Free Republic

Through hacks of hundreds of thousands of websites, a Russian crime ring has reportedly gained access to 1.2 billion user name and password combinations, along with hundreds of millions of e-mail addresses. The NY Times reports on records turned up by Milwaukee-based Hold Security, which claims to have turned up evidence of this massive cache of data, stolen from some 420,000 different websites. “Hackers did not just target U.S. companies, they targeted any website they could get, ranging from Fortune 500 companies to very small websites,” Alex Holden, the founder and chief information security officer of Hold Security, tells the...

A Russian crime ring has got its hands on more than a billion stolen Internet credentials, according to a New York Times report. Citing records discovered by Hold Security, the New York Times reported on Tuesday that the stolen credentials include 1.2 billion password and username combinations and more than 500 million email addresses. Research specialist Hold Security, which has a strong track record of uncovering data breaches, says that the stolen data was gathered from 420,000 websites. Organizations affected range from household names to small Internet sites, it said. Last October Milwaukee-based Hold Security identified the disclosure of 153...

Russian gang of computer hackers has gathered a staggering cache of some 1.2 billion stolen usernames and passwords, exposing vulnerability in some 400,000 websites targeted, according to a report Tuesday. The find by Hold Security, a Milwaukee-based firm, also included some 542 million email addresses culled by the crew of twentysomethings based in a small south central Russian city, the New York Times reported. “Hackers did not just target U.S. companies, they targeted any website they could get, ranging from Fortune 500 companies to very small websites,” Alex Holden, the founder and chief information security officer of Hold Security, told...

(Reuters) - The U.S. Supreme Court on Monday rejected Google Inc's bid to dismiss a lawsuit accusing it of violating federal wiretap law when it accidentally collected emails and other personal data while building its popular Street View program. The justices left intact a September 2013 ruling by the 9th U.S. Circuit Court of Appeals, which refused to exempt Google from liability under the federal Wiretap Act for having inadvertently intercepted emails, user names, passwords and other data from private Wi-Fi networks to create Street View, which provides panoramic views of city streets. The lawsuit arose soon after the Mountain...

I'm having more and more trouble keeping track of passwords on multiple sites. I would appreciate any advice someone might have on an app that would help me to do so securely and efficiently. I'm posting this because Freepers have an astonishingly wide range of knowledge and have helped me a lot in the past. Here's what I'd like: Android app that allows me to store all passwords and usernames securely, behind a single master password. Easy, preferably automatic, syncing to my PC and the cloud. Access to the stored info by phone, PC or by any computer or other...

eBay Inc. (Nasdaq: EBAY) said beginning later today it will be asking eBay users to change their passwords because of a cyberattack that compromised a database containing encrypted passwords and other non-financial data. After conducting extensive tests on its networks, the company said it has no evidence of the compromise resulting in unauthorized activity for eBay users, and no evidence of any unauthorized access to financial or credit card information, which is stored separately in encrypted formats. However, changing passwords is a best practice and will help enhance security for eBay users.

Beware of malformed FileZilla FTP client versions 3.7.3 and 3.5.3. We have noticed an increased presence of these malware versions of famous open source FTP clients. The first suspicious signs are bogus download URLs... Malware installer GUI is almost identical to the official version. The only slight difference is version of NullSoft installer where malware uses 2.46.3-Unicode and the official installer uses v2.45-Unicode. All other elements like texts, buttons, icons and images are the same. The installed malware FTP client looks like the official version and it is fully functional! You can’t find any suspicious behavior, entries in the system...

"123456” is finally getting some time in the spotlight as the world's worst password, after spending years in the shadow of “password.” Security firm Splashdata, which every year compiles a list of the most common stolen passwords, found that “123456” moved into the number one slot in 2013. Previously, “password” had dominated the rankings. The change in leadership is largely thanks to Adobe, whose major security breach in October affected upwards of 48 million users. A list of passwords from the Adobe breach had “123456” on top, followed by “123456789” and “password.” The magnitude of the breach had a major...

Daniel_Stuckey writes "Earlier this year, it was London. Most recently, it was a university in Germany. Wherever it is, [artist Aram] Bartholl is opening up his eight white, plainly printed binders full of the 4.7 million user passwords that were pilfered from the social network and made public by a hacker last year. He brings the books to his exhibits, called 'Forgot Your Password,' where you're free to see if he's got your data—and whether anyone else who wanders through is entirely capable of logging onto your account and making Connections with unsavory people. In fact, Bartholl insists: "These eight...

<p>Hackers have stolen usernames and passwords for nearly two million accounts at Facebook, Google, Twitter, Yahoo and others, according to a report released this week.</p> <p>The massive data breach was a result of keylogging software maliciously installed on an untold number of computers around the world, researchers at cybersecurity firm Trustwave said. The virus was capturing log-in credentials for key websites over the past month and sending those usernames and passwords to a server controlled by the hackers.</p>

The president’s much touted health care plan continues to be plagued by embarrassing technical glitches, despite three years of preparation, the latest being where they are now resetting individual passwords. **SNIP** It is now being reported that registrants are having to contact phone support after learning that all user passwords are being reset as part of a process to help resolve login issues with the site. Additionally, tech support is apparently telling some registrants they will have to completely reregister under a new username because their previously chosen names are stuck in a type of authentication limbo. If the website...

Google knows nearly every Wi-Fi password in the world By Michael Horowitz September 12, 2013 10:44 PM EDT If an Android device (phone or tablet) has ever logged on to a particular Wi-Fi network, then Google probably knows the Wi-Fi password. Considering how many Android devices there are, it is likely that Google can access most Wi-Fi passwords worldwide. Recently IDC reported that 187 million Android phones were shipped in the second quarter of this year. That multiplies out to 748 million phones in 2013, a figure that does not include Android tablets. Many (probably most) of these Android phones...

But the most significant news to come out of the event is a new security feature on the iPhone 5S called Touch ID, which is an app that allows users to use their fingerprint to access information in their phone. The new function is essentially a fingerprint identity sensor in the home button on the phone that enables users to unlock their device. However, it can also be used as a substitute for passwords when making purchases, including in Apple's iTunes Store. "Your fingerprint is one of the best passwords in the world. It's always with you," said Dan Riccio,...

“We’re over,” an acquaintance said recently of her boyfriend of four months. “He gave me his password on our third date and then changed it and refused to give me the new one. Passwords and secrets do not belong in loving relationships. Transparency does.” That old question, debated in certain circles, of how soon you go “all the way” has been replaced by a new one: when to share the password to your phone. Handing over those prized digits so your partner can see your texts, emails, photos and recent phone calls—in other words, your entire social existence at a...

In the age of the Internet, it’s getting harder and harder to keep secrets. When you type in your password, there’s no telling who might be watching it go by. However, new research at Cornell may offer a pathway to more secure communications. The answer is to not send sensitive information at all. Rafael Pass, associate professor of computer science, has developed a new protocol, or set of rules, to create what computer scientists call a “zero knowledge proof.” “I think zero knowledge proofs are one of the most amazing notions in computer science,” Pass said. “What we have done...

It’s been a rough couple of days for any freedom loving American. Two big stories broke in relation to the NSA scandal and neither bodes well for the future of privacy in this country. Yesterday’s big story came from CNET. That is significant in and of itself because CNET is not exactly what you would call a site for political news junkies. CNET is more for the computer savvy techies. They are reporting that the feds are applying intense pressure to gather passwords. CNET reports: The U.S. government has demanded that major Internet companies divulge users’ stored passwords, according to...

The U.S. government has attempted to obtain the master encryption keys that Internet companies use to shield millions of users' private Web communications from eavesdropping. These demands for master encryption keys, which have not been disclosed previously, represent a technological escalation in the clandestine methods that the FBI and the National Security Agency employ when conducting electronic surveillance against Internet users. If the government obtains a company's master encryption key, agents could decrypt the contents of communications intercepted through a wiretap or by invoking the potent surveillance authorities of the Foreign Intelligence Surveillance Act. Web encryption -- which often appears...

The U.S. government has demanded that major Internet companies divulge users' stored passwords, according to two industry sources familiar with these orders, which represent an escalation in surveillance techniques that has not previously been disclosed. If the government is able to determine a person's password, which is typically stored in encrypted form, the credential could be used to log in to an account to peruse confidential correspondence or even impersonate the user. Obtaining it also would aid in deciphering encrypted devices in situations where passwords are reused.

The U.S. government has demanded that major Internet companies divulge users' stored passwords, according to two industry sources familiar with these orders, which represent an escalation in surveillance techniques that has not previously been disclosed. If the government is able to determine a person's password, which is typically stored in encrypted form, the credential could be used to log in to an account to peruse confidential correspondence or even impersonate the user. Obtaining it also would aid in deciphering encrypted devices in situations where passwords are reused. "I've certainly seen them ask for passwords," said one Internet industry source who...

Motorola’s Regina Dugan suggested at the Wall Street Journal’s D11 conference that pills and tattoos could replace passwords as the radical solutions to the perennial authentication problem. … University of Illinois researcher Dr. John Rogers developed an electronic tattoo that was later produced by a company called MC 10. Motorola plans on working with them to advance a tattoo that could be used for authentication. … Dugan described her next method of authentication as “vitamin authentication” before pulling a pill out of her pocket and explaining that the pill had a small chip inside of it. The chip contains a...