Free Republic

The UK's National Cyber Security Centre would like to politely remind you that three random words are a good, secure password. ... Because everything, increasingly, wants you to have a unique account and password for its service. NCSC recommends a three-word password because it bypasses some of the most common ways that criminals crack passwords. These are things like single words with predictable substitutions (5 for S, or ! for 1) and brute-force techniques that rely on shorter passwords to succeed. "The stereotypical password is a single dictionary word or name, with predictable character replacements," says the NCSC. In contrast,...

When some readers installed the new Microsoft Edge browser — which replaces the old “legacy Edge” — they got a big surprise. They discovered that Edge had somehow magically absorbed all the usernames and passwords they’d carefully saved in their previously installed browsers, such as Chrome, Firefox, Internet Explorer, and legacy Edge.What’s even more surprising is that Edge — which until recently couldn’t import or export passwords at all — may be doing this new behavior by design.The bad news is that you shouldn’t store passwords in Edge in the first place — or in any browser, really. This may...

The Senate requested the County Admin level entry. V&V, Jack Cobb “Admin and password have GOD powers. “Neither V&V or County has Admin entry passwords. County may have thought their Tremendous Person passwords to be Admin degree however they’re simply Tremendous passwords. We had them put within the passwords themselves. County Board may give these to the (Cyber Antrim County Michigan some had Admin Person and password entry, and with that you are able be godlike.

In their statement published today Dominion attacked the forensic auditing team performing the audit. Dominion defended the controversial EAC group that rubber-stamped the previous counting of ballots. And Dominion then said they will not release the passwords to the Maricopa County voting machines. They will NOT ALLOW any auditors to look at their machines. This is very telling. What are they afraid of?

TECH PING: This is the second time that the update to Windows 10 has wiped out my passwords in BRAVE during the update. What is going on?? Help? I cannot stop the updates and feel very trapped. I have been using brave successfully for at least 5 years. This password issue upends my life. any insight would be appreciated.

WASHINGTON — Over the past few years, the U.S. government has spent tens of billions of dollars on cyberoffensive abilities, building a giant war room at Fort Meade, Maryland, for U.S. Cyber Command, while installing defensive sensors all around the country — a system named Einstein to give it an air of genius — to deter the nation’s enemies from picking its networks clean, again.

Hackers have started launching attacks against F5 BIG-IP networking devices, ZDNet has learned.Attacks have been spotted today by Rich Warren, a security researcher for the NCC Group.In an interview earlier today, Warren told ZDNet the attacks are malicious in nature, and hackers are attempting to steal administrator passwords from the hacked devices.SUMMARY: BIG-IP AND CVE-2020-5902 These attacks are targeting BIG-IP, a multi-purpose networking device manufactured by F5 Networks. BIG-IP devices can be configured to work as traffic shaping systems, load balancers, firewalls, access gateways, rate limiters, or SSL middleware.These devices are some of the most popular networking products in use today, and...

Around 25,000 accounts from the National Institute of Health (NIH), the World Health Organisation (WHO), the Gates Foundation and other organisations working towards containing the coronavirus pandemic were hacked. The database also seems to carry several IDs from a virology lab in Wuhan, giving rise to fresh speculations and conspiracy theories. The Washington Post reported that unknown activists posted 25,000 email addresses and passwords online. This was found out by the SITE Intelligence Group, which looks after online extremism and terrorist organisations. According to the SITE report, 9,938 IDs from NIH, 5,120 IDs from World Bank and 2,732 IDs from...

Unknown activists have posted nearly 25,000 email addresses and passwords allegedly belonging to the National Institutes of Health, the World Health Organization, the Gates Foundation and other groups working to combat the coronavirus pandemic, according to the SITE Intelligence Group, which monitors online extremism and terrorist groups. While SITE was unable to verify whether the email addresses and passwords were authentic, the group said the information was released Sunday and Monday and almost immediately used to foment attempts at hacking and harassment by far-right extremists. An Australian cybersecurity expert, Robert Potter, said he was able to verify that the WHO...

Your smart lightbulb is probably storing your wifi password in the clear, ready to be recovered by wily dumpster-divers; Limited Results discovered the security worst-practice during a teardown of a Lifx bulb; and that's just for starters: the bulbs also store their RSA private key and root passwords in the clear and have no security measures to prevent malicious reflashings of their ROMs with exploits, network probes and other nasties.

“Collection #1" is the largest public data breach by volume, with 772,904,991 unique emails and 21,222,975 unique passwords exposed. ...12,000 separate files and 87GB of data had been uploaded to MEGA, a popular cloud service. The data was then posted to a popular hacking forum and appears to be an amalgamation of over 2,000 databases. The troubling thing is the databases contain “dehashed” passwords, which means the methods used to scramble those passwords into unreadable strings has been cracked, fully exposing the passwords. So what does this mean for the average person? According to Hunt, it means compromised email and...

Twitter is urging its users to change their passwords following a bug that was identified on the social media platform. While the bug has since been fixed, the company assures users there were no signs of breach or misuse of the passwords by anyone. In an effort to establish complete transparency, Twitter Chief Technical Officer Parag Agrawal took to Twitter’s blog to explain exactly what happened. When setting a password on your Twitter account, the platform uses technology that masks it so that no one else at the company can see it. Twitter’s passwords are masked through a process called...

Huma Abedin, top aide to then-Secy of State Hillary Clinton, routed sensitive information,including passwords to government systems, to her personal Yahoo email account before every single Yahoo account was hacked, a Daily Caller News Foundation analysis of emails released as part of a lawsuit brought by Judicial Watch shows. Abedin, the top aide to former Secretary of State Hillary Clinton, used her insecure personal email provider to conduct sensitive work. This guarantees that an account with high-level correspondence in Clinton’s State Department was affected by one or more of a series of breaches—at least one of which was perpetrated by...

Huma Abedin forwarded sensitive State Department emails, including passwords to government systems, to her personal Yahoo email account before every single Yahoo account was hacked, a Daily Caller News Foundation analysis of emails released as part of a lawsuit brought by Judicial Watch shows. Abedin, the top aide to former Secretary of State Hillary Clinton, used her insecure personal email provider to conduct sensitive work. This guarantees that an account with high-level correspondence in Clinton’s State Department was impacted by one or more of a series of breaches — at least one of which was perpetrated by a “state-sponsored actor.”...

Google Project Zero's Tavis Ormandy has turned up a howling blunder in a password manager bundled with Windows 10.On Friday, Ormandy dropped the bug, not in Windows but in the third-party Keeper password manager. He wrote: “I've heard of Keeper, I remember filing a bug a while ago about how they were injecting privileged UI into pages (issue 917). I checked and, they're doing the same thing again with this version. I think I'm being generous considering this a new issue that qualifies for a ninety day disclosure, as I literally just changed the selectors and the same attack works.“The...

In part I of “The Password Pandemic”, I advised (in the same vein as NIST SP 800-63b) the use of passphrases, instead of passwords. This is because hackers have built massive databases of stolen passwords and tables full of password “hashes” (known as rainbow tables.) Also, those of us in the InfoSec community know that when we force the use of complicated passwords on people, they will write them on Post IT notes under their keyboards. I have even seen this happen in very high security environments — this is bad.

Dear John: A question: In the grand scheme of things, what is the point of having a password? Equifax gets hacked, Yahoo gets hacked. I don’t put my mother’s maiden name or my Social Security number on any of my password-protected accounts because those who do provide such information seem to get hacked. Passwords provide a false sense of security. Oh, and make sure your password includes letters, numbers and a certain number of digits, blah, blah, blah, so it is difficult to remember and difficult to compromise. Yeah, sure! M.K.

Humanity has a massive password problem. We might call it The Password Pandemic. Computers keep getting faster and cheaper, making passwords easier to crack, while human operators do not change their bad password habits. This is a losing proposition, with the advantage clearly toward hackers and cyber criminals. Most users of the Internet now know that they need to use “strong” passwords, and that they should use a different password for each site. With a dozen or several dozen online accounts, this quickly becomes unmanageable. Exasperated, people just use the same (usually weak) password across several accounts. Hackers know this,...

NIST recently published its four-volume SP800-63-3 Digital Identity Guidelines. Among other things, it makes three important suggestions when it comes to passwords: Stop it with the annoying password complexity rules. They make passwords harder to remember. They increase errors because artificially complex passwords are harder to type in. And they don't help that much. It's better to allow people to use pass phrases. Stop it with password expiration. That was an old idea for an old way we used computers. Today, don't make people change their passwords unless there's indication of compromise. Let people use password managers. This is how...

Last week, the credit reporting agency Equifax announced that malicious hackers had leaked the personal information of 143 million people in their system. That’s reason for concern, of course, but if a hacker wants to access your online data by simply guessing your password, you’re probably toast in less than an hour. Now, there’s more bad news: Scientists have harnessed the power of artificial intelligence (AI) to create a program that, combined with existing tools, figured more than a quarter of the passwords from a set of more than 43 million LinkedIn profiles. Yet the researchers say the technology may...