Twitter being in the news lately is generally due to some new nonsense by Elon Musk. This time though it’s for bungling their data security. It came out now that 200 million email addresses and other records for Twitter users have been exposed in the endless line of data breaches. Lawrence Abrams at Bleeping Computer has more of the story. Since July 22nd, 2022, threat actors and data breach collectors have been selling and circulating large data sets of scraped Twitter user profiles containing both private (phone numbers and email addresses) and public data on various online hacker forums and…
Tag: security
Anker, whose sub-brand Eufy, has built a ton of goodwill in the decade-plus it’s been in business. They’ve created many sub-brands with Eufy being one for the home and consisting of cameras. They’ve promised zero-subscription, zero-cloud, encrypted video since Day 1. Imagine my surprise when news broke that data is going to the cloud. Oh, and video streams aren’t encrypted at all. Sean Hollister at The Verge has more. This week, we repeatedly watched live footage from two of our own Eufy cameras using that very same VLC media player, from across the United States — proving that Anker has…
Categories
That’s Miss Jackson, if You’re Crashy
Leave it to a mega star like Janet Jackson to create a cyber security situation back in the mid-2000s. The pop singer of yesteryear released a song called Rhythm Nation which happened to emit some frequencies that would legit crash a nearby computer. Rob Thubron at Techspot has more of this odd tale. Jackson’s track would crash certain models of laptops when it was played within proximity of the device. It was discovered that the effect could be replicated on other laptops from multiple manufacturers, all of which shared a common feature; the same 5,400 RPM hard disk drive was…
Categories
Death to the Password
Passwords are one of the worst inventions in the modern computing age. They’re impossible to remember, places make us change them on a constant basis, and and the requirements get harder and harder. The idea of getting rid of the password has been tossed about for years, but there’s a new effort from the major players to make it happen. Ron Amadeo at Ars Technica has more. The standard is being called either a “multi-device FIDO credential” or just a “passkey.” Instead of a long string of characters, this new scheme would have the app or website you’re logging in…
Categories
Playing Password
One of the biggest pains when signing up for a service or an overzealous policy is choosing a password. Back in the day, you came up with something you could remember. That was it. Then it became more complicated. Systems began requiring a mix of upper, lower characters, special characters, and numbers. Soon our passwords looked something like P@ssword123. Then with being forced, usually at work, to change them periodically, we soon just settled into P@ssword1234, P@ssword1235, and so on and so on. Enter Hive Systems and their “Password Table” that explains how secure a password can be. They recently…
Categories
Self-Hacked
Academic researchers have discovered that if you get within close enough proximity, you can “hack” an Amazon Alexa device to execute commands the owner may not want. I put the word hack in quotes because this is less of a security failure and more of a “that’s how this thing works” way that the Echo (or any voice assistant) operates. Dan Goodin at Ars Technica has more. The attack works by using the device’s speaker to issue voice commands. As long as the speech contains the device wake word (usually “Alexa” or “Echo”) followed by a permissible command, the Echo…
Categories
Standing Still
Toyota has been a long-popular car manufacturer. However, lately, they’re in the news for the wrong reasons. The car company announced that they have once again had to halt production of their cars due to a supplier getting hacked. Jonathan Gitlin at ArsTechnica has more. Toyota is becoming quite the frequent target for hackers. It was compromised at least three times in 2019, including a malware attack in Australia, a breach of 3.1 million customers’ data in Japan (and possibly Thailand and Vietnam), and a scam that cost a subsidiary $37 million. ArsTechnica Last year they were hacked through a…