2013, Password Management and Passwords

Breaking a Password Manager

Schneier on Security

JUNE 4, 2024

Interesting story of breaking the security of the RoboForm password manager in order to recover a cryptocurrency wallet password. If you knew the date and time and other parameters, you could compute any password that would have been generated on a certain date and time in the past.

Password Management

Password Management Passwords Cryptocurrency Engineering

Ukraine Nabs Suspect in 773M Password ?Megabreach?

Krebs on Security

MAY 19, 2020

In January 2019, dozens of media outlets raised the alarm about a new “megabreach” involving the release of some 773 million stolen usernames and passwords that was breathlessly labeled “the largest collection of stolen data in history.” By far the most important passwords are those protecting our email inbox(es).

Passwords

Passwords Accountability Hacking Password Management

LastPass: ‘Horse Gone Barn Bolted’ is Strong Password

Krebs on Security

SEPTEMBER 22, 2023

The password manager service LastPass is now forcing some of its users to pick longer master passwords. But critics say the move is little more than a public relations stunt that will do nothing to help countless early adopters whose password vaults were exposed in a 2022 breach at LastPass.

Passwords

Passwords Encryption Password Management Cryptocurrency

The Wages of Password Re-Use: Your Money or Your Life

Krebs on Security

MAY 4, 2021

When normal computer users fall into the nasty habit of recycling passwords, the result is most often some type of financial loss. Our passwords can say a lot about us, and much of what they have to say is unflattering. Interestingly, one of the more common connections involves re-using or recycling passwords across multiple accounts.

Passwords

Passwords Cybercrime Accountability Password Management

GUEST ESSAY: ‘World password day’ reminds us to embrace password security best practices

The Last Watchdog

MAY 26, 2021

We celebrated World Password Day on May 6, 2021. Did you know that this unconventional celebration got its start in 2013, and that it’s now an official holiday on the annual calendar? Every year, the first Thursday in May serves as a reminder for us to take control of our personal password strategies. Password overhaul.

Passwords

Passwords Password Management Accountability Authentication

Operation Endgame

Troy Hunt

MAY 29, 2024

unique passwords provided by law enforcement agencies into Have I Been Pwned (HIBP) following botnet takedowns in a campaign they've coined Operation Endgame. The only data we've been provided with is email addresses and disassociated password hashes, that is they don't appear alongside a corresponding address.

Passwords

Passwords Password Management Data breaches Cybercrime

Password manager hijacked to deliver malware in supply chain attack

Malwarebytes

APRIL 27, 2021

In the latest example of a supply chain attack, cybercriminals delivered malware to customers of the business password manager Passwordstate by breaching its developer’s networks and then deploying a fraudulent update last week, said Passwordstate’s maker, Click Studios. That attack, which resulted in an $18.5

Password Management

Password Management Passwords Malware Retail

Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach

Krebs on Security

SEPTEMBER 5, 2023

In November 2022, the password manager service LastPass disclosed a breach in which hackers stole password vaults containing both encrypted and plaintext data for more than 25 million users. “If you have my seed phrase, you can copy and paste that into your wallet, and then you can see all my accounts. . But on Nov.

Cryptocurrency

Cryptocurrency Passwords Encryption Accountability

The 111 Million Record Pemiblanc Credential Stuffing List

Troy Hunt

JULY 9, 2018

One of the most alarming trends I've seen in the world of data breaches since starting Have I Been Pwned (HIBP) back in 2013 is the rapid rise of credential stuffing attacks. Go and get a password manager (I use 1Password ), generate random strings for passwords, job done. (Of

Passwords

Passwords Password Management Data breaches Accountability

Microsoft says to ditch passwords all together on World Password Day

CyberSecurity Insiders

MAY 6, 2022

World Password Day is celebrated in May every year and is being done since 2013 as a group of Cybersecurity Professionals declared the first Thursday of May every year as the day to celebrate as the security day of our online lives. And remember, passwords can be stolen, compromised and can be easily forgotten.

Passwords

Passwords Authentication Accountability Password Management

World Password Day: Brushing up on the basics

Malwarebytes

MAY 5, 2022

World Password Day is today, reminding us of the value of solid passwords, and good password practices generally. You can’t go wrong shoring up a leaky password line of defence though, so without further ado: let’s get right to it. The problem with passwords. Shoring up your passwords.

Passwords

Passwords Password Management Authentication Accountability

Experian, You Have Some Explaining to Do

Krebs on Security

JULY 10, 2022

In both cases the readers used password managers to select strong, unique passwords for their Experian accounts. Turner said he created the account at Experian in 2020 to place a security freeze on his credit file, and that he used a password manager to select and store a strong, unique password for his Experian account.

Accountability

Accountability Passwords Authentication Password Management

The Challenges Facing the Passwordless Future

eSecurity Planet

SEPTEMBER 25, 2022

In 2013, for example, the FIDO Alliance was created to solve the world’s password problem by replacing login technology. Apple has also promised that passwords will be a thing of the past, and passkeys will become available for iOS 16. Dashlane last month integrated passkeys into its cross-platform password manager.

Passwords

Passwords Password Management Authentication Technology

3 of the Worst Data Breaches in the World That Could Have Been Prevented

Security Affairs

DECEMBER 1, 2022

In 2013, Yahoo suffered one of the worst data breaches in history, exposing over 3 billion user accounts. While no plaintext passwords or financial data was stolen, the hack did expose answers to security questions. SolarWinds employees claim that the attack resulted from a weak password that an intern had used – “solarwinds123”.

Data breaches

Data breaches Passwords Social Engineering Encryption

If You're Not Paying for the Product, You Are. Possibly Just Consuming Goodwill for Free

Troy Hunt

JULY 18, 2022

There were 2 very simple reasons I built that and I've given this same answer in probably a hundred interviews since 2013: I wanted to build something on Azure in anger. Password Purgatory ? I was trying to drive Pfizer (where I worked at the time) down the cloud path and in particular, towards PaaS. What about Why No HTTPS ?

Data breaches

Data breaches Passwords Password Management Software

Massive Data Breach Includes Social Security Numbers, Potentially Affects Billions

SecureWorld News

AUGUST 15, 2024

The scale of this breach, if confirmed, would rival or exceed other notorious data breaches in history, such as the 2013 Yahoo breach that affected an estimated 3 billion accounts. Use complex, unique passwords for all accounts and consider using a password manager.

Data breaches

Data breaches Identity Theft Password Management Data collection

350 million decrypted email addresses left exposed on an unsecured server

Security Affairs

AUGUST 27, 2020

Example of leaked email addresses: Besides the CSV files, the bucket also contained voice recordings of several sales pitches to digital marketers about RepWatch, which appears to be a long-defunct domain reputation management tool and may or – considering when the files were uploaded – may not be related to the CSV files stored in the bucket.

Social Engineering

Social Engineering Passwords Marketing Phishing

How to spot the signs of a virtual kidnap scam

Malwarebytes

MAY 15, 2022

In 2013, we had pretend hitmen threatening murder unless victims paid $25,000 to survive their non-existent wrath. Have a “password” that family members can use to confirm a loved one is really in trouble. 2 factor authentication and password managers are good places to start. Having said that, if the worst happens?

Scams

Scams Social Engineering Password Management Engineering

“Have I been pwnd?”– What is it and what to do when you are pwned

Malwarebytes

MAY 19, 2021

What these names have in common is that they have all experienced at least one breach in 2013—the year when threat actors started targeting organizations across industries to either steal data for profit or leak them to “teach companies a lesson about cybersecurity.” For starters, change your password. Make it longer.

Passwords

Passwords Data breaches Government Accountability

RSA 2022 Musings: The Past and The Future of Security

Anton on Security

JUNE 10, 2022

A password manager claimed “zero trust for passwords” while a SIEM/UEBA vendor promised to reveal all zero trust secrets (I bet they use VPN internally…). A firewall management vendor claimed to “simplify zero trust.” RSA 2013 and Endpoint Agent Re-Emergence RSA 2006–2015 In Anton’s Blog Posts!

VPN

VPN Marketing Firewall Passwords

New Pluralsight Course: Bug Bounties for Companies

Troy Hunt

MAY 24, 2018

Casey is the founder of Bugcrowd and they help companies ranging from MasterCard to NETGEAR to Western Union run managed bug bounty programs. Casey and I have been mates for about 5 years now, in fact I went back and checked my email and it was Jan 2013 when we first caught up over beers in Sydney and he shared his vision for Bugcrowd.

Password Management

Password Management Internet Internet Passwords

The Worst Passwords of 2014

Spinone

JANUARY 21, 2015

Here is the annual list of the 25 most frequently passwords found on the Internet appearing to be the Worst Passwords, that will expose anybody to being hacked or having their identities stolen. SplashData has released its annual list of the most common passwords compiled from more than 3.3

Passwords

Passwords Password Management Backups Hacking

Ferocious Kitten: 6 years of covert surveillance in Iran

SecureList

JUNE 16, 2021

From 2015 to February 2018, the malware was compiled with Visual Studio 2013 and 2015, whereas in February 2018, the developers moved to Visual Studio 2017 and embedded the malware’s logic within Microsoft Foundation Class (MFC) classes. argument: path to file to upload. – List files and repositories.

Surveillance

Surveillance Malware Password Management Passwords

Is India's Aadhaar System Really "Hack-Proof"? Assessing a Publicly Observable Security Posture

Troy Hunt

JANUARY 10, 2018

I ended up moving this section after the miscellaneous one simply because of this: We've seen a 2016 copyright, a 2010 copyright and now a 2013 copyright published on a 2014 page! This is poor form as it can break tools that encourage good security practices such as password managers. Let them paste passwords!

Hacking

Hacking Government Encryption Risk

IndieFlix streaming service leaves thousands of confidential agreements, filmmaker SSNs, videos exposed on public server

Security Affairs

JULY 31, 2020

The motion picture acquisition agreements, tax ID requests, and contract addendum scans all date between 2013 and 2016. The vast majority of the files stored in the unsecured bucket are film thumbnail pictures and various promotional materials. What to do if you’ve been affected?

Identity Theft

Identity Theft Accountability Advertising Marketing

RSA 2022 Musings: The Past and The Future of Security

Security Boulevard

JUNE 10, 2022

A password manager claimed “zero trust for passwords” while a SIEM/UEBA vendor promised to reveal all zero trust secrets (I bet they use VPN internally…). A firewall management vendor claimed to “simplify zero trust.” RSA 2013 and Endpoint Agent Re-Emergence. Related posts: RSA 2020 Reflection.

VPN

VPN Marketing Firewall Passwords

Addressing Remote Desktop Attacks and Security

eSecurity Planet

MARCH 25, 2022

Remote desktop software’s sensitive influence over other devices means identity and access management (IAM), password security , and multi-factor authentication are critical for risk management. Reconnaissance. Check Point.

VPN

VPN Software Authentication Encryption

Smart home security advice. Ring, SimpliSafe, Swann, and Yale

Pen Test Partners

SEPTEMBER 9, 2024

Privacy and Passwords: Two-step verification is done by default, but multi-factor authentication (MFA) is recommended. Ring started in 2013, offering video doorbells that let you see and talk to visitors from your phone. However, creating passwords that are complex and unique to your Ring account is still crucial. Who is Ring?

Firmware

Firmware Encryption Passwords Authentication

MY TAKE: COVID-19’s silver lining could turn out to be more rapid, wide adoption of cyber hygiene

The Last Watchdog

MAY 11, 2020

Since the earliest iterations of email spam and predatory pop-up advertisements, consumers have been bombarded with common-sense advice to keep their anti-virus software updated, use strong passwords and be very cautious about clicking on email attachments and webpage links. organizations between January 2013 and July 2019.

Computers and Electronics

Computers and Electronics Data privacy Encryption Media

It’s a Holiday Security Breach Blowout

SiteLock

AUGUST 27, 2021

The next notification I received was for an earlier intrusion, the 2013 compromise of 2.4 The wargaming site I patronize had its forums compromised and the notification on the site described the, granted, low-level information compromised, though further compromise through password reuse was discussed.

Data breaches

Data breaches Passwords Identity Theft Firewall

The Hacker Mind Podcast: Hacking the Art of Invisibility

ForAllSecure

MARCH 1, 2022

Vamosi: One sunny morning in 2013. In 2013, we only knew that someone calling themselves Dread Pirate Roberts was running the site. Don't use familiar passwords seriously. If you want nothing to connect back to you choose an entirely new set of passwords. Actually, the real hero of this story wasn't within the FBI.

Hacking

Hacking Mobile Cryptocurrency VPN

Top Cybersecurity Accounts to Follow on Twitter

eSecurity Planet

DECEMBER 3, 2021

Normally account take overs are due to insecure passwords or recovery options, this is definitely something different. Tabriz has led Google Chrome’s security since 2013, which extends to managing Product, Engineering, and UX today. Enable 2FA and get a password manager. Eugene Kaspersky | @e_kaspersky.

Accountability

Accountability Cybersecurity Penetration Testing InfoSec

Yahoo! Yippee? What to Do?

Adam Shostack

DECEMBER 15, 2016

Yesterday, Yahoo disclosed that attackers broke into Yahoo in 2013 and stole details on a billion accounts. Yahoo says users should change their passwords and security questions and answers for any other accounts on which they used the same or similar information used for their Yahoo account. I use 1Password , and recommend it.

Password Management

Password Management Passwords Encryption Accountability

Cyber Security Informer

Breaking a Password Manager

Ukraine Nabs Suspect in 773M Password ?Megabreach?

Trending Sources

LastPass: ‘Horse Gone Barn Bolted’ is Strong Password

The Wages of Password Re-Use: Your Money or Your Life

GUEST ESSAY: ‘World password day’ reminds us to embrace password security best practices

Operation Endgame

Password manager hijacked to deliver malware in supply chain attack

Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach

The 111 Million Record Pemiblanc Credential Stuffing List

Microsoft says to ditch passwords all together on World Password Day

World Password Day: Brushing up on the basics

Experian, You Have Some Explaining to Do

The Challenges Facing the Passwordless Future

3 of the Worst Data Breaches in the World That Could Have Been Prevented

If You're Not Paying for the Product, You Are. Possibly Just Consuming Goodwill for Free

Massive Data Breach Includes Social Security Numbers, Potentially Affects Billions

350 million decrypted email addresses left exposed on an unsecured server

How to spot the signs of a virtual kidnap scam

“Have I been pwnd?”– What is it and what to do when you are pwned

RSA 2022 Musings: The Past and The Future of Security

New Pluralsight Course: Bug Bounties for Companies

The Worst Passwords of 2014

Ferocious Kitten: 6 years of covert surveillance in Iran

Is India's Aadhaar System Really "Hack-Proof"? Assessing a Publicly Observable Security Posture

IndieFlix streaming service leaves thousands of confidential agreements, filmmaker SSNs, videos exposed on public server

RSA 2022 Musings: The Past and The Future of Security

Addressing Remote Desktop Attacks and Security

Smart home security advice. Ring, SimpliSafe, Swann, and Yale

MY TAKE: COVID-19’s silver lining could turn out to be more rapid, wide adoption of cyber hygiene

It’s a Holiday Security Breach Blowout

The Hacker Mind Podcast: Hacking the Art of Invisibility

Top Cybersecurity Accounts to Follow on Twitter

Yahoo! Yippee? What to Do?

Stay Connected

Breaking a Password Manager

Ukraine Nabs Suspect in 773M Password ?Megabreach?

Trending Sources

LastPass: ‘Horse Gone Barn Bolted’ is Strong Password

The Wages of Password Re-Use: Your Money or Your Life

GUEST ESSAY: ‘World password day’ reminds us to embrace password security best practices

Operation Endgame

Password manager hijacked to deliver malware in supply chain attack

Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach

The 111 Million Record Pemiblanc Credential Stuffing List

Microsoft says to ditch passwords all together on World Password Day

World Password Day: Brushing up on the basics

Experian, You Have Some Explaining to Do

The Challenges Facing the Passwordless Future

3 of the Worst Data Breaches in the World That Could Have Been Prevented

If You're Not Paying for the Product, You Are. Possibly Just Consuming Goodwill for Free

Massive Data Breach Includes Social Security Numbers, Potentially Affects Billions

350 million decrypted email addresses left exposed on an unsecured server

How to spot the signs of a virtual kidnap scam

“Have I been pwnd?”– What is it and what to do when you *are* pwned

RSA 2022 Musings: The Past and The Future of Security

New Pluralsight Course: Bug Bounties for Companies

The Worst Passwords of 2014

Ferocious Kitten: 6 years of covert surveillance in Iran

Is India's Aadhaar System Really "Hack-Proof"? Assessing a Publicly Observable Security Posture

IndieFlix streaming service leaves thousands of confidential agreements, filmmaker SSNs, videos exposed on public server

RSA 2022 Musings: The Past and The Future of Security

Addressing Remote Desktop Attacks and Security

Smart home security advice. Ring, SimpliSafe, Swann, and Yale

MY TAKE: COVID-19’s silver lining could turn out to be more rapid, wide adoption of cyber hygiene

It’s a Holiday Security Breach Blowout

The Hacker Mind Podcast: Hacking the Art of Invisibility

Top Cybersecurity Accounts to Follow on Twitter

Yahoo! Yippee? What to Do?

Stay Connected

“Have I been pwnd?”– What is it and what to do when you are pwned