Ad: Manage updates with the Download App
  • CNET
  • All password posts

password

No password is safe from this new 25-GPU computer cluster

Your really, really strong password just became a little bit easier to break.

Jeremi Gosney, founder and CEO of Stricture Consulting Group, a company that handles password-cracking, has unveiled a computer cluster boasting 25 AMD Radeon graphics cards. The cluster's horsepower allows it to make 350 billion password guesses per second against the NT Lan Manager (NTLM) security protocol Microsoft has used in Windows Server since 2003.

Ars Technica was first to report on the cluster.

Speaking to Ars in an e-mailed statement, Gosney said that his company's technology "can attack hashes approximately four times faster" … Read more

Skype fixes e-mail security flaw

Skype has resolved a nasty e-mail and password security bug and reinstated its password reset page.

Revealed by Skype earlier today, the vulnerability allowed someone to create a Skype account using the same e-mail address as that of the intended victim. That person was then able to reset the password for all accounts associated with that address, thereby locking out the account owner from Skype.

As a precaution, Skype earlier today took down its password reset page to prevent hackers from taking advantage of the flaw. But the company managed to resolve the security hole not long after announcing it, … Read more

Skype disables password resets due to e-mail security flaw

Update, 10:25 a.m. PT: Skype has since resolved the security issue and reinstated the password reset page.

Skype is investigating a security problem that allows someone to take over a user's account by resetting the account password.

The VoIP service provider best known for video calls confirmed in its blog today that it has taken down its password reset page as it probes the issue:

We have had reports of a new security vulnerability issue. As a precautionary step we have temporarily disabled password reset as we continue to investigate the issue further. We apologize for the … Read more

Twitter resets passwords of 'compromised' accounts

Is it a bird? Is it a plane? No, it's a password reset message from Twitter, and you should probably do what it says.

An unknown number of Twitter users have received a genuine e-mail from the company warning they should change their password as soon as possible. 

But a Twitter spokesperson told CNET that the e-mail was sent to a wider group of users than intended.

In the e-mail, the microblogging company noted: "Twitter believes that your account may have been compromised by a Web site or service not associated with Twitter. We've reset your … Read more

EFI firmware protection locks down newer Macs

With Apple's firmware password feature on Mac systems you can lock down the options to select an alternative startup disk, boot to Safe or Single User modes, reset the PRAM, and otherwise start the system in ways that can bypass the security features of OS X.

However, as a security measure the firmware password has been met with some criticism because it could easily be bypassed by someone who has physical access to the system. In earlier Intel-based Macs the firmware password was stored in the PRAM of the system, and was simply read by the system's EFI … Read more

The safe way to 'write down' your passwords

Following my post earlier this month on "Ten simple, common-sense security tips," reader John B. asked whether it was safe to store his passwords in a Word DOC file and then copy and paste them into sign-in screens to thwart keystroke loggers. John just has to remember to type in one password: the one he uses to encrypt and password-protect his Word password document.

Of course, John's passwords are vulnerable to clipboard loggers that capture the contents of the clipboard just as key loggers grab your keystrokes. That's why John has to add extra characters to … Read more

The 404 1,155: Where haters gonna hate (podcast)

Leaked from today's 404 episode:

- Peeved? Apple will exchange your third-gen iPad for the newer model.

- Counterfeit ketchup scheme busted!

- PlayStation 'Master' key leaked online.

- 'Jesus,' 'welcome' join list of worst passwords.

- Apple user claims iMacs ruined his eyesight.… Read more

'Jesus,' 'welcome' join list of worst passwords

Despite the vulnerability presented by weak passwords, many Internet users continue to put their security at risk by using common words or number sequences that are easily guessable.

Unchanged from last year, the three most popular passwords for 2012 were "password," "123456," and "12345678," according to SplashData's annual "25 Worst Passwords of the Year" list. The list was compiled from files containing millions of stolen passwords posted online by hackers.

But that isn't to say that our choices have stagnated; new entries to the list this year include "welcome,&… Read more

Get all of your email notifications in one place using POP Peeper

Managing multiple email accounts can be a chore, especially if the accounts are from different providers. POP Peeper offers a solution to set up and manage your many accounts from one place. Automatic Mail check is also enabled by default.

POP Peeper's uncluttered interface places the essential email options to create or respond to messages on a fully customizable Tool Bar. You will have to do some manual work to get your accounts setup but there is plenty of user guidance to help you get started and it handles nearly all of the most popular email services, including Yahoo, … Read more

RAR Password Unlocker recovers lost archive passwords

RAR Password Unlocker detects and cracks lost or forgotten passwords protecting RAR archives. It offers three methods of tackling lost passwords: Brute Force, Brute Force with User-Defined Mask, and Dictionary mode, which tries password combinations against a built-in dictionary that you can customize. It can also automatically save and resume interrupted recovery operations and search for archives in your system. It's free to try, but the trial version only recovers the first three letters of the password and limits dictionary searches to 10,000 possible combinations. If that's enough to jog your memory, you're in luck. But … Read more