Passwords Archives

Passwords

Consumers Embrace IoT And Wearables, Worry About Security Consequences

September 16, 2014 Paul Roberts

A new survey of consumer attitudes and expectations about technology finds that a strong majority of Americans expect wearable technology and biometric security to be common within the next decade. The survey, sponsored by the security company McAfee, asked 1,500 U.S. consumers about lifestyle and technology trends in the home and workplace. The results suggest that consumers are already adjusting their expectations about the future to include pervasive connectivity, a wealth of intelligent devices – and some of the problems that come with both. More than 60% of those surveyed by McAfee said they anticipate having connected appliances like refrigerators that will “automatically add food to a running grocery list if the product is running low.” A strong majority of those polled – 84% – said they were convinced their home security systems will be connected to their mobile device. “As technology, especially the Internet of Things, continues to rapidly advance and […]

How Big Data holds the Key To Securing the Internet of Things

September 15, 2014 Paul Roberts

I’m seeing a lot of pre-conference promotion of content from the big Internet of Things Expo out in Santa Clara in early November. One interesting presentation that is worth checking out (the slides are already online) is James Kobielus’s talk on how IT professionals should address the security challenges of IoT. Kobielus is IBM’s program director for Big Data analytics product marketing. In his presentation, he tackles the question of whether the Internet of Things is (to use his words) “too big, diverse, pervasive, and dynamic to secure comprehensively?” [Read our coverage of Internet of Things security here. ] After all, history will show that we’ve done – at best – a so-so job of securing the Internet of machines. How will adding a few zeros to the number of connected endpoints make things better? IoT will undermine even the tenuous walls we’ve built around our existing IT infrastructure: moving us to a […]

Compromised Website Used In Attack On SoHo Routers

September 11, 2014 Paul Roberts

The folks over at the web security shop Sucuri have an interesting post today that warns of a web-based attack launched from the site of a popular Brazilian newspaper that is targeting home broadband routers. According to Sucuri, researchers investigating a breach at the web site politica . estadao . com . br uncovered evidence that the hackers were using iframe attacks to try to change the DNS configuration on the victim’s DSL router, first by trying a brute force attack on the router’s default credentials. According to Sucuri, the payload was trying to crack default accounts like admin, root, gvt and other common usernames and a variety of known-default router passwords. Small office and home office (or SoHo) broadband routers are an increasingly common target for cyber criminals because many (most?) are loosely managed and often deployed with default administrator credentials. [Read Security Ledger coverage of home router hacks here.] In March, the firm Team Cymru published a report describing a widespread compromise of […]

Report: Apple IDs Targeted by Kelihos Botnet

September 6, 2014 Paul Roberts

There’s an interesting post over on Symantec’s blog about a shift noted in the behavior of the Kelihos botnet in recent days. According to Symantec, Kelihos operators have turned their attention to Apple customers, launching a phishing email campaign aimed at Apple iCloud users and Apple ID’s and passwords. According to the post, Symantec has observed Kelihos (also known as Waledac) being used to send spam emails purporting to be from Apple, informing the victim that a purchase has been made using their account on the iTunes Store. Samples of the emails discovered by Symantec bear the subject line “Pending Authorisation Notification.” The body of the phishing email says that the victim’s account has been used to purchase the film “Lane Splitter” on a computer or device that hadn’t previously been linked to their Apple ID. The email gives an IP address that was used to make the alleged purchase and […]

Report: Home Depot A Common Thread Linking Trove Of Stolen Credit Cards

September 3, 2014 Paul Roberts

Home Depot said it is investigating “some unusual activity” on its networks and working with “banking partners and law enforcement,” after security blogger Brian Krebs named the company as a common thread connecting a trove of stolen credit card accounts that have appeared in underground forums. Krebs reported on Tuesday that “multiple banks” see evidence that Home Depot stores are the source of a “massive new batch” of stolen credit and debit cards that went on sale this morning in underground “carding” forums. The breach is believed to have affected Home Depot stores throughout North America – around 2,500 stores in total. The company has held off from confirming a breach, so far. And as of early Wednesday, Home Depot’s home page made no mention of the incident. In a statement to Reuters, spokesperson Paula Drake said that the company is holding off pending an internal investigation, and is working with law enforcement. […]