch ID is turned off until users enter passcodes.Apple-tracking site Macworld noted the little-noticed change and investigated the reason behind it. It found users who claimed that Apple’s passcode requests had become increasingly frequent.Apple has long required that...

Today is National Password Day, so here are some tips on how to do better passwords: 7 Password Experts on How to Lock Down Your Online Security (link only due to copyright)

The hack affected providers such as Google, Yahoo, Hotmail and MicrosoftCybersecurity professionals are warning anyone with a personal email account to change their passwords after stolen user names and passwords were being offered up for sale on the Internet, NBC News reported. Some 272.3 million accounts were stolen - and involve some of the biggest email providers, including Google, Yahoo, Hotmail and Microsoft, according to Alex Holden of Hold Security. "We know he's a young man in central Russia who collected this information from multiple sources," Holden told NBC News. "We don't know the way he did it or the...

Up to 46,000 Internet-accessible digital video recorders (DVRs) that are used to monitor and record video streams from surveillance cameras in homes and businesses can easily be taken over by hackers. According to security researchers from vulnerability intelligence firm Risk Based Security (RBS), all the devices share the same basic vulnerability: They accept a hard-coded, unchangeable password for the highest-privileged user in their software -- the root account. Using hard-coded passwords and hidden support accounts was a common practice a decade ago, when security did not play a large role in product design and development. That mentality has changed in...

A filesharing utility for Android devices and Windows computers shipped by hardware vendor Lenovo has been found by security researchers to contain multiple, easily exploitable vulnerabilities CoreSecurity discovered that the free Lenovo SHAREit tool for Windows creates a wi-fi hotspot with the password 12345678, allowing anyone to connect to the system running SHAREit. On Android devices, SHAREit sets up an open wi-fi hotspot without any password at all, in order to receive files. This could allow attackers to connect to the Android device without authentication and capture information transferred, CoreSecurity said. The researchers also noted that files were transferred using...

Internet security software firm SplashData has released its annual list of passwords of the worst and most common passwords that you absolutely must not use. If you use any of the ones we list below, you must change them immediately. They might be easier for you to remember, but they are also equally as easy for hackers to guess. Indeed, many of them are probably preset by malicious software algorithms looking to get into your accounts. So if you have any wish to keep your money in your bank, your Twitter or Facebook accounts your own, or don't want a...

Internet-connected industrial devices could be accessible to anyone, with no password, thanks to a coding error by a gateway manufacturer. Taiwanese firm Advantech patched the firmware in some of its serial-to-IP gateway devices in October to remove a hard-coded SSH (Secure Shell) key that would have allowed unauthorized access by remote attackers. But it overlooked an even bigger problem: Any password will unlock the gateways, which are used to connect legacy serial devices to TCP/IP and cellular networks in industrial environments around the world. Researchers from security firm Rapid7 discovered the vulnerability in the revised firmware, version 1.98, released for...

Popular credentials manager LastPass has taken steps to counter a "very simple" phishing attack that could see users' passwords, email addresses and two-factor authentication tokens stolen. Researcher Sean Cassidy posted proof of a successful phishing attack using a faked LastPass notification in a web browser earlier this month, following a presentation at hacker conference Schmoocon. By setting up a malicious website that displays notifications telling users their LastPass sessions have expired, Cassidy was able to create a page that lured people into entering their credentials for the password manager. The researcher called the attack LostPass. A successful capture of user...

Web hosting provider Linode has reset the account passwords of all its customers following what it suspects was an intrusion on its internal database. The mass credential reset comes just after the cloud firm suffered a sustained DDoS attack beginning on Christmas Day. Linode has issued a security advisory confirming that it still has no idea who is behind the hacks, or whether the same perpetrator is responsible for both incidents. "You may be wondering if the same person or group is behind these malicious acts. We are wondering the same thing.

Having trouble coming up with the perfect password for Facebook or Windows 10? You are not alone since many people will resort to easily memorable passwords like “password” or “12345678” so they will not be forgotten. Unfortunately, such easy passwords are also simple to hack, and thus, they are completely insecure. In a related report by the Inquisitr, Bill Gates has long predicted the death of the password, and so, the Windows 10 password system incorporated new technology in order to give conventional passwords a shove off the proverbial cliff.

Pranksters be warned Eight-grader Domanik Green was arrested on felony charges in Holiday, Fla. Wednesday after breaking into his teacher’s computer to change the background picture to two men kissing. Green, 14, who was released the day of his arrest, said that he broke into the computer of teacher he didn’t like after realizing that faculty members’ passwords were simply their last names, the Tampa Bay Times reports. Green, who previously faced a three-day suspension for a similar prank, said that many students got in trouble for breaking into teachers’ computers.

This week, a list of nearly five million Gmail addresses paired with passwords appeared online, posted in a Russian Bitcoin security forum. Some people who checked the list and found their Gmail addresses there reported that it contained an old password for them, and often a password that they had reused on multiple sites. There’s speculation that the addresses may hay been stolen from other sites where people used their Gmail address as a log-in

FUD over the current state of cyber insecurity reached a fever pitch this week as thousands gathered in Las Vegas for Defcon and Black Hat. While the hacking conferences served up their usual paranoia-inducing mix -- demos of Dropcam hacks and warnings that mobile apps are spying on us -- first prize for panic mongering this week goes to the New York Times story on Russian hackers who allegedly amassed 1.2 billion stolen Web credentials and half a billion email addresses. Hold Security, which uncovered the database of stolen info, called it "arguably the largest data breach known to date,"...

Through hacks of hundreds of thousands of websites, a Russian crime ring has reportedly gained access to 1.2 billion user name and password combinations, along with hundreds of millions of e-mail addresses. The NY Times reports on records turned up by Milwaukee-based Hold Security, which claims to have turned up evidence of this massive cache of data, stolen from some 420,000 different websites. “Hackers did not just target U.S. companies, they targeted any website they could get, ranging from Fortune 500 companies to very small websites,” Alex Holden, the founder and chief information security officer of Hold Security, tells the...

A Russian crime ring has got its hands on more than a billion stolen Internet credentials, according to a New York Times report. Citing records discovered by Hold Security, the New York Times reported on Tuesday that the stolen credentials include 1.2 billion password and username combinations and more than 500 million email addresses. Research specialist Hold Security, which has a strong track record of uncovering data breaches, says that the stolen data was gathered from 420,000 websites. Organizations affected range from household names to small Internet sites, it said. Last October Milwaukee-based Hold Security identified the disclosure of 153...

Russian gang of computer hackers has gathered a staggering cache of some 1.2 billion stolen usernames and passwords, exposing vulnerability in some 400,000 websites targeted, according to a report Tuesday. The find by Hold Security, a Milwaukee-based firm, also included some 542 million email addresses culled by the crew of twentysomethings based in a small south central Russian city, the New York Times reported. “Hackers did not just target U.S. companies, they targeted any website they could get, ranging from Fortune 500 companies to very small websites,” Alex Holden, the founder and chief information security officer of Hold Security, told...

(Reuters) - The U.S. Supreme Court on Monday rejected Google Inc's bid to dismiss a lawsuit accusing it of violating federal wiretap law when it accidentally collected emails and other personal data while building its popular Street View program. The justices left intact a September 2013 ruling by the 9th U.S. Circuit Court of Appeals, which refused to exempt Google from liability under the federal Wiretap Act for having inadvertently intercepted emails, user names, passwords and other data from private Wi-Fi networks to create Street View, which provides panoramic views of city streets. The lawsuit arose soon after the Mountain...

I'm having more and more trouble keeping track of passwords on multiple sites. I would appreciate any advice someone might have on an app that would help me to do so securely and efficiently. I'm posting this because Freepers have an astonishingly wide range of knowledge and have helped me a lot in the past. Here's what I'd like: Android app that allows me to store all passwords and usernames securely, behind a single master password. Easy, preferably automatic, syncing to my PC and the cloud. Access to the stored info by phone, PC or by any computer or other...