password

An analysis of passwords stolen from eHarmony and leaked to the Web recently reveals several problems with the way the dating site handled password encryption and policies, according to a security expert.

The biggest problem clearly was that the passwords, although encrypted and obscured with a hashing algorithm, were not "salted," which would have increased the amount of work password crackers would need to do, writes Mike Kelly, a security analyst at Trustwave SpiderLabs, in a blog post today.

But there were two other less obvious problems. First, the lowercase characters in passwords were converted to uppercase before … Read more

One of my favorite convenience features for cars is smart keyless entry and start. This transponder-based system lets you unlock your doors by simply approaching the car, touching the door, and pushing the starter button -- no fumbling with the key fob required thanks to RFID technology.

Ford thinks that if this sort of walk up and unlock technology is good for your car, it should also be good for your laptop, which is why it's announced its Ford Keyfree Login software. After downloading and installing the Chrome extension onto a laptop or desktop computer that features Bluetooth connectivity, … Read more

An Illinois woman is leading the charge against LinkedIn in a $5 million class-action lawsuit that alleges the social network failed to protect its members' data.

The suit is a result of the recent security breach in which hackers stole thousands of passwords. The passwords ended up on a site accessible to the public.

Katie Szpyrka, a registered LinkedIn account holder since 2010, filed suit last week in the U.S. District Court in the Northern District of California, claiming LinkedIn violated its own privacy policies and user agreements by not following industry, ZDNet reported today.

LinkedIn spokeswoman Erin O'… Read more

In the wake of a rash of password leaks, Facebook wants to educate its members about how to make their accounts more secure and is asking for users' cell phone numbers as part of that effort.

The social network has begun adding a message at the top of every member's news feed that suggests they "Stay in control of your account by following these simple security tips." The message includes a link to Facebook's security page, where users are tutored on how to identify a scam and choose a unique password, and are asked to provide … Read more

Last.fm's security breach that left user passwords open on a Russian hacker site last week might have shown its ugly face months ago, according to a new report.

Back in May, several Last.fm users took to the company's forums, saying that they had been receiving massive amounts of spam on e-mail addresses they created solely for Last.fm. Soon after, Last.fm customer support manager Matt Knapman said that his company was "investigating this matter urgently, running a security audit, and looking at alternative ways the spamming of Last.fm users might have occurred."… Read more

LinkedIn has posted an update on what it's doing to protect its members following the appearance, earlier this week, of millions of member passwords online.

"First," the post says, "it's important to know that compromised passwords were not published with corresponding e-mail logins. At the time they were initially published, the vast majority of those passwords remained hashed, i.e., encoded, but unfortunately a subset of the passwords was decoded. Again, we are not aware of any member information being published at any time in connection with the list of stolen passwords. The only information … Read more

After confirming that member passwords were comprised, eHarmony said today it is continuing to investigate the incident, but it appears no other information was taken.

"While our investigation is ongoing, we have not found any indication that other information was accessed, nor have we received any reports of unauthorized log-ins to member accounts," eHarmony spokeswoman Becky Teraoka wrote in a blog post. "We have also been working with law enforcement authorities in our investigation and have been in touch with one of the other companies affected as well."

The blog post doesn't give specific numbers … Read more

Three companies have warned users in the last 24 hours that their customers' passwords appear to be floating around on the Internet, including on a Russian forum where hackers boasted about cracking them. I suspect more companies will follow suit.

Curious about what this all means to you? Read on.

What exactly happened? Earlier this week a file containing what looked like 6.5 million passwords and another with 1.5 million passwords was discovered on a Russian hacker forum on InsidePro.com, which offers password-cracking tools. Someone using the handle "dwdm" had posted the original list and … Read more

LinkedIn said today that it has contacted police about the compromise of its users' passwords that hackers were actively cracking earlier this week.

"Yesterday we learned that approximately 6.5 million hashed LinkedIn passwords were posted on a hacker site. Most of the passwords on the list appear to remain hashed and hard to decode, but unfortunately a small subset of the hashed passwords was decoded and published," Vicente Silveira, a director at the professional social-networking site, wrote in a blog post. "We are also actively working with law enforcement, which is investigating this matter."

The … Read more