In new research published Tuesday, security researchers Chase Dardaman and Jason Wheeler found three security flaws which, when chained together, could be abused to open a front door with a smart lock. TechCrunch reports: Dardaman and Wheeler began looking into the ZipaMicro, a popular smart home hub developed by Croatian firm Zipato, some months ago, but only released their findings once…
Tag: password
Firefox To Get a Random Password Generator, Like Chrome and Safari
Mozilla is adding a random password generator to Firefox. From a report: The Firefox random password generator is expected to become publicly available for all Firefox users with the release of Firefox 69, scheduled for release in early September, roughly a year after Chrome 69. Currently, the random password generator is only available in Firefox Nightly, a Firefox version for testing…
Meds Prescriptions For 78,000 Patients Left In a Database With No Password
An anonymous reader quotes a report from ZDNet: A MongoDB database was left open on the internet without a password, and by doing so, exposed the personal details and prescription information for more than 78,000 U.S. patients. The database contained information on 391,649 prescriptions for a drug named Vascepa; used for lowering triglycerides (fats) in adults that are on a low-fat…
Facebook Announces Libra Cryptocurrency
Facebook has finally revealed the details of its cryptocurrency Libra. From a blog post: Today we’re sharing plans for Calibra, a newly formed Facebook subsidiary whose goal is to provide financial services that will let people access and participate in the Libra network. The first product Calibra will introduce is a digital wallet for Libra, a new global currency powered by…
Google’s Login Chief: Apple’s Sign-In Button Is Better Than Using Passwords
After Apple announced a single sign-on tool last week, The Verge interviewed Google product management director Mark Risher. Though Google offers its own single sign-on tool, The Verge found him “surprisingly sunny about having a new button to compete with. While the login buttons are relatively simple, they’re much more resistant to common attacks like phishing, making them much stronger than…
Large ‘GoldBrute’ RDP Botnet Hunts For Exposed Servers With Weak Passwords
The Internet Storm Center reports:
RDP, the remote desktop protocol, made the news recently after Microsoft patched a critical remote code execution vulnerability (CVE-2019-0708). While the reporting around this “Bluekeep” vulnerability focused on patching vulnerable servers, exposing RDP to the Internet has never been a good idea. Botnets have been scanning for these servers and are using weak and reused passwords to…
Malware Spotted Injecting Bing Results Into Google Searches
A new strain of malware intercepts and tampers with internet traffic on infected Apple Macs to inject Bing results into users’ Google search results. The Register reports: A report out this month by security house AiroAV details how its bods apparently spotted a software nasty that configures compromised macOS computers to route the user’s network connections through a local proxy server…
Chrome 75 Released With Web Share API File Support, Numeric Separators and Secret Reader Mode
An anonymous reader writes: Google this week released Chrome 75 for Windows, Mac, Linux, Android, and iOS. The release includes hint for low latency canvas contexts, files supported in the Web Share API, numeric separators, and more developer features. […] Next, files are now supported by the Web Share API. For years, Google has been working to bring native sharing capabilities…
Firefox Starts Blocking Third-Party Cookies By Default
An anonymous reader writes: Mozilla today announced a slew of privacy improvements. The company has turned on Enhanced Tracking Protection, which blocks cookies from third-party trackers in Firefox, by default. Mozilla has also improved its Facebook Container extension, released a Firefox desktop extension for its rebranded Lockwise password keeper, and updated Firefox Monitor with a dashboard for multiple email addresses. Mozilla…
Should Companies Abandon Their Password Expiration Policies?
In his TechCrunch column, software engineer/journalist Jon Evans writes that last month “marked a victory for sanity and pragmatism over irrational paranoia.”
I’m talking about Microsoft finally — finally! but credit to them for doing this nonetheless! — removing the password expiration policies from their Windows 10 security baseline… Many enterprise-scale organizations (including TechCrunch’s owner Verizon) require their users to change their…