Healthy Passwords



2011-12-01 - Lastpass Adds Windows Phone 7 App Features
Lastpass Windows Phone 7 update includes features for pin-code prompt on reactivation, grouping of sites in the vault, and fast-app switching.

2011-11-30 - UN Hack Exposes More Weak Passwords
Passwords and login details belonging to the United Nations have been published on the internet by a hacking group who believe that the UN is guilty of corruption. The TeaMp0isoN hacking gang has leaked over one hundred usernames, email addresses and passwords that appear to belong to individuals at the United Nations Development Programme (UNDP), Organisation for Economic Co-operation and Development (OECD), UNICEF, World Health Organisation (WHO) and other groups.

2011-11-18 - 25 Worst Passwords of 2011
No matter how many times we hear about obvious, hackable passwords, people keep using them. And the situation doesn't seem to be getting better.

2011-11-14 - Finland Citizens Urged to Change Online Passwords
Police and data security experts in Finland are urging Finns to change the passwords of online services that they consider important – regardless of whether or not one’s user code or password is on a list of information that was leaked during the weekend.

2011-11-11 - Steam Breach - Lots of Personal Data, little worry of password compromise
Steam, the online empire of computer game behemoth Valve Corporation, has issued details of the hack it suffered last weekend.

2011-11-04 - New Website May Find Your Insecure Password Before Most Hackers Do
PwnedList is a tool that allows an average person to check if their online accounts have been compromised. The site started out as small research project with a rather simple premise. To discover how many compromised accounts can be harvested programatically in just a couple of hours.

2011-11-01 - Lying about your Name or Age on the Internet May Get Difficult
tru.ly maximizes personal privacy by providing users with a single, verified identity on the internet. Tru.ly attempts to make the Internet a safer, more secure and honest place. As our online lives merge with our offline world, our platform represents the foundation for responsible digital sharing of personal information. tru.ly allows users to: Link various social accounts including Facebook, Twitter, and Linkedin, while protecting personal information as they wish. Generate a QR code that is unique to the user's identity, making it easy to share, without divulging details. Utilize a browser plugin to see what profiles are verified on social networks. Request someone be tru.ly verified in order to authenticate their online identity

2011-10-26 - Bloggtoppen.se 90000 Passwords Revealed
The usernames and passwords of around 80,000 accounts at Bloggtoppen.se have been made public after a hacker attack against the website. Several journalists and politicians are among the people whose log-in details have been published, reports Aftonbladet.

2011-10-20 - Order and Chaos Online Hacked
Online gaming site Order and Chaos has been hacked. Users of all versions including facebook and mobile are reporting compromised accounts.

2011-10-20 - iPhone 4s Siri Bypasses Password Security
Apple's new "Siri" feature, the voice-activated personal assistant built into the iPhone 4S, grants anonymous access to send email, text and change calendar items.

2011-10-18 - A New Way to Steal Smart Phone Passwords
The accelerometers on many phones are sensitive enough to allow surveillance via vibrations, say researchers.

2011-10-13 - Fake Android Netflix App Steals Credentials
A pirated copy of Netflix's official Android app has been floating around online forums. The phony app looks almost identical to the real one, except the impostor won't take you to your personalized queue of movies and streaming content; instead, it contains a Trojan that will try to trick you into handing over your account information, including your email address and password.

2011-10-12 - BlueHomes.com breached over 150,000 plain text passwords exposed
BlueHomes.com, a website that deals properties from countries such as Germany, Spain, Austria or France was hit by an anonymous hacker who claims to have leaked 500,000 user's sensitive information.

2011-10-12 - Patch Tuesday Again
Every second Tuesday is Microsoft Patch Tuesday. Be sure to check for updates.

2011-10-12 - WineHQ breach exposes contributor usernames and passwords
The WineHQ site, which organises work around the popular Windows compatibility layer for Linux, BSD, Solaris, and Mac OS X, has been attacked and the usernames and passwords of contributors downloaded by persons unknown. Confirmed in a message to the project's mailing list last night, the attacker saw unknown assailants enter the server via the PHPMyAdmin utility before downloading the entire user credentials database for both the Bugzilla fault-tracking system and the WineHQ AppDB.

2011-10-12 - Sony breach impacts 93000 users
Sony said Wednesday intruders staged a massive attempt to access user accounts on its PlayStation Network and other online entertainment services in the second major attack on its flagship gaming site this year. The Tokyo-based company temporarily locked about 93,000 accounts whose IDs and passwords were successfully ascertained by the blitz. Sony sent email notifications and password reset procedures to affected customers on the PlayStation Network, Sony Entertainment Network and Sony Online Entertainment services.

2011-10-07 - Only 38% of account holders know how their account was compromised
After the Rustock botnet was taken down in March 2011, spammer have moved to using compromised webmail accounts.

2011-10-07 - Unijobs.com.au hack exposes over 600 passwords
Popular Australian university job website, UniJobs.com.au was hacked. The usernames (email addresses) and hashed passwords are posted on pastebin.

2011-10-06 - Associated Press-MTV poll finds 3 in 10 teens and young adults impersonated online
More young people these days say they've had their Internet accounts hacked or spied on. Many also say they know who did it and don't seem too bothered. An Associated Press-MTV poll finds 3 in 10 teens and young adults have had people log on to their Facebook, Twitter, MySpace or other Internet accounts and either impersonate or spy on them. That's nearly double the level seen in 2009.

2011-10-05 - Why Would Anyone Want My Password?
This article explains why password security is important for everyone.

2011-10-03 - Passmywill.com figures out when you die
Another website promises to figure out when you die and distribute your credentials to loved-ones. Ths site raises several warning flags.

2011-09-30 - ElcomSoft Password Recovery Tool Recovers Blackberry Passwords
ElcomSoft Co. Ltd. updates Phone Password Breaker, adding the ability to recover BlackBerry device passwords if the user-selectable Security Password option is enabled to encrypt media card data.

2011-09-28 - UKChatterbox Users Urged to Change Passwords
Popular IRC service UKChatterbox is advising users to change their passwords following a series of hacks which culminated in an attack that may have compromised user details. The password reset follows on from a succession of outages – previously attributed to maintenance upgrades – dating back to the start of the summer. In a notice to users this week, UKChatterbox advises users to change their passwords and not to re-use them on other sites.

2011-09-27 - Council on Government Ethics Laws COGEL.ORG Breached
Hacker With Name snc0pe claim to hack official website of The Council on Governmental Ethics Laws (COGEL). He post a message on pastebin , along with the database download link (1.88MB).

2011-09-24 - Middle School Sleep-over Facebook Hijacking
A 10 year old girls facebook is hijacked by "friends" at a sleep-over. Her password is changed, she's signed up to dating sites, and several salacious messages are posted by the impersonators. Learn how to prevent this.

2011-09-23 - Lastpass Offering Students Free Six Month Premium Service
With back-to-school season in full swing, we're giving away 6 months of LastPass Premium to all university students! For a limited time, students with a valid university email address can go to lastpass.com/edu to go through the quick steps to upgrade your LastPass account. The Premium upgrade will allow students to take full advantage of LastPass' secure cross-browser, cross-platform syncing capabilities to access login data from anywhere, at any time. LastPass makes student life a bit easier by helping you get organized with your digital life and get on with your semester - no more forgotten passwords and no more re-using the same password everywhere. And if your computer happens to crash (fingers crossed it doesn't, especially right before finals, but if it does...) you'll be able to reinstall LastPass with no data lost and one less thing to sweat about.

2011-09-22 - Fire Someone Lately? Change Your Password!
This article details the consequences of not changing Twitter passwords after firing someone.

2011-09-21 - Microsoft Patents Sketch Based Passwords
Microsoft was awarded patent 8,024,775 yesterday (September 20, 2011) for sketch based passwords. This patent covers graphical password authentication method is based on sketches drawn by user.

2011-09-20 - OS-X Lion Gets A Second Black Eye
OS X user passwords are encrypted and then are stored in secure files on the drive. Recent discoveries have shown that the contents of these files can then be accessed and modified by any user in OS X Lion.

2011-09-14 - Patch Tuesday Again
Every second Tuesday is Microsoft Patch Tuesday. Be sure to check for updates.

2011-09-14 - Mixed Case Facebook Passwords work With or Without Caps Lock
Hidden options revealed in Facebook password authentication potentially making passwords twice as easy to crack.

2011-09-13 - Microsoft Improves Picture Passwords in Windows 8
Microsoft improves Picture passwords in it's newest release of UMPC for Windows 8.

2011-09-09 - Google Urges Iranians to Change Passwords
Google has issued a blanket instruction advising Iranian users to check if their Gmail accounts might have been hacked before changing their passwords. The move follows the compromise of Dutch SSL certificate authority DigiNotar. Hackers created fake SSL certificate credentials for Google.com and many other domains. These fake Google credentials were used to run man-in-the-middle attacks against Gmail users in Iran, according to an examination of authentication look-ups logs at DigiNotar and other evidence.

2011-09-09 - Myjob.ie customers urged to change passwords
Gardaí have confirmed that two people were arrested earlier this week and a file has been sent to the DPP. Myjob.ie emailed customers today to inform them of the incident. They say their website was not the primary source of the breach, but have asked users to immediately change their passwords as a precautionary measure.

2011-09-06 - California Updates Data Breach Law
California has updated its data breach notification law to further define what organizations have to do in case customer data is stolen. The bill, SB-24, updates California's current data breach notification law by requiring organizations to include in the breach notification letters the specifics of the security incident and advice on steps customers should take. The bill also includes provisions mandating that if the security breach affected 500 or more people, the organization must submit a copy of the letter to the state attorney general's office. The bill was signed into law Aug. 31 by Gov. Jerry Brown and will take effect on Jan. 1, 2012.

2011-09-06 - Mobile APP Network Forum Hack Exposes 15000 User Accounts
Mobile APP Network Forum is Hacked by "Why So Serious?" hacker. He also hacked VBTeam.info and EA Game - Battlefield Heroes some days before. He leaked over 15.000 accounts of the community (Forum) on Pastebin in two parts.

2011-08-30 - SWGalaxies.net Breach Exposes 21 Thousand Plain Text Passwords
Star Wars Galaxies fansite SWGalaxies.net is the latest game-related hack to see player identities compromised. Venturebeat reports the site was hacked on Tuesday by ObSec. The hacker group posted 21,000 email addressed and 23,000 passwords obtained in the attack on its site.

2011-08-30 - How to Avoid the Mordo Worm
Dubbed Morto, the worm doesn’t use a vulnerability, but instead propagates by compromising Remote Desktop connections on a network through brute forcing attacks. So far, the overall number of detections is relatively low - researchers at F-Secure put the number in the thousands – but reports of increased traffic on port 3389 prompted Microsoft to issue an advisory about the worm Aug. 28.

2011-08-26 - OS-X Lion Exposes All Enterprise LDAP Resources
A bug in the module for authenticating (Open)LDAP under Mac OS X 10.7.x Lion can result in any password being accepted during log-in – all that's required is a valid user name.

2011-08-25 - Patching more than Windows, Flash, Adobe
Vulnerabilities are abound. When the masses get good at patching the big one vulnerbilities criminals will move to other low hanging fruit. This article reminds people to patch everything.

2011-08-19 - Twitter Petition is a Phishing Scam
Another scam to steal Twitter users credentials is making the rounds today. The tweets being sent out read Twitter might start to charge in October, sign this petition to keep the service free!

2011-08-11 - University of Wisconsin Exposes 75000 SSNs
On May 25, 2011, the University of Wisconsin shut down an imaging system after finding suspicious programs on a server. The University reports to have launched an investigation with the help of a national security expert. On June 30, 2011 investigators found that a database was included on the system. The database stored names and social security numbers on 75,000 staff members and students of UW-Milwaukee.

2011-08-10 - Legitimate Company Representatives will Never Ask for Your Password
Spammers are increasingly hijacking email accounts because it's getting harder to create fake accounts to spam from. THis article shows a sample password phishing attempt.

2011-08-10 - Citigroup Japan Breach Exposes 92,408 Customer Records
Citi Cards Japan, Inc. (hereafter CCJ) has come to know that certain personal information of 92,408 customers has allegedly been obtained and sold to a third party illegally. The information that has been compromised includes account numbers, names, addresses, phone numbers, date of birth, gender and the date the account was opened, and only affects CCJ cardholders. It has been confirmed that security information, including Personal Identification Numbers (PINs) and Card Security Code (CVVs) has not been compromised.

2011-08-09 - Facebook Implementing new Mobile Password Reset Option
Facebook rolling out new mobile password reset app.

2011-08-09 - Firefox Spam Scam Steals Passwords
Spam email installs a password stealing trojan instead of the promised Firefox update.

2011-08-09 - Today is Patch Tuesday for Windows Users
Microsoft today released 13 software updates to fix at least 22 security flaws in its Windows operating systems and other software. Two of the flaws addressed in the August patch batch earned Microsoft’s most dire “critical” rating, meaning that attackers can exploit them to break into systems without any help from users.

2011-08-08 - Researchers Find Lastpass Vulnerbility on Chrome OS
A White Hat team found a LastPass vulnerability on the new Google Chrome Operating System. This exploit allowed the researches to steal the local Crypto key and database for the users Lastpass netting all their userids and passwords.

2011-08-04 - Google Chrome now has Print Preview
With version 13.0.782.107 Google enabled print preview for Chrome.

2011-07-29 - Change.GOV website hacked
Anonymous Hackers today leak the list of 60804 Donors to Change.Gov via Twitter tweets. The list is uploaded on Mediafire Link. The data contains the Name, Employee,City, State, Zip and Donated Amount in a CSV file.

2011-07-28 - Google Expands Two-Step Authentication to 40 Countries
Google announced expansion of the two-step authentication program to more than 40 countries.

2011-07-28 - Mac OSX Passwords Less Secure Than You Think
A password recovery company has announced it can recover OS-X Lion or Snow Leopard passwords easily through a firewire port.

2011-07-19 - When Did You Last Change your iTunes Password?
If you don't remember changing your iTunes password, it may be a good time to change it.

2011-07-18 - Toshiba America Consumer Products Hacked
Toshiba America's TACP division was hacked resulting in stolen registration information of over 7500 customers. This incuded over 681 usernames and plain text passwords.

2011-07-18 - Stevens Institute of Tech Hacked - Plain text user names and passwords compromised
Stevens Institute of Technology was hacked resulting in 31 full usernames, emails and passwords being publicly exposed on pastebin.

2011-07-15 - IOS Password Snooping App
Here's an interesting article on PCWorld.com abount IOS password entries. The on-screen keyboard lights up when keys are pressed making it impossible to hide a password as you type it. An app has been made to use your ipod's camera to record another users keyboard entry to steal their password.

2011-07-15 - Mozilla Announces BrowserID - Single Password Authentication
This article describes a new Mozilla authentication protocol called BrowserID.

2011-07-14 - Hotmail Improves Password Security
Microsoft beefs up password security and gives friends a panic button to press when they see a compromised account.

2011-07-13 - Booz Allen Hamilton - Learning Systems and Human Nature
The Booz Allen Hamilton claim that a recent password breach lost 90,000 passwords discounts the fact that most of these were probably real email addresses and passwords.

2011-07-12 - 90000 Military Passwords Stolen from Booz Allen Hamilton
This article explains the Booz Allen Hamilton breah in July 2011 and gives tips to protect your information.

2011-07-07 - Solutions for Big Business Twitter Breaches
Businesses using twitter have unique needs that can only be met through third party tools or strict controls. This article proposes several solutions.

2011-07-06 - Facebook and Skype Offer Video Calling
Facebook announced their new video chat today. This article summarizes the service.

2011-07-06 - Facebook Becomes a Message Hub
This article describes the big facebook announcement on a new messaging system built within Facebook.

2011-07-05 - Hackers Create their Own URL Shortening Service
This article describes how hackers now use their own shortening services to mask their intented URL.

2011-06-29 - Tumblr Phishing Scam Compromises Passwords
This article explains a new phishing scam targeting Tumblr users.

2011-06-28 - LastPass and ID Watchdog Announce Joint Venture to Deliver Credit Information
This article describes a press release by ID Watchdog announcing a Lastpass joint venture to deliver credit monitoring and reports via Lastpass plugins.

2011-06-28 - Email May Be Your Most Important Password
When hackers get your email login, they can sit back and watch your email.

2011-06-25 - Are You Trading Convenience for Security
This article discusses the trade offs made for convenience by using facebook or twitter to login to third party sites.

2011-06-24 - Wireless Router Freeloaders Can Get You in Trouble
This story explains how innocent persons were arrested because someone else used their wireless access point

2011-06-23 - Microsoft Phone Scam Gets More Believable
Virus phone scammers may be making their ploy much more believable by getting their malware installed, mining your data for a phone number, then calling you right after displaying a fake anti-virus message.

2011-06-21 - Wordpress Proactively Finds Tampering, Resets all User Passwords
Wordpress.org finds suspicious comments about cleverly disguised backdoors in three word press add-ons: AddThis, WPtouch, and W3 Total Cache. As a proactive measure they reset all user passwords.

2011-06-20 - Dropbox Security Flaw Allowed Open Access to All Accounts
A dropbox update opened a security hole allowing anyone access any dropbox account for a four hour period yesterday using any password.

2011-06-18 - Sega Pass Website Breached
It's time for companies to wise up. They should store usernames in a different place than passwords and join the two using meaningless keys. This makes it much harder to compromise a system, since the attackers must compromise two different systems to join the data.

2011-06-17 - It is Time for Website Login Credential Compliance Programs
Yesterday's posting of 66,000 stolen email and passwords by a prominent hacker group illustrates a huge problem with website operators. This article proposes consumers start asking website's five questions before handing over their credentials.

2011-06-16 - And the winner once again is 123456
LulzSec Disclosed 66000 user emails and passwords. We just crunched the numbers and here are the results

2011-06-16 - Phone Virus Scams
This article details many phone virus scams occurring around the world.

2011-06-16 - It is Monthly Patch Time Windows Users
The Information Technology world knows that the second Tuesday of every month is Microsoft patch Tuesday. This article tells non-technical users what to look for.

2011-06-11 - Phone Apps expose user passwords
According to Security firm viaForensics many popular iPhone and Android apps have major security flaws in the way they store user data.

2011-06-10 - Computer repairman accused of taking nude pictures of women remotely
This article explains how a computer repair person installed monitoring software to operate webcams remotely then tricked his customers into putting the laptops into the bathroom.

2011-06-07 - RSA to Replace SecureID Tokens
An RSA open letter confirms the recent breach at Lockheed Martin was a direct result of their March 2011 breach.

2011-06-06 - Adobe Flash Security Advisory
An important vulnerability has been identified in Adobe Flash Player and earlier versions for Windows, Macintosh, Linux and Solaris, and Adobe Flash Player and earlier versions for Android. This universal cross-site scripting vulnerability (CVE-2011-2107) could be used to take actions on a user's behalf on any website or webmail provider, if the user visits a malicious website. There are reports that this vulnerability is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious link delivered in an email message.

2011-06-06 - Oracle to Fix Several Security Flaws -- Protect Yourself by Updating
Oracle will be releasing patches to Java this week. This article describes how Java is used by criminals to steal from you and the best way to keep your Java updated.

2011-06-05 - Thousands Attend Birthday Party Due to Improper Facebook Security Settings
A Teenage girl from Germany accidentally posted a birthday party invitation with the security settings of "Everybody". More than 1,500 guests showed up and around 100 police officers, some on horses, were needed to keep the crowd under control.

2011-06-02 - New Phone App for Android Makes Stealing Sessions Easy
New application enables anyone with an Android phone to Access your facebook while on the same wifi network.

2011-06-02 - Fake Linked In Invitations Lead to Malware
This article describes a new spear phishing attack disguised as LinkedIn invitations.

2011-05-28 - Facebook Vacation Burglary
This story shows the result of sharing your travel plans on line.

2011-05-25 - IPOD, IPHONE, IPAD Decryption Tools on Market
This story tells of a Russion security firm selling IOS (Apple IPAD, IPOD, IPHONE operating system) decryption tools on the open market.

2011-05-24 - Symantec / Verisign Personal Identity Portal Beta
Symantec recently acquired Verisign’s VIP authentication service. This review shows how they've changed the service and details many of it's offerings.

2011-05-17 - Facebook Dislike Button Scam
This story details another facebooks scam designed to rip you off.

2011-05-13 - Is it Time To Replace Your Battered Email Box?
Recent breaches at Epsilon, Wordpress, and Sony may have jeopardized your email security. This article explains how to replace or strengthen your battered mailbox.

2011-05-12 - Too Much Java Can Be Bad
This story shows how to eliminate old versions of Java.

2011-05-09 - Google Images Malware
This story explains about Google images being used to spread malware and how to protect yourself.

2011-05-05 - LastPass Discloses Network Anomaly Advices Users to Change Passwords
This story details a Lastpass network anomaly that may have exposed user data.

2011-05-02 - Managing your browsers Form Data
This story explains how to modify your browsers autofill settings to prevent caching credit card numbers or other sensitive information you may not like to cache.

2011-05-01 - Skype Virus Removal Hoax
This story tells of another virus removal scam using skype to rob you.

2011-04-27 - Play Station Owners: Time to Change Your Passwords
This story tells of the Sony Playstation breach which exposed over 77 million user records.

2011-04-26 - Malware Changing your Router
This article describes how malware on your local pc can also attack your router changing the settings so it continues to harm you after even cleaning the pc.

2011-04-25 - Mobile Devices are Increasing Malware Targets
This article describes how your smartphone is becoming a bigger malware target every day.

2011-04-23 - A Big Risk with Online Email
This article describes how important it is to keep your email secure by using strong passwords.

2011-04-23 - A new secure password idea
This article describes a new password system using captchas.

McAfee SECURE sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams




Home | Live CD Listing | Password Worksheet | Third Party Ratings | Purchase | Errata | Contact | News | News Archive | Legal

Copyright © 2011, Sustainable Alternatives, LLC | Ligonier, PA 15658 | 724-238-9560 | All Rights Reserved.

 Sustainable Alternatives, LLC BBB Business Review